Menu
What's new
By:
Filters Better Search

Close port 445

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

criminala

Regular Contributor
With the current exploit (CVSS 9.8 pre-auth RCE bug) in full swing , I would like to block port 445 towards the internet as many recommend .

I would like to doublecheck if I am doing the right thing here :

Firewall - Network services filter
Enable filter , deny list

And then in which field(s) do I exactly enter port 445 ? The first port range or the second , or both ?


Source IPPort RangeDestination IPPort RangeProtocolAdd / Delete



Protocol is TCP .

So what I have now is 2 rules , 1 with 445 in first port range column and 1 with 445 in the second port range column .
In source and destination IP , nothing needs to be filled in as far as I know , right ?
 
What's the CVE number? "CVSS 9.8" is just a score.

Can you post a link to the recommendations you're referring to?
 
ColinTaylor said:
What's the CVE number? "CVSS 9.8" is just a score.

Can you post a link to the recommendations you're referring to?
Click to expand...


thestack.technology

Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack

A critical vulnerability in Microsoft Outlook/365 applications suite, CVE-2023-23397, takes an unopened email to exploit.
thestack.technology thestack.technology


www.theregister.com

Microsoft and Fortinet fix bugs under active exploit

The outlook is grim for Outlook - and SAP, Adobe. Android, and Chrome - so get ready for a long update party
www.theregister.com www.theregister.com
 
Thanks @AndreiV

So to answer the OP's question:
Untitled.png

This of course doesn't block the port if you're using a VPN client, on the router or on your PC.
 
DJones said:
It filters LAN-WAN meaning it would block SMB over the internet. LAN to LAN should be fine. (correct me if mistaken)
Click to expand...
I think the image shows 445 in the "destination" port field, not the "source" port field.

Screenshot 2023-03-15 121923.png


If I'm not mistaken, this would mean...

ANY "source" LAN or WAN IP with ANY port is allowed.
ANY "destination" LAN or WAN IP with port 445 ONLY will be DENIED.
 
PunchCardBoss said:
I think the image shows 445 in the "destination" port field, not the "source" port field.

View attachment 48548

If I'm not mistaken, this would mean...

ANY "source" LAN or WAN IP with ANY port is allowed.
ANY "destination" LAN or WAN IP with port 445 ONLY will be DENIED.
Click to expand...
Put it under port range.

If you specify just the port range it will limit all devices on LAN from accessing 445 over WAN. 445 isn’t a open port normally unless you port forward meaning the firewall should block incoming on 445 always except when a device on LAN makes a outbound connection on 445 from inside your LAN.

If you want specific devices blocked then add a source ip and destination.
 
Last edited:
DJones said:
Put it under port range.
Click to expand...
There is a "source" AND "destination" port range. Again, please correct me if I am wrong, but I had always understood that the "source" IP and port range refers to communication packets coming INTO the router and "destination" IP and port range refers to communication packets going OUT of the router.

If my understanding is correct, the 445 port in the "destination" port range will block ALL router outbound communication packets with a 445 port number regardless of LAN or WAN.

Then, if the purpose of the filter is to BLOCK any inbound packets on port 445, then the filter should look like this...

Screenshot 2023-03-15 124341.png


But, this will also block LAN to LAN packets on port 445.

Please correct me if my understanding is wrong.
 
Last edited:
PunchCardBoss said:
There is a "source" AND "destination" port range. Again, please correct me if I am wrong, but I had always understood that the "source" IP and port range refers to communication packets coming INTO the router and "destination" IP and port range refers to communication packets going OUT of the router.

If my understanding is correct, the 445 port in the "destination" port range will block ALL router outbound communication packets with a 445 port number regardless of LAN or WAN.
Click to expand...

Source can be internal LAN ip’s as well. Because lan ip’s operate on a private range of addresses. Wan ip address’s won’t work as source (as far as I know) under network filter.
 
PunchCardBoss said:
When I look at this example: https://www.asus.com/support/FAQ/1013636/, it looks like the "source" was a WAN IP.

Still learning - thanks to all.
Click to expand...

As far as ipv4 goes these 3 classes are private ip ranges not routed to the wider internet. Ip addresses outside of this range would be routable to the internet.

D40D5880-5751-4DC5-8D86-282E91B310FB.jpeg


“For example, if you do not want the device to use the Internet service, key in 80 in the destination port. The traffic that uses port 80 will be blocked.

Leave the source IP field blank to apply this rule to all LAN devices.”

Source is meant for LAN device in this aspect. If we were talking about a firewall for wider WAN then yes it could be that source would deal with WAN ip addresses as well.
 
Last edited:
@bennor , @DJones and @ColinTaylor

Tks for your explanations and patience. I need to review your posts a few more times to wrap my head around your info.
 
bennor said:
The source (8.8.8.4) in that example is an actual IP address on the internet for Google apparently. It is not the router's WAN IP.
Click to expand...
68D27956-7FE9-46A8-9AEB-06C6292BBEB8.jpeg

6B22D1CA-7368-43C7-8D08-D1157618F58D.jpeg


Thought I was missing something in this discussion. (Yay ad blocker removing pictures)

I see your confusion.
 
You must log in or register to reply here.

Similar threads

L
NSF table won't save
Replies
4
Views
594
loboy23
L
C
IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt
Replies
4
Views
760
chrisisbd
C
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
146
GShlomi
GShlomi
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
1K
Don->
D
skank
ZenWiFi XT8 Port Forwarding
Replies
0
Views
513
skank
skank
Similar threads
Thread starter Title Forum Replies Date
PaulA Port isolation on RT-AX88U-Pro (router) w/ Merlin w/ Tagged internet ISP Asuswrt-Merlin 1
N Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access. Asuswrt-Merlin 3
D Redirect port 443 to 8443 Asuswrt-Merlin 6
GShlomi Sharing my DualWan with port forwarding and DDNS experience Asuswrt-Merlin 0
C 3004.388.6_2 media bridge mode (RT-AX86U but maybe others also) - port status missing Asuswrt-Merlin 8
P Google TV on lan port drops connection Asuswrt-Merlin 5
GShlomi Two WANs but not dual-WAN, with port-forwarding Asuswrt-Merlin 7
S Finding Port Connections Asuswrt-Merlin 2
John Tetreault How to open ipv6 firewall to a port on the router? Asuswrt-Merlin 4
S Unable to use port forward on the 2.5 Gbps WAN port Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 776 (members: 19, guests: 757)
Top