Port 443 showing open?

[Lankness]

I have an Asus RT-AC68U running on Merlin's 376.45 f/w. I have OpenVPN running and if I check Shields Up, I'm showing that 443 is open.

I'm curious why this is showing this way when a friend has the same setup on an AC66 and everything shows stealth? Is there a way for me to mask 443 on the 68? I've had this up for about 2 weeks and see random connection attempts to the OpenVPN system a few times per day...

 

[RMerlin]

You probably have AiCloud enabled. It defaults to port 443.

 

[Lankness]

You probably have AiCloud enabled. It defaults to port 443.

Nope - not unless it is in a setting somewhere other than the AiCloud 2.0 menu item and subsequent tabs. Both the Cloud Disk and Smart Access are turned off. Sync Server states: Sync Server cannot be enabled. Please enable AiCloud 2.0 first. Click here to enable AiCloud 2.0.

 

[RMerlin]

Nope - not unless it is in a setting somewhere other than the AiCloud 2.0 menu item and subsequent tabs. Both the Cloud Disk and Smart Access are turned off. Sync Server states: Sync Server cannot be enabled. Please enable AiCloud 2.0 first. Click here to enable AiCloud 2.0.

This is the only service on the router that uses port 443. If something else is opening the port, then it means you either have something on your LAN opening the port through UPnP (tho by default Asuswrt-Merlin only allows port fowards above 1024 for security reasons), or you have something configured to use port 443 (such as an OpenVPN server)

 

[Lankness]

This is the only service on the router that uses port 443. If something else is opening the port, then it means you either have something on your LAN opening the port through UPnP (tho by default Asuswrt-Merlin only allows port fowards above 1024 for security reasons), or you have something configured to use port 443 (such as an OpenVPN server)

OpenVPN is running on port 443. My apologies, I thought that I mentioned that directly in the first post but after rereading I can see that I just alluded to that based upon the statement that I am seeing connection attempts coming from someone that is not me.

The setup is exactly the same as my buddies 66U. It is strange that his shows port 443 as stealth though when he has OpenVPN running through your Merlin firmware as well. I'm just trying to figure out if it is a bug/feature on his or mine... I would *expect* to see 443 show as open since the VPN server is there - unless you are doing some sort of packet inspection prior to a drop looking explicitly for OpenVPN traffic, then there wouldn't be any way for it to respond to a valid connection request. It doesn't make any sense that his 66 is stealth though.

 

[RMerlin]

OpenVPN is running on port 443. My apologies, I thought that I mentioned that directly in the first post but after rereading I can see that I just alluded to that based upon the statement that I am seeing connection attempts coming from someone that is not me.

The setup is exactly the same as my buddies 66U. It is strange that his shows port 443 as stealth though when he has OpenVPN running through your Merlin firmware as well. I'm just trying to figure out if it is a bug/feature on his or mine... I would *expect* to see 443 show as open since the VPN server is there - unless you are doing some sort of packet inspection prior to a drop looking explicitly for OpenVPN traffic, then there wouldn't be any way for it to respond to a valid connection request. It doesn't make any sense that his 66 is stealth though.

He might have a modem/router in front of it, or his ISP might be blocking inbound port 443.

Or he could be using UDP instead of TCP for his OpenVPN server. Port scanner often only test TCP.

 

[Lankness]

He might have a modem/router in front of it, or his ISP might be blocking inbound port 443.

Or he could be using UDP instead of TCP for his OpenVPN server. Port scanner often only test TCP.

And there you go - I knew there had to be a difference showing up... He rechecked his side and validated that he is utilizing UDP rather than TCP.

Thanks for the extra brain cycles!

 

[Shah Saad]

You probably have AiCloud enabled. It defaults to port 443.

So it means there is a security risk in using AiCloud and having the port 443 opened? Right now the only port opened on my AC86U is this 443 because of AiCloud.

 

[skeal]

So it means there is a security risk in using AiCloud and having the port 443 opened? Right now the only port opened on my AC86U is this 443 because of AiCloud.

You could try changing the port to something not often scanned by port scanners.

 

[Shah Saad]

You could try changing the port to something not often scanned by port scanners.

Can you please tell me how can I change it?

 

[skeal]

Can you please tell me how can I change it?

Sure. Go to AI-Cloud tab>Settings looks like this and choose a port that doesn't get scanned often. Anything basically above I think 1049.

 

[Shah Saad]

Sure. Go to AI-Cloud tab>Settings looks like this and choose a port that doesn't get scanned often. Anything basically above I think 1049.

Thank you! Just scanned after changing it through the settings and it's in stealth mode now

 

[L&LD]

Shah Saad, to ensure maximum compatibility going forward, the range 49152–65535 should be used for 'our' custom ports.

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers