Solved Bug Open TCP Ports 5152 / 7788 / 18017 [User Error]

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

howarethingsgoing

New Around Here
Hi,

It appears that there's a bug and envrams and cfg_server are listening and bound on 0.0.0.0 instead of just on localhost.localdomain. This makes them publicly accessible outside of your network.

Code:
[email protected]:/tmp/home/root# netstat -lp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:5152            0.0.0.0:*               LISTEN      274/envrams
tcp        0      0 0.0.0.0:7788            0.0.0.0:*               LISTEN      1337/cfg_server

As a temporary fix, I've added a port forward to an unopened port on a system. Is there a better fix currently available?

I'm on version 386.1_2 on a RT-AX58U.
 

howarethingsgoing

New Around Here
I've updated to 386.2_4, and now have a 3rd open port:

Code:
tcp        0      0 0.0.0.0:5152            0.0.0.0:*               LISTEN      274/envrams
tcp        0      0 0.0.0.0:18017           0.0.0.0:*               LISTEN      1025/wanduck
tcp        0      0 0.0.0.0:7788            0.0.0.0:*               LISTEN      1861/cfg_server
 

dave14305

Part of the Furniture
The firewall won't allow the internet to reach those ports. By adding a forward rule, you've probably made it worse.
 

howarethingsgoing

New Around Here
I'd feel more comfortable if they weren't listening globally at all.

Also, how do you know the firewall won't allow traffic there? I'm not seeing any code or iptable rules about those 3 ports. And connecting with netcat to my public IP does work.
 

eibgrad

Very Senior Member
Listening on a port, and having a port open to the WAN, are NOT the same thing. Many processes commonly listen on *all* ports, but are typically blocked from the WAN by the firewall unless you explicitly open them.
 

dave14305

Part of the Furniture

howarethingsgoing

New Around Here
From the internet hitting my WAN IP address.

I've blocked the traffic with iptables, like so:

Code:
iptables -I INPUT -p tcp -i br0 --destination-port 5152 -j REJECT
iptables -I INPUT -p tcp -i br0 --destination-port 7788 -j REJECT
iptables -I INPUT -p tcp -i br0 --destination-port 18017 -j REJECT

Previously this worked:

Code:
nc home.xyz 5152

Now it no longer does, and nmap on my home WAN ip shows no open ports as I desired.

Edit: iptables isn't being persistent and seems to disappear fairly rapidly, without rebooting.
 
Last edited:

eibgrad

Very Senior Member
I think you may be right, and I see the final DROP rule. I'm unsure why I was able to open a connection to all these ports with netcat against my WAN ip though.

You said from the internet, but did you really mean by referencing your WAN ip from inside the LAN (i.e., NAT loopback)?

NAT loopback never reaches the internet. It simply dereferences the WAN ip back to a local ip. The routing remains completely within the LAN at all times.
 

tomaskcz

New Around Here
Hello all,

just comment - it is a fair point, that listening on '*' is always a bad practice as user can disable firewall by mistake or sm. else can happen and you have unnecessary exposure to the internet. These kind of services have no business listenning on WAN.

BTW I googled this question because I was curious about periodic broadcast traffic in my LAN network from router to port 7788, which I learnt is likely cfg_server for AiMesh.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top