Open ports/Firewall question

Discussions for BiPAC 8900 series: 8900AX-1600, 8900AX-2400, 8900X
Post Reply
nightcustard
Posts: 37
Joined: Sat Nov 03, 2012 2:50 pm

Open ports/Firewall question

Post by nightcustard » Tue Jan 05, 2021 10:39 pm

Hi - I ran a port scan today using 'Shields Up!' which reported ports 22, 139 & 445 open. I then ran Nmap targeting my external IP address which reported those ports plus 23 & 443 open. This was a bit of a surprise as previous tests (some time ago, I'll admit) have all reported none open. I'm using VDSL so my WAN interface is ptm0.1 - the summary page says the firewall is enabled but the config page which comes up when I hit 'edit' hasn't got a tick box for the firewall. This suggests the firewall is always on for ptm0.1 and can't be disabled (probably a good thing!) - can you please confirm this is the case? Obviously I'd like to close the open ports but at this stage am a bit baffled as I thought my system was fairly well locked down and I shouldn't need to specify IP incoming filtering rules. I'm presumably being a bit thick and have missed something! Any suggestions welcome.

I'm running firmware 2.52.d46 on an 8900AX2400

Cheers, Mike

billion_fan
Posts: 5159
Joined: Tue Jul 19, 2011 4:30 pm

Re: Open ports/Firewall question

Post by billion_fan » Wed Jan 06, 2021 9:16 am

nightcustard wrote:
Tue Jan 05, 2021 10:39 pm
Hi - I ran a port scan today using 'Shields Up!' which reported ports 22, 139 & 445 open. I then ran Nmap targeting my external IP address which reported those ports plus 23 & 443 open. This was a bit of a surprise as previous tests (some time ago, I'll admit) have all reported none open. I'm using VDSL so my WAN interface is ptm0.1 - the summary page says the firewall is enabled but the config page which comes up when I hit 'edit' hasn't got a tick box for the firewall. This suggests the firewall is always on for ptm0.1 and can't be disabled (probably a good thing!) - can you please confirm this is the case? Obviously I'd like to close the open ports but at this stage am a bit baffled as I thought my system was fairly well locked down and I shouldn't need to specify IP incoming filtering rules. I'm presumably being a bit thick and have missed something! Any suggestions welcome.

I'm running firmware 2.52.d46 on an 8900AX2400

Cheers, Mike
If the ports are open it looks like the firewall is not enabled.

I would remove the current WAN PTM (VDSL) interface and add a new one, making sure when adding the new one, the firewall option is there and enabled. (as the firewall tick box option should be there for WAN the interface)

nightcustard
Posts: 37
Joined: Sat Nov 03, 2012 2:50 pm

Re: Open ports/Firewall question

Post by nightcustard » Wed Jan 06, 2021 4:40 pm

Thanks Billion Fan - that did the trick!

Before I removed the PTM interface, I used Shields Up from within my network and ipvoid.com's TCP port scanner on a mobile phone using its data connection - both reported open ports 22, 139 and 445. I also tried a router reboot which didn't make any difference to the port scan results.
Interestingly, when I had the PTM interface page displayed on my PC today (as opposed to my Chromebook yesterday), the whole page displayed, including a ticked 'Firewall' box, so evidently the firewall was selected to be on and I had missed seeing it yesterday(!). Basically then, the router claimed the firewall was enabled both on the ptm0.1 setting page and on the WAN Service summary page.

After removing the interface, I did a quick check on my phone port scanner just in case my IP provider was intercepting these ports and causing the open status - the scanner reported all ports closed as expected.

With the PTM interface reconfigured, both Shields Up and the phone's port scanner now report all these ports as 'Stealth'/closed.
So, a successful resolution and thanks again for your help. Slightly concerning though that I have no idea how and for how long these ports have been exposed - may be I'll have to put an automatic port check in place - any ideas anyone?

Cheers, Mike

billion_fan
Posts: 5159
Joined: Tue Jul 19, 2011 4:30 pm

Re: Open ports/Firewall question

Post by billion_fan » Wed Jan 06, 2021 4:53 pm

nightcustard wrote:
Wed Jan 06, 2021 4:40 pm
Thanks Billion Fan - that did the trick!

Before I removed the PTM interface, I used Shields Up from within my network and ipvoid.com's TCP port scanner on a mobile phone using its data connection - both reported open ports 22, 139 and 445. I also tried a router reboot which didn't make any difference to the port scan results.
Interestingly, when I had the PTM interface page displayed on my PC today (as opposed to my Chromebook yesterday), the whole page displayed, including a ticked 'Firewall' box, so evidently the firewall was selected to be on and I had missed seeing it yesterday(!). Basically then, the router claimed the firewall was enabled both on the ptm0.1 setting page and on the WAN Service summary page.

After removing the interface, I did a quick check on my phone port scanner just in case my IP provider was intercepting these ports and causing the open status - the scanner reported all ports closed as expected.

With the PTM interface reconfigured, both Shields Up and the phone's port scanner now report all these ports as 'Stealth'/closed.
So, a successful resolution and thanks again for your help. Slightly concerning though that I have no idea how and for how long these ports have been exposed - may be I'll have to put an automatic port check in place - any ideas anyone?

Cheers, Mike
Strange you might want to keep a eye on the virtual server page to see if any device is opening these ports via UPNP.

nightcustard
Posts: 37
Joined: Sat Nov 03, 2012 2:50 pm

Re: Open ports/Firewall question

Post by nightcustard » Wed Jan 06, 2021 7:38 pm

UPnP is disabled, which is one of the reasons I was puzzled about what was going on. The only unusual thing I can suggest as a 'cause' was that I restored a settings file made with firmware 2.52.d41 after installing firmware 2.52.d46. I don't remember doing a port check afterwards but I'd certainly done one with the d41 firmware in place.
I don't suppose any of the 8900's built-in CLI commands would list opened ports? I know Nmap isn't amongst them...
Thanks again, Mike

billion_fan
Posts: 5159
Joined: Tue Jul 19, 2011 4:30 pm

Re: Open ports/Firewall question

Post by billion_fan » Thu Jan 07, 2021 9:26 am

nightcustard wrote:
Wed Jan 06, 2021 7:38 pm
UPnP is disabled, which is one of the reasons I was puzzled about what was going on. The only unusual thing I can suggest as a 'cause' was that I restored a settings file made with firmware 2.52.d41 after installing firmware 2.52.d46. I don't remember doing a port check afterwards but I'd certainly done one with the d41 firmware in place.
I don't suppose any of the 8900's built-in CLI commands would list opened ports? I know Nmap isn't amongst them...
Thanks again, Mike
I'll check with our engineers

billion_fan
Posts: 5159
Joined: Tue Jul 19, 2011 4:30 pm

Re: Open ports/Firewall question

Post by billion_fan » Thu Jan 07, 2021 10:16 am

billion_fan wrote:
Thu Jan 07, 2021 9:26 am
nightcustard wrote:
Wed Jan 06, 2021 7:38 pm
UPnP is disabled, which is one of the reasons I was puzzled about what was going on. The only unusual thing I can suggest as a 'cause' was that I restored a settings file made with firmware 2.52.d41 after installing firmware 2.52.d46. I don't remember doing a port check afterwards but I'd certainly done one with the d41 firmware in place.
I don't suppose any of the 8900's built-in CLI commands would list opened ports? I know Nmap isn't amongst them...
Thanks again, Mike
I'll check with our engineers
Our engineers stated try using 'netstat -an' command

nightcustard
Posts: 37
Joined: Sat Nov 03, 2012 2:50 pm

Re: Open ports/Firewall question

Post by nightcustard » Fri Jan 08, 2021 4:18 pm

OK, thanks BF!

Post Reply