Menu
What's new
By:
Filters Better Search

Server ports open (not wanted) AC-68u Merlin 380.68_4

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Butterfly Bones

Butterfly Bones

Very Senior Member
Asus AC-68U with Merlin 380.68_4. I've run Whats My IP port scanner and Shields UP port scan. I'm getting that these ports are open - 53 DNS - 80 HTTP - 443 HTTPS - 1723 VPN [PPTP]

I've gone through all settings and all tabs on WAN, LAN, Tools, Administration, VPN, Firewall and nothing is open, particularly Enable Web access from WAN. I do use a VPN client set to Policy Rules Strict and DNS Exclusive. I have Skynet. Entware, and AB-Solution on a USB drive. Samba is off in USB Application - Network Place (Samba) Share / Cloud Disk as are all tabs in USB application tabs.

I last ran these tests over a 6-8 weeks ago and nothing was open. The only changes recently are adding three Google Home devices and lights. Would those devices open the ports?

I've searched SNB and the web and find nothing that seems appropriate. I know one cannot shutdown everything, but I've seen and increase in bot scans from around 100 to 5-600 / hour in the last two days. Is paranoid justified or silly?
 
Butterfly Bones said:
Asus AC-68U with Merlin 380.68_4. I've run Whats My IP port scanner and Shields UP port scan. I'm getting that these ports are open - 53 DNS - 80 HTTP - 443 HTTPS - 1723 VPN [PPTP]

I've gone through all settings and all tabs on WAN, LAN, Tools, Administration, VPN, Firewall and nothing is open, particularly Enable Web access from WAN. I do use a VPN client set to Policy Rules Strict and DNS Exclusive. I have Skynet. Entware, and AB-Solution on a USB drive. Samba is off in USB Application - Network Place (Samba) Share / Cloud Disk as are all tabs in USB application tabs.

I last ran these tests over a 6-8 weeks ago and nothing was open. The only changes recently are adding three Google Home devices and lights. Would those devices open the ports?

I've searched SNB and the web and find nothing that seems appropriate. I know one cannot shutdown everything, but I've seen and increase in bot scans from around 100 to 5-600 / hour in the last two days. Is paranoid justified or silly?
Click to expand...
Port 53 is probably the DNS server on your router and should not be exposed. Ports 80 and 443 should not be exposed/open, unless you have a webserver at home serving via http or https and in these cases, it is necessary to define a port forwarding/virtual server rule.
What's the output of netstat -ntlp executed in your router via ssh ?
You may wanna try disable UPNP in your router.
 
john9527 said:
Turn off your VPN client and re-run the test. When you run with the VPN client active, you are testing the VPN server you are connected to, not the router.
Click to expand...
If he is running the test from outside his network, how would the VPN client being active/inactive affect the test result ?

Edit: No need to answer... I got it ! I was thinking in a VPN server...
 
popxunga said:
Port 53 is probably the DNS server on your router and should not be exposed. Ports 80 and 443 should not be exposed/open, unless you have a webserver at home serving via http or https and in these cases, it is necessary to define a port forwarding/virtual server rule.
What's the output of netstat -ntlp executed in your router via ssh ?
You may wanna try disable UPNP in your router.
Click to expand...
Thank you for the reply. Yes I understand the ports and know they should not be open, I have no web server. UPnP is disable. -p is invalid argument for netstat on my router.

Code: 
netstat: invalid option -- p
BusyBox v1.25.1 (2017-10-04 15:01:12 EDT) multi-call binary.

Usage: netstat [-ral] [-tuwx] [-enW]

# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:5473            0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:18017           0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:3394            0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.1:515         0.0.0.0:*               LISTEN    
tcp        0      0 127.0.0.1:139           0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.1:139         0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.1:9100        0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:9998            0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.2:80          0.0.0.0:*               LISTEN    
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.1:80          0.0.0.0:*               LISTEN    
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.1:53          0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.1:22          0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.2:443         0.0.0.0:*               LISTEN    
tcp        0      0 127.0.0.1:8443          0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.1:8443        0.0.0.0:*               LISTEN    
tcp        0      0 127.0.0.1:445           0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.1:445         0.0.0.0:*               LISTEN    
tcp        0      0 192.168.1.1:3838        0.0.0.0:*               LISTEN
 
john9527 said:
Turn off your VPN client and re-run the test. When you run with the VPN client active, you are testing the VPN server you are connected to, not the router.
Click to expand...
That is exactly what happened! Thank you for explaining and decreasing my paranoia. With the VPN off all ports time out. Big lesson today, one of many on SNB.

I have two VPN providers and when one gets flaky I switch to the other until it gets flaky. I guess I have never run the port scan test (inside the LAN always) with this VPN.
 
You must log in or register to reply here.

Similar threads

elrengo
Open Ports
Replies
3
Views
2K
elrengo
elrengo
4
SMB not working unless it's been several hours after reboot AC68U 384.14
2
Replies
31
Views
6K
Jack Yaz
Jack Yaz
N
How to access ATT modem through VPN to RT-N66 running Merlin 380.68_4
Replies
2
Views
1K
New2Networking
N
ColonelStrike
Issues with my AC-87u and Merlin firmware ...
Replies
18
Views
3K
ColonelStrike
ColonelStrike
B
Download Master makes me login after installing.
Replies
0
Views
2K
BIGLEAGUE-007
B
Similar threads
Thread starter Title Forum Replies Date
JA93 Easiest setup for remote log server Asuswrt-Merlin 0
Don Draper DDNS Status: Server Error/Inactive Asuswrt-Merlin 11
url004 NXDOMAIN on server but the router can resolve queries Asuswrt-Merlin 1
V DNS server vs DNS-over TLS server list Asuswrt-Merlin 3
L When I access the System Log --> IPv6 tab the web server crashes Asuswrt-Merlin 0
A Solved Inadyn Fails to verify server certs after update to 388.6 Asuswrt-Merlin 3
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
C How can I do this.. Router VPN Client to Server 2 Asuswrt-Merlin 3
G VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN Asuswrt-Merlin 4
A Cheapest device to run VPN server Asuswrt-Merlin 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 649 (members: 16, guests: 633)
Top