What's new

Asus RT-AX88U Closed Ports vs. Stealth

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Woofer Wrecker

Occasional Visitor
Greetings once again.

I have been going to GRC's Shields Up site for many years, but had not been there in some time, until recently. I run the full scan, and nowadays, ports 89 and 90 are listed as closed, instead of Stealth, which is not how I want the router to behave.

Port 89 is named su-mit-tg and 90 is named dnsix. A telnet gateway and securit map.

I do not knowingly use either service, and would like the router to not respond at all to probes of these ports, like it does for all other service ports.

I have the router configured to act as a VPN, and route all but a few devices through the VPN tunnel.

Is there a way to stealth those 2 ports so they behave like all others?

Router is running Merlin 386.7.

TIA for any suggestions!
 

Attachments

  • 2 Ports Closed.PNG
    2 Ports Closed.PNG
    165.6 KB · Views: 97
The router doesn't use or open those ports so it's likely that they are being blocked by your ISP's infrastructure equipment. So there's nothing you can do about that. Unless of course you have deliberately opened those ports.
 
Last edited:
The router doesn't use or open those ports so it's likely that they are being blocked by your ISP's infrastructure equipment. So there's nothing you can do about that. Unless of course you have deliberately opened those ports.
Thank you for the reply.

I have not knowingly opened or changed ANY port settings in the router. I have all port forwarding/dmz, etc disabled. No need for any of it.

Forgive me if this is an elementary question, but how could my ISP be blocking the ports if I am using VPN? Isn't my traffic supposed to be invisible to the ISP?
 
Using a VPN has nothing to do with it.

Traffic from the internet (e.g. GRC) to your router (and the ISP's other customer's routers) passes through your ISP's network infrastructure devices. It is likely that this is where those ports are being blocked. For example, it is very common for ISP's to block port 139 or 25.
 
After looking into your comment, I checked with spectrum (my ISP) on what ports they block. Neither of the 2 ports I mentioned are on that list of blocked ports.

Now I am determined to get to the bottom of this! LOL

Again, thank you for the input!
 

Attachments

  • Spectrum Blocked Ports.PNG
    Spectrum Blocked Ports.PNG
    63 KB · Views: 87
Well if you want to make absolutely sure this has nothing to do with your router SSH into it and run the following commands:
Code:
netstat -nlp | egrep ":89 |:90 "
iptables-save -t nat | egrep "89|90"
If all is well it should return no results.

P.S. I suppose it's conceivable that a larger range of ports is being forwarded to somewhere on your LAN but only those two ports are being used by the target. Highly unlikely, especially as you said you're routing all your output through a VPN. But to be thorough you would have to visually inspect the entire nat table for things that are out of place:
Code:
iptables-save -t nat
 
Last edited:
Thank you so much for your time and help. I am completely new to SSH to the router, and am having some difficulty in logging in via SSH. I am using Kitty, but am still having trouble. I'm going to keep at it though.
 
Thank you so much for your time and help. I am completely new to SSH to the router, and am having some difficulty in logging in via SSH. I am using Kitty, but am still having trouble. I'm going to keep at it though.
Check that "Enable SSH" is set to "LAN only" under Administration - System.
 
It is. Have tried password and no password. Funny thing is, the prompt asks for a password, but when I hit the keys to enter the password, no text appears in the field. Can't paste it in, either.

As I said, I am a total noob at SSH and such. Never knew about it. In fact, I know nothing about any of it! LOL But I am looking into it.
 
Wow, it worked this time! I tried the exact same thing before...

Okay, so next likely idiotic question: the code you posted above :
netstat -nlp | egrep ":89 |:90 "
iptables-save -t nat | egrep "89|90"

Can I just copy it verbatim into the console? Are the I in the lines supposed to be included or do the denote a space?
 
Copy them verbatim, including the vertical bars (|) and spaces.

Code:
login as: admin
admin@192.168.1.1's password:


ASUSWRT-Merlin RT-AX86U 386.5_2 Fri Mar 25 14:23:26 UTC 2022
admin@RT-AX86U:/tmp/home/root# netstat -nlp | egrep ":89 |:90 "
admin@RT-AX86U:/tmp/home/root# iptables-save -t nat | egrep "89|90"
admin@RT-AX86U:/tmp/home/root#
 
Okay, your instructions are working perfectly. Thank you so much.

The console out put this line when ran the second line of code you provided: :OUTPUT ACCEPT [275:21890]

Please forgive my ignorance. Are these ports or something else? I do not know what to make of it.
 
Okay, your instructions are working perfectly. Thank you so much.

The console out put this line when ran the second line of code you provided: :OUTPUT ACCEPT [275:21890]

Please forgive my ignorance. Are these ports or something else? I do not know what to make of it.
Ok that's fine. It didn't find anything. You just got a spurious string match on the characters "90" within "21890". That can be ignored.
 
I looked through the other output it produced, and did not see either port listed in any of it. So I assume this means it is not a configuration issue in my router?
 
okay, awesome. Thanks again for your time and expertise.

Might you have any other suggestions on why these ports are behaving this way?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top