Jump to content

Sensitive Open Network Services


Recommended Posts

After I scanned my home network with ESET Internet Security V 11.2.49.0 the "Connected Home Monitor" started showing my router has "Sensitive open network services". It has password protected WPA2 security enabled. When I go into the router settings the only thing I notice that might be wrong is it's not set to hide the SSID. I don't know where to go from there.

Update: I just noticed the details. It says Port 443 services TLS1.0  TLS 1.1  TLS1.2  TCP  reachable from the internet. From what I was just reading it looks like this should be Ok. Should it be blocked from inbound communication?

Edited by stueycaster
Link to comment
Share on other sites

  • Administrators

Are you running an http server that is accessible from the Internet? Please post a screen shot of the message with details expanded.

Link to comment
Share on other sites

  • Administrators

I would recommend disabling the option for remote router administration from the Internet. If there was a vulnerability in your router or if a weak password was used, somebody could hack it.

Link to comment
Share on other sites

I can definitively answer this one since I have ATT U-Verse that includes DSL using the same router as the OP.

ATT in their "infinite security dis-wisdom" has purposely opened port 443 on the WAN side of the router for "diagnostic, connectivity, etc." like worded BS. There is not a damn thing you can do about other than switch to another broadband provider. It is also not a security issue since internally, there is a router rule that only allows ATT to connect to that WAN  port. Also port 443 is closed and stealth on the LAN side on the router which is really what counts. 

Link to comment
Share on other sites

33 minutes ago, Marcos said:

I would recommend disabling the option for remote router administration from the Internet.

Can't be effectively done with these ISP provided routers. No worry since the provided access password is like 15 characters like containing every conceivable character know to computer mankind.

Edited by itman
Link to comment
Share on other sites

Also as far as port 443 on ATT provided routers, it has been this way for as long as I have had then as provider. That is well over a decade and I never had no security incidents in this regard. I did have a business grade router for a while some time back they provide me at no cost. I miss that device since I could set up a honeypot with it to trap any unwanted incoming traffic.

Link to comment
Share on other sites

Since we on topic of ATT Motorola routers, a few other "tibits" in regard to Eset networking,

ATT uses a dual fork IPv4 and IPv6 setup. In other words, you are receiving both types of IP address. Assuming you haven't manually disabled IPv6, Eset default firewall rules have issues with it. To begin with, ATT is constantly doing IPv6 pinging on two internal network addresses; fe80::xxxxx and xxxx::1. These addresses are not identified by Eset at setup time. So you will be receiving blocks on these addresses. Easiest way to allow them is via the Eset Network wizard feature. Also and very strange is there appears to be a DNS IPv6 tunnel setup for the xxxx::1 IPv6 localhost connection. Using a network connection monitor that shows UDP connections, you will observe it. Not sure if Eset or ATT is the "culprit" in regards to this DNS tunnel.

Link to comment
Share on other sites

Hello stueycaster.

Regarding port 443, I too have AT&T U-verse and AT&T seems to want to keep that port open. I close it as required by deleting that addition via the AT&T U-verse/router portal...firewall>NAT/Gaming without any ill effects on my U-verse Internet or TV (having that port closed helps my OCD sleep at night:lol:).

Here are some websites that will help you see what ports are open/closed/stealth.

http://www.whatsmyip.org/port-scanner/

https://www.grc.com/x/ne.dll?bh0bkyd2

Once you click on the GRC link and then PROCEED, you'll have access to the port scanning links (under the yellow Exposure test button). 

1753525940_GRCPortScan.thumb.jpg.6ae10589227a9e65df206b2834c223ea.jpg

Best regards.

 

 

Edited by TomFace
Link to comment
Share on other sites

One of the better definitions for port 443 use was given over at dslreports.com which is, it is used by that WAP device connected to the router. The WAP as far as U-Verse is concerned interfaces with the wireless set top TV devices. 

However as I stated previously, ATT used port 443 on its routers long before U-Verse existed.

