Noomz 0 Posted August 13, 2017 Posted August 13, 2017 Hello I am using eset smart security 10 and I did a home network security scan and it keeps coming up with this result (See Image), which is totally puzzling me??? I use virging media set as a modem and a Archer D& tp-link router as the main hub but I cant see anything in the settings regarding this mystery "telnet port 23" or how to disable it. Please help a girl out because I value my home security very much and I hate the idea that someone ocould use this telnet service to remote connect to my home network. Love and Peace Noomz
itman 1,802 Posted August 14, 2017 Posted August 14, 2017 What the alert is telling you is that port 23 is open on your D-Link router. Under normal circumstances, no ports should be left permanently open on the router. Port 23 is used by FTP i.e. file transfer protocol and should be only open when a user initiated FTP file transfer is in progress. This port is commonly probed by remote hackers trying to gain access to your internal network.
Most Valued Members cyberhash 201 Posted August 14, 2017 Most Valued Members Posted August 14, 2017 On 13/08/2017 at 2:34 PM, Noomz said: Like @itman has said above, tcp port 23 is open on your router. To close it , you need to go to hxxp://192.168.1.1 using your browser. Then go to the forwarding tab at the left hand side, and make sure there are no entries set up under the "virtual server" or "port triggering".
tommy456 12 Posted August 15, 2017 Posted August 15, 2017 I use telnet to communicate with my modem and harvest the stats for my internet connection and have done so for years without a problem
itman 1,802 Posted August 15, 2017 Posted August 15, 2017 (edited) 3 hours ago, tommy456 said: I use telnet to communicate with my modem and harvest the stats for my internet connection and have done so for years without a problem I assume your modem doesn't have a firewall and you have it set to "pass through" in any case, so all traffic is flowing though it unimpeded. Appears that you have opened port 23 on the router to communicate with the modem for the stats you mentioned? Now if you have the router set to only to accept inbound port 23 traffic from a specific local network IP address for the modem and that address is not accessible externally, then you're OK. -EDIT- Also a more secure way to harvest your modem logs, I assume that is what you are doing, is to create a scheduled task to run periodically to do so. This would only open port 23 when the task runs and close it when it completes. Edited August 15, 2017 by itman
tommy456 12 Posted August 25, 2017 Posted August 25, 2017 It has a built in scheduler and also uploads the data to a web site, there isn't a way to only accept telnet from one IP in my router, eset firewall rules are outbound for the app that does the harvesting & uploading
itman 1,802 Posted August 25, 2017 Posted August 25, 2017 10 minutes ago, tommy456 said: It has a built in scheduler and also uploads the data to a web site, there isn't a way to only accept telnet from one IP in my router, eset firewall rules are outbound for the app that does the harvesting & uploading Then you should be OK since the Eset firewall will only allow inbound port 23 traffic that corresponds to the outbound firewall request i.e. stateful communication. It still does not explain why port 23 on the LAN side of the router is open. Port 23 should be only open when the application is running. Is the app constantly running?
tommy456 12 Posted August 28, 2017 Posted August 28, 2017 (edited) It uploads data frequently, So long at the PC is connected to the lan and powered on it If i Wireshark it I see that the PC sends and receives data via telnet but incoming port or dst port is a different port to the normal port 23 , I use a 2 box set up with the modern using hacked fw, as they are locked down by default, this enables the GUI and the operation of it's 2nd lan port (which connects to my router ) for the stats only, the main lan port of the modem connects to my router using it's dedicated, Ewan port for the internet using PPPOE It also connects to an external IP for uploading and receiving data using port 80 and another for incoming packets so although telnet is open it isn't sending or receiving data outside of my lan Edited August 28, 2017 by tommy456
Noomz 0 Posted October 21, 2017 Author Posted October 21, 2017 On 14/08/2017 at 11:36 PM, cyberhash said: Like @itman has said above, tcp port 23 is open on your router. To close it , you need to go to hxxp://192.168.1.1 using your browser. Then go to the forwarding tab at the left hand side, and make sure there are no entries set up under the "virtual server" or "port triggering". Sorry I have been away for so long but have been busy. I checked the 2 options you suggested and neither of them have anything listed, completely blank but I still get the warning
itman 1,802 Posted October 21, 2017 Posted October 21, 2017 1 hour ago, Noomz said: Sorry I have been away for so long but have been busy. I checked the 2 options you suggested and neither of them have anything listed, completely blank but I still get the warning Go here: https://www.grc.com/port_23.htm and click on "Probe This Port" button. This will determine if port 23 is open on the WAN side of your router. Post back with the results of the test. Status should be either "Stealth" or "Closed."
galaxy 11 Posted December 13, 2017 Posted December 13, 2017 (edited) firewall enabled in the router Edited December 13, 2017 by galaxy
Recommended Posts