Jump to content

Home network scan conundrum


Recommended Posts

Hello

I am using eset smart security 10 and I did a home network security scan and it keeps coming up with this result (See Image), which is totally puzzling me???

I use virging media set as a modem and a Archer D& tp-link router as the main hub but I cant see anything in the settings regarding this mystery "telnet port 23" or how to disable it. Please help a girl out because I value my home security very much and I hate the idea that someone ocould use this telnet service to remote connect to my home network.

Love and Peace

Noomz

 

 

Capture.PNG

Link to comment
Share on other sites

What the alert is telling you is that port 23 is open on your D-Link router. Under normal circumstances, no ports should be left permanently open on the router.

Port 23 is used by FTP i.e. file transfer protocol and should be only open when a user initiated FTP file transfer is in progress. This port is commonly probed by remote hackers trying to gain access to your internal network.

Link to comment
Share on other sites

  • Most Valued Members
On 13/08/2017 at 2:34 PM, Noomz said:

Capture.PNG

Like @itman has said above, tcp port 23 is open on your router.

To close it , you need to go to hxxp://192.168.1.1 using your browser. Then go to the forwarding tab at the left hand side, and make sure there are no entries set up under the "virtual server" or "port triggering".
 

Link to comment
Share on other sites

3 hours ago, tommy456 said:

I use telnet  to communicate with my modem  and harvest  the stats for my internet connection and have done so for years without a problem

I assume your modem doesn't have a firewall and you have it set to "pass through" in any case, so all traffic is flowing though it unimpeded. Appears that you have opened port 23 on the router to communicate with the modem for the stats you mentioned? Now if you have the router set to only to accept inbound port 23 traffic from a specific local network IP address for the modem and that address is not accessible externally, then you're OK.

-EDIT- Also a more secure way to harvest your modem logs, I assume that is what you are doing, is to create a scheduled task to run periodically to do so. This would only open port 23 when the task runs and close it when it completes.

Edited by itman
Link to comment
Share on other sites

  • 2 weeks later...

It has a built in scheduler and also uploads the data  to a web site, there isn't a way to only accept  telnet from  one IP  in my router, eset firewall rules are outbound for the app that does the harvesting & uploading

Link to comment
Share on other sites

10 minutes ago, tommy456 said:

It has a built in scheduler and also uploads the data  to a web site, there isn't a way to only accept  telnet from  one IP  in my router, eset firewall rules are outbound for the app that does the harvesting & uploading

Then you should be OK since the Eset firewall will only allow inbound port 23 traffic that corresponds to the outbound firewall request i.e. stateful communication.

It still does not explain why port 23 on the LAN side of the router is open. Port 23 should be only open when the application is running. Is the app constantly running?

Link to comment
Share on other sites

It uploads data  frequently, So long at the PC is connected to the lan and powered on it  If i Wireshark it I see that the PC sends and receives data via telnet  but  incoming port or dst port is a different port to the normal port 23 , I use a 2 box set up with the modern using  hacked fw, as they are locked down by default,  this enables  the GUI and the operation of it's 2nd lan port (which connects to my router )  for the stats only,  the main lan port of the modem connects to my router using it's dedicated, Ewan port for the internet using PPPOE

It also  connects  to an  external IP for uploading and receiving data using port 80 and  another for incoming packets  so although telnet is open  it isn't sending or receiving data  outside of my lan

Edited by tommy456
Link to comment
Share on other sites

  • 1 month later...
On 14/08/2017 at 11:36 PM, cyberhash said:

Like @itman has said above, tcp port 23 is open on your router.

To close it , you need to go to hxxp://192.168.1.1 using your browser. Then go to the forwarding tab at the left hand side, and make sure there are no entries set up under the "virtual server" or "port triggering".
 

Sorry I have been away for so long but have been busy. I checked the 2 options you suggested and neither of them have anything listed, completely blank but I still get the warning :(

Link to comment
Share on other sites

1 hour ago, Noomz said:

Sorry I have been away for so long but have been busy. I checked the 2 options you suggested and neither of them have anything listed, completely blank but I still get the warning :(

Go here: https://www.grc.com/port_23.htm and click on "Probe This Port" button. This will determine if port 23 is open on the WAN side of your router.

Post back with the results of the test. Status should be either "Stealth" or "Closed."

Link to comment
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...