Open ports query on AX88U

[Svalbaard]

Hi all. Running Merlin 3004.388.04 on my Asus AX88 and just did an external port scan using the old Shields up service and am seeing that it is stating that Ports 88 (Kerberos) and 89 (SU/MIT Telnet Gateway???) are open, which is odd as I've not necessarily changed anything recently. Was wondering if anyone had any ideas of culprits? I certainly never had Telnet access enabled when it was a thing, still... I'm a bit stumped.

FYI : I know my way around, but am no expert on the inner workings of the router o/s.

Many thanks.

 

[ColinTaylor]

It's probably a false positive coming from your ISP's equipment. There's nothing that runs on the router that would be listening on those ports.

You can check your port forwarding rules at System Log - Port Forwarding. You can check what ports are being used by the router at Network Tools - Netstat and selecting Display listening server sockets and Don't resolve names.

 

[Viktor Jaep]

Hi all. Running Merlin 3004.388.04 on my Asus AX88 and just did an external port scan using the old Shields up service and am seeing that it is stating that Ports 88 (Kerberos) and 89 (SU/MIT Telnet Gateway???) are open, which is odd as I've not necessarily changed anything recently. Was wondering if anyone had any ideas of culprits? I certainly never had Telnet access enabled when it was a thing, still... I'm a bit stumped.

FYI : I know my way around, but am no expert on the inner workings of the router o/s.

Many thanks.

In addition to what @ColinTaylor said, you can also utilize the portscan feature in the RTRMON app (available through AMTM)... it uses nmap to do a tcp/udp portscan against both your WAN and LAN interfaces and shows you what's still open.

 

[Makaveli]

I just ran this and nada

I had no idea this tool was in AMTM thank you.

But now I need to investigate those two failures Dig Functionality and SSL handshake Test

 

[Viktor Jaep]

I just ran this and nada

View attachment 56270

I had no idea this tool was in AMTM thank you.

View attachment 56271

But now I need to investigate those two failures Dig Functionality and SSL handshake Test

Dig might be failing because you don't have dig installed through Entware... The SSL handshake test tries to make a connection with 8.8.8.8, so if you're blocking that, you might get a failure as well.

 

[Makaveli]

Dig might be failing because you don't have dig installed through Entware... The SSL handshake test tries to make a connection with 8.8.8.8, so if you're blocking that, you might get a failure as well.

Thanks for the follow up.

I don't have dig installed so that would explain that one. However there shouldn't be anything blocking 8.8.8.8 on my side so that one I will have to look into.

 

[Viktor Jaep]

Thanks for the follow up.

I don't have dig installed so that would explain that one. However there shouldn't be anything blocking 8.8.8.8 on my side so that one I will have to look into.

Looks like it's failing on mine too actually... I need to update that nc statement... I will get that out in a new release out shortly. It's not you...

Here's the statement:

nc -w3 8.8.8.8 443 >/dev/null 2>&1 && echo | openssl s_client -connect 8.8.8.8:443 >/dev/null 2>&1 | awk 'handshake && $1 == "Verification" { if ($2=="OK") exit; exit 1 } $1 $2 == "SSLhandshake" { handshake = 1 }'
echo $?

If it returns 0, you're good.