Security bug : Administration reachable over WAN

[Zuultroet]

: I will attempt more severe resetting, possibly by flashing Shibby's, using its thorough NVRAM wipe, and reflash back your firmware and test. I'll keep you posted!

I finally was able to take the time to try just that, and am sad to tell you that I have done just the above, and that port 80 and the administration pages were immediately available from the wan after :

-NVRAM clear (wps + on)
-flashing Shibby's tomato
-wiping with Shibby's
-flashing back Merlin's
-enabling openvpn server


This included several reboot, and no additional settings were done in openvpn (no port 80, no Tap, nothing) . The same applies when using the latest Asus official firmware. In some situations every ports from the LAN was open on the wan side.

Even though most of the ports can be masked by enabling the router's firewall, think this behavior is a cause for concern.

I found a mention of a similar problem on a RT-N66U, ( http://forums.smallnetbuilder.com/showpost.php?p=36150&postcount=130), but I'm not sure the bug is related.

I think the problem lies somewhere in the routing tables, possibly with buggy rules added, or not removed correctly, and is rather serious and worth investigating.

 

[KGB7]

OP, i think you should just call Geek Squad.

While you were at work, you should have tried remotely logging in to your Asus router, instead doing this at home from your cell phone.

Go back to work, and try logging in from your work PC.

Or go to Coffee shop and use their wifi.

 

[Zuultroet]

OP, i think you should just call Geek Squad.

While you were at work, you should have tried remotely logging in to your Asus router, instead doing this at home from your cell phone.

Go back to work, and try logging in from your work PC.

Or go to Coffee shop and use their wifi.

I have been able to test the WAN side in 3 different ways, I am quite certain this is no loopback related issue; besides, problematic rules have already observed in the previous posts. Hence my conclusion.

 

[KGB7]

I have been able to test the WAN side in 3 different ways, I am quite certain this is no loopback related issue; besides, problematic rules have already observed in the previous posts. Hence my conclusion.

If only a small number of people having this issue with same router and firmware, then issue has to be your configuration.

Instead of enabling ports, you need block them in firewall settings. Then test it from WAN again.

I can't even access my ISP router from WAN, so the issue has to be on your end.

 

[speedingcheetah]

OP, i think you should just call Geek Squad.

Geek Squad.. Don;t make me laugh!

Those clowns don't know anything and scam you for more money....so many horror stories...avoid their service at all costs. ( I really miss Circuit City and their RocketDog or whatever their service was....it was amazing)

 

[KGB7]

Geek Squad.. Don;t make me laugh!

Those clowns don't know anything and scam you for more money....so many horror stories...avoid their service at all costs. ( I really miss Circuit City and their RocketDog or whatever their service was....it was amazing)

And we dont get paid nearly enough to read minds and hold every once hand.

Half the threads are; " I broke it, now you fix it".

 

[speedingcheetah]

And we dont get paid nearly enough to read minds and hold every once hand.

Half the threads are; " I broke it, now you fix it".

So true....wait...pay..what pay? ..lol..most everyone one posts here with their free time....

 

[Chrysalis]

I only use openvpn client not server so cannot test, but its obvious port 80 will be open if you put it on port 80.

As to why its open when you change the port not sure, I hope we all find the reason.

by the way do you mean openvpn server or client? as is no openvpn server, just vpn server on my firmware.