What's new

Solved Bug Open TCP Ports 5152 / 7788 / 18017 [User Error]

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

howarethingsgoing

New Around Here
Hi,

It appears that there's a bug and envrams and cfg_server are listening and bound on 0.0.0.0 instead of just on localhost.localdomain. This makes them publicly accessible outside of your network.

Code:
xyz@RT-AX58U-5FE8:/tmp/home/root# netstat -lp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:5152            0.0.0.0:*               LISTEN      274/envrams
tcp        0      0 0.0.0.0:7788            0.0.0.0:*               LISTEN      1337/cfg_server

As a temporary fix, I've added a port forward to an unopened port on a system. Is there a better fix currently available?

I'm on version 386.1_2 on a RT-AX58U.
 
I've updated to 386.2_4, and now have a 3rd open port:

Code:
tcp        0      0 0.0.0.0:5152            0.0.0.0:*               LISTEN      274/envrams
tcp        0      0 0.0.0.0:18017           0.0.0.0:*               LISTEN      1025/wanduck
tcp        0      0 0.0.0.0:7788            0.0.0.0:*               LISTEN      1861/cfg_server
 
The firewall won't allow the internet to reach those ports. By adding a forward rule, you've probably made it worse.
 
I'd feel more comfortable if they weren't listening globally at all.

Also, how do you know the firewall won't allow traffic there? I'm not seeing any code or iptable rules about those 3 ports. And connecting with netcat to my public IP does work.
 
Listening on a port, and having a port open to the WAN, are NOT the same thing. Many processes commonly listen on *all* ports, but are typically blocked from the WAN by the firewall unless you explicitly open them.
 
From the internet hitting my WAN IP address.

I've blocked the traffic with iptables, like so:

Code:
iptables -I INPUT -p tcp -i br0 --destination-port 5152 -j REJECT
iptables -I INPUT -p tcp -i br0 --destination-port 7788 -j REJECT
iptables -I INPUT -p tcp -i br0 --destination-port 18017 -j REJECT

Previously this worked:

Code:
nc home.xyz 5152

Now it no longer does, and nmap on my home WAN ip shows no open ports as I desired.

Edit: iptables isn't being persistent and seems to disappear fairly rapidly, without rebooting.
 
Last edited:
I think you may be right, and I see the final DROP rule. I'm unsure why I was able to open a connection to all these ports with netcat against my WAN ip though.

You said from the internet, but did you really mean by referencing your WAN ip from inside the LAN (i.e., NAT loopback)?

NAT loopback never reaches the internet. It simply dereferences the WAN ip back to a local ip. The routing remains completely within the LAN at all times.
 
Hello all,

just comment - it is a fair point, that listening on '*' is always a bad practice as user can disable firewall by mistake or sm. else can happen and you have unnecessary exposure to the internet. These kind of services have no business listenning on WAN.

BTW I googled this question because I was curious about periodic broadcast traffic in my LAN network from router to port 7788, which I learnt is likely cfg_server for AiMesh.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top