SR516ac
1 Attachment(s)
Hi Folks,
I have a Smart SR516ac modem-router software version: 2.6.2.7. When I nmap my public IP there are some ports open beside the ones I manually open. Code:
PORT STATE SERVICE There are some settings in Management/Access Control/Services that are disabled for the WAN (which is OK) and enable and greyed out for the LAN (also OK). I can not find any other settings. Nevertheless the ports are still open and I have no control over. I am thinking maybe some of you has this model and can share the experience. |
If you are running a scan from inside your LAN then even though your using your public IP address it may not be actually looping back. Try testing from outside your LAN or using grc.com via shields up.
|
Quote:
|
I understand but with no replies thought I would pop in with a suggestion. If I believe the attached screenshot all services on the unit are disabled from the WAN side. So theoretically they should not be detected from the outside. The only information I found related to your model was maybe port forwarding is called port triggering. Are you forwarding anything?
Ports 139 and 445 are used by Windows SMB/CIFS (aka samba). Many ISPs block SMB/CIFS traffic by default now days. Is the router configured for sharing? The outside ssh port is 2222 but since nmap only automatically scans for the first 1000 or so it isn't going to be shown in the list nor is it enabled but 22 is shown. Do you have port forwarding configured for 22? Have you tried logging in to see what happens? Port 53 is DNS and while it typically is open on the LAN side it should not be on the WAN. It isn't something you would necessarily forward either. tftp is UDP based but would assume the nmap command ran only checked TCP. |
Quote:
yes, port triggering or even "virtual servers". yes, I am only forwarding p:22. Quote:
Quote:
Quote:
|
When you login via ssh your connecting to your server and not the router?
I believe your router has a USB port? I am guessing if you do not know if it is configured then nothing is connected. If you try to access the router via a web browser from outside the LAN what happens? |
Quote:
Quote:
Quote:
Quote:
Thanks! |
Quote:
I would expect the page posted in your 1st post to be the setting and not enabled would not be accessible from the outside. It is a bit strange. Just out of curiosity have you tried connecting using ftp or telnet to see what happens. |
Quote:
Yes, I connected to ftp and telnet and got into the router. From there I am not familiar with router commands but I remember I can get modelname, swversion etc. Thanks! |
From outside your LAN?
You should disable telnet and ftp from the LAN. |
Quote:
If you mean telnet/ftp services, they are disabled on ubuntu. |
Quote:
|
Quote:
|
Disable them from the LAN side and as shown in your attached screenshot and see if you can still connect.
|
Quote:
|
All times are GMT -5. The time now is 10:03 PM. |