Asus RT-AX88U Closed Ports vs. Stealth

Woofer Wrecker

Occasional Visitor
Greetings once again.

I have been going to GRC's Shields Up site for many years, but had not been there in some time, until recently. I run the full scan, and nowadays, ports 89 and 90 are listed as closed, instead of Stealth, which is not how I want the router to behave.

Port 89 is named su-mit-tg and 90 is named dnsix. A telnet gateway and securit map.

I do not knowingly use either service, and would like the router to not respond at all to probes of these ports, like it does for all other service ports.

I have the router configured to act as a VPN, and route all but a few devices through the VPN tunnel.

Is there a way to stealth those 2 ports so they behave like all others?

Router is running Merlin 386.7.

TIA for any suggestions!
 

Attachments

  • 2 Ports Closed.PNG
    2 Ports Closed.PNG
    165.6 KB · Views: 42

ColinTaylor

Part of the Furniture
The router doesn't use or open those ports so it's likely that they are being blocked by your ISP's infrastructure equipment. So there's nothing you can do about that. Unless of course you have deliberately opened those ports.
 
Last edited:

Woofer Wrecker

Occasional Visitor
The router doesn't use or open those ports so it's likely that they are being blocked by your ISP's infrastructure equipment. So there's nothing you can do about that. Unless of course you have deliberately opened those ports.
Thank you for the reply.

I have not knowingly opened or changed ANY port settings in the router. I have all port forwarding/dmz, etc disabled. No need for any of it.

Forgive me if this is an elementary question, but how could my ISP be blocking the ports if I am using VPN? Isn't my traffic supposed to be invisible to the ISP?
 

ColinTaylor

Part of the Furniture
Using a VPN has nothing to do with it.

Traffic from the internet (e.g. GRC) to your router (and the ISP's other customer's routers) passes through your ISP's network infrastructure devices. It is likely that this is where those ports are being blocked. For example, it is very common for ISP's to block port 139 or 25.
 

Woofer Wrecker

Occasional Visitor
After looking into your comment, I checked with spectrum (my ISP) on what ports they block. Neither of the 2 ports I mentioned are on that list of blocked ports.

Now I am determined to get to the bottom of this! LOL

Again, thank you for the input!
 

Attachments

  • Spectrum Blocked Ports.PNG
    Spectrum Blocked Ports.PNG
    63 KB · Views: 33

ColinTaylor

Part of the Furniture
Well if you want to make absolutely sure this has nothing to do with your router SSH into it and run the following commands:
Code:
netstat -nlp | egrep ":89 |:90 "
iptables-save -t nat | egrep "89|90"
If all is well it should return no results.

P.S. I suppose it's conceivable that a larger range of ports is being forwarded to somewhere on your LAN but only those two ports are being used by the target. Highly unlikely, especially as you said you're routing all your output through a VPN. But to be thorough you would have to visually inspect the entire nat table for things that are out of place:
Code:
iptables-save -t nat
 
Last edited:

Woofer Wrecker

Occasional Visitor
Thank you so much for your time and help. I am completely new to SSH to the router, and am having some difficulty in logging in via SSH. I am using Kitty, but am still having trouble. I'm going to keep at it though.
 

ColinTaylor

Part of the Furniture
Thank you so much for your time and help. I am completely new to SSH to the router, and am having some difficulty in logging in via SSH. I am using Kitty, but am still having trouble. I'm going to keep at it though.
Check that "Enable SSH" is set to "LAN only" under Administration - System.
 

Woofer Wrecker

Occasional Visitor
It is. Have tried password and no password. Funny thing is, the prompt asks for a password, but when I hit the keys to enter the password, no text appears in the field. Can't paste it in, either.

As I said, I am a total noob at SSH and such. Never knew about it. In fact, I know nothing about any of it! LOL But I am looking into it.
 

Woofer Wrecker

Occasional Visitor
Wow, it worked this time! I tried the exact same thing before...

Okay, so next likely idiotic question: the code you posted above :
netstat -nlp | egrep ":89 |:90 "
iptables-save -t nat | egrep "89|90"

Can I just copy it verbatim into the console? Are the I in the lines supposed to be included or do the denote a space?
 

Woofer Wrecker

Occasional Visitor
Okay, your instructions are working perfectly. Thank you so much.

The console out put this line when ran the second line of code you provided: :OUTPUT ACCEPT [275:21890]

Please forgive my ignorance. Are these ports or something else? I do not know what to make of it.
 

ColinTaylor

Part of the Furniture
Okay, your instructions are working perfectly. Thank you so much.

The console out put this line when ran the second line of code you provided: :OUTPUT ACCEPT [275:21890]

Please forgive my ignorance. Are these ports or something else? I do not know what to make of it.
Ok that's fine. It didn't find anything. You just got a spurious string match on the characters "90" within "21890". That can be ignored.
 

Woofer Wrecker

Occasional Visitor
I looked through the other output it produced, and did not see either port listed in any of it. So I assume this means it is not a configuration issue in my router?
 

Woofer Wrecker

Occasional Visitor
okay, awesome. Thanks again for your time and expertise.

Might you have any other suggestions on why these ports are behaving this way?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top