So the best definition of port 443 usage is it controls and interfaces with any WAP device attached to the router. So if you use U-Verse TV w/o any additional wireless boxes, port 443 on the WAN side of the router can be closed ;i.e. connection interface deleted. Likewise if you only use ATT DSL and do not connect to an devices wirelessly in your home; i.e. no WAP device is connected to the router, port 443 on the WAN side of the router can be closed. Bottom line - no WAP device then no need for port 443 on the WAN side of the router connection.

It is somewhat implied that the Motorola routers referenced are only Ethernet based and are not wireless/Ethernet hybrids as produced by some router manufacturers.

Edited by itman
Link to comment
Share on other sites

15 hours ago, itman said:

One of the better definitions for port 443 use was given over at dslreports.com which is, it is used by that WAP device connected to the router. The WAP as far as U-Verse is concerned interfaces with the wireless set top TV devices. 

However as I stated previously, ATT used port 443 on its routers long before U-Verse existed.

So the best definition of port 443 usage is it controls and interfaces with any WAP device attached to the router. So if you use U-Verse TV w/o any additional wireless boxes, port 443 on the WAN side of the router can be closed ;i.e. connection interface deleted. Likewise if you only use ATT DSL and do not connect to an devices wirelessly in your home; i.e. no WAP device is connected to the router, port 443 on the WAN side of the router can be closed. Bottom line - no WAP device then no need for port 443 on the WAN side of the router connection.

It is somewhat implied that the Motorola routers referenced are only Ethernet based and are not wireless/Ethernet hybrids as produced by some router manufacturers.

My PC is wireless U-verse and I do have another TV on a wireless U-verse box/connection. They both work fine without port 443 being open. AT&T, as of late, opens 443 daily. Back in the 3rd-4th quarter of last year (2017) it was closed for about a 2 month period (AT&T not opening it daily). Obviously I check it daily...it usually opens after 9:30AM EDT (and I close it shortly thereafter). From my point of view, 443 being open is a unnecessary vulnerability that I do not need (whether the threat is real/substantiated or not). It's akin to the news websites that auto-play their hottest videos when you open their page. If it isn't needed, it's all a matter of choice and control of your own space. (My U-verse box is an ARRIS...not sure if that is part of Motorola)

Edited by TomFace
correction
Link to comment
Share on other sites

ATT's official statement on port 443 usage:

Quote

Re: Port 443 Open In Cisco_AP_ATT

Hi,

 

Port 443 is used by the Wireless receiver. It is not for viewing experience, but it used as the port for testing. Even if you wire the receiver, port 443 will still be active, as the testing tools will run intermittently causing the port to reopen. If you use the port for another device, the router will not overwrite the rule, but testing will no longer work. If you remove the WAP and wireless receiver off your network, you will no longer run into this issue. I hope this answers everyone's questions.

 

David, AT&T Community Specialist

https://forums.att.com/t5/U-verse-TV-DVR-Receivers/Port-443-Open-In-Cisco-AP-ATT/td-p/5240450

In my long experience with ATT, verbiage like "testing purposes" equates to connectivity checking,  firmware updating, etc.." It's the user's call on this one. I have enough issues with U-Verse wireless. I keep it as set on the router.

Edited by itman
Link to comment
Share on other sites

Being retired from AT&T, I am well aware of how they operate. This situation and the reference I made to the news websites reminds me of the Twilight Zone episode "To Serve Man"...see https://en.wikipedia.org/wiki/To_Serve_Man

I'd rather control my own world to the best extent I can.

Best regards.

Edited by TomFace
Link to comment
Share on other sites

Wow!! That's a lot to take in. I ran the port tests and they all passed. I ran a ten second scan of port 443 and it passed that. That makes me think it's not really a problem. If something gets past the router does ESET block it?

And, as we do have 4 TV's all with a Roku box connected and 4 computers that are networked plus 2 printers it sounds like I should leave it set as it is. Three of the computers are usually connected by ethernet. 

Maybe I could get ESET to ignore the issue? If so, how would I do it?

Edited by stueycaster
Link to comment
Share on other sites

I don't know why but this morning ESET has stopped saying there's a problem with my router. Maybe the module updates that came this morning affected it? That's the only thing that I know changed. Or maybe the there's a time limit as to how long it can be concerned with an issue.

Edited by stueycaster
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...