Asuswrt-Merlin 3.0.0.4.374.33 Beta 5 Portscanning port 135,139,445

[Correlor]

Hello all,

Using an RT-N66U with Asuswrt-Merlin 3.0.0.4.374.33 Beta 5, I tested my network on open ports by scanning on www.grc.com (Shields Up). I noticed ports 135, 139 and 445 as being closed and not stealthed. I never saw that before. I shutdown some off the attached devices (NAS, Tablets) and restarted the router but these ports did not become stealthed. Some others test I did, also reported 135,139 as closed (not hidden/stealted). I then flashed RT-N66U_3.0.0.4_374.33_beta3b but still the same.
My question is: can some of you check your router (network) on open/closed/stealthed ports. www.grc.com is one of my favorites.

Kind regards,

Cor

 

[Builder71]

That is no good.
I always check that way as well.
Currently all stealth here.

 

[krum]

If you tuned on Download master or AIdisk/sync then yes those ports would be closed.
You will have to clear nvram and re-setup,

Chris

 

[Correlor]

Chris,

I have never used both of them. But I can do a nvram reset.

Cor

 

[RMerlin]

In the past, I have seen this occur if your ISP was the one blocking these ports, to ensure that their own customers aren't accidentally sharing their whole LAN over the Internet. If that's the case with your ISP, then there is nothing you can do.

Not that there's anything to worry about either: blocked or silently dropped, the end result is the same. And no, being stealth isn't more secure than actively dropping.

 

[bmn1]

I love how 90% of responses are 'clear nvram'.

Steve Gibson addressed this in episode 397 of 'Security Now'. Long story short, he changed Shields up. Longer story short, its not a problem. He said that some major things will have to happen before he can come up with a solution, however, the notion of being hidden among the entirety of the internet is really no longer a possibility. At most its a false sense of security because just about all of the IPv4 addresses are used up. It used to be difficult to find someone on the internet, but now you can't even throw the proverbial stone and not hit something on the internet. As long as you follow good security practices, you are fine.

The transcript is here: https://www.grc.com/sn/sn-397.htm

Just hit the old CTRL-F on your keyboard and its the first 'stealth' search. Or you can go over to twit.tv and watch/listen to the netcast.

Nothing to see here. Move along.

 

[Correlor]

If my ISP does block these ports, they must have done recently. I have been monitoring my ports the last year frequently and these port just popped up.
BTW I did a nvram reset but it did not change anything. Tomorrow I wil flash an older version of your firmware to see what happens.

Edit - reading the above posts, I think my question is answered. Thank you all.

Cor

 

[Txdk]

Hello all,

Using an RT-N66U with Asuswrt-Merlin 3.0.0.4.374.33 Beta 5, I tested my network on open ports by scanning on www.grc.com (Shields Up). I noticed ports 135, 139 and 445 as being closed and not stealthed. I never saw that before. I shutdown some off the attached devices (NAS, Tablets) and restarted the router but these ports did not become stealthed. Some others test I did, also reported 135,139 as closed (not hidden/stealted). I then flashed RT-N66U_3.0.0.4_374.33_beta3b but still the same.
My question is: can some of you check your router (network) on open/closed/stealthed ports. www.grc.com is one of my favorites.

Kind regards,

Cor

did the test using 374.33 b5 and there is no closed ports on my scan only the ones that are open.
so it might be your isp blocking those ports, or if you have double nat it might be the first router there is blocking those ports

 

[nmt1900]

All stealth here

Tried Shields Up and 135...139 and 445 were stealth.

 

[RogerSC]

All stealth here, 0 - 1055. I think that my ISP has something to do with it from prior experiments, though *smile*. Not that I'm complaining at the moment.

 

[soundping]

Everything good here. According to Shields Up!!

RT-N66U
avast! Premier

 

[Wisiwyg]

FTP port 21 open?!!

I just ran the GRC Shields Up scan and found that FTP Port 21 appears open!

I'm not running any AI Cloud, Sync or other web enabled access. UPNP is Off. Anyone have a suggestion on how I could close this?

Running 374.33 Released version on an AC66U.

Thanks for any help!

 

[RMerlin]

I just ran the GRC Shields Up scan and found that FTP Port 21 appears open!

I'm not running any AI Cloud, Sync or other web enabled access. UPNP is Off. Anyone have a suggestion on how I could close this?

Running 374.33 Released version on an AC66U.

Thanks for any help!

Make sure you don't have the FTP server enabled under USB Applications -> Servers Center -> FTP Share.

 

[Wisiwyg]

Make sure you don't have the FTP server enabled under USB Applications -> Servers Center -> FTP Share.

That was it!

I never enabled FTP. But I do have a 64 mb flash drive attached for Entware. Is it possible that if the firmware finds attached storage that it enables FTP to it? I did a factory reset when going to 374.33 release. Previously, I've dirty flashed.

Anyway, I disabled, re-ran shields up and all is full stealth.

Thank you!

RT-AC66U
AsusWRT-Merlin 374.33 release

 

[RMerlin]

I just checked in the code, and FTP does default to disabled.

 

[Magnus33]

Ran shields up and all are stealth

 

[Cartel]

What firmware version started crashing the router?
I ran all ports on grc and the router stopped responding.
No internet till the scan completed.

 

[martinr]

What firmware version started crashing the router?
I ran all ports on grc and the router stopped responding.
No internet till the scan completed.

It's a 4-year-old thread.