Results 1 to 4 of 4

Thread: Router showing 2 open ports on grc.com

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Posts
    386

    Router showing 2 open ports on grc.com

    I'm not sure whether I should be worried or not.

    We finally got cable broadband in our area. We have a Network Everywhere (Linksys) router NR041-WM connected to our DSL modem and 2 computers.

    I checked at grc and it shows Ports 23 and 80 as open, which is the concern. I activated Win Firewall and the ports still show open. I've also read that in the case of routers, grc and others might not be right, and the ports are still protected. I'm running the router with default settings since I, obviously, know absolutely nothing about the things, and because the wife would kill me if I screwed things up and she couldn't get online with her computer.

    Should these ports read open or not? If not, anyone have any ideas on how to close or stealth them? Remember, you're talking to a techno-idiot.

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Port 23 is telnet, indeed one to be worried about. Port 80 is for webservers, a port that is a typical default with most routers for config'ing them, but also a known bug in your particular model. Offhand, it sounds like your router is the culprit. That Linksys is not a very good one:

    Yahoo Users' Review

    Did you RTFM (read the eff'ing manual)? You'll need to get into the router's config to get your answers.

    edit -- ugh, that link's not going to work. According to the first reviewer:

    "This router has a bug with its port forwarding. It forwards port 80 to the first host on its switch-tables. No matter what you do it just forward port 80... I called the customer service they admitted that its a known bug and they said they have no plan to fix it (this is with running the latest firmware)."

    It's odd that port 23 is open considering how insecure telnet is. Can you hook up another unit, like a laptop, to your router and portscan the PC?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Many routers still leave telnet open for remote administration, could be the same with port 80, perhaps the router has a web based management console.

    I have also seen a linksys web cam that had the telnet port open on it. I contacted linksys about getting a password to mess around with the camera. They denied it existed for a while and then said to leave it alone. I tried brute forcing it for about 60 days (since it was in fact my camera) to no avail. Lost interest after that, but have not noticed excess amounts of bandwidth trying to hit it.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Here is an idea for you:

    If you're stuck with that router and don't want those ports open to the internet, try to forward them to a nonexistant host on your subnet. Set your DHCP range to exclude the host you're going to forward to.

    Example: DHCP pool = x.x.x.100-x.x.x.120 and then forward ports 23 and 80 on the wan to x.x.x.254

    You should still be able to pull up the admin site from your LAN.

    You can temporary put a host on that .254 address and start sniffing. Get someone at a remote site (or remote port scan) to probe those ports and look for traffic to port 23 and port 80. You could also have a host based firewall on the temporary .254 host and deny traffic to ports 23 and 80. Then check the hosts firewall logs to make sure that the traffic is really being forwared to that host.

    I would say just hook a sniffer to the router, but you won't see the traffic due to a built in switch. You can try to arp spoof and flood the switch CAM tables... but that seems to be more work than necessary to verify that port forwarding is working properly.

    Now that I think about it, this may have a negative impact on the performance of the router. If the router is accepting and forwarding traffic to a nonexistant host, then it is going to take up resources of the router to track the NAT translations. They will eventually time out. Just something to think about.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •