Jump to content
gu3r1l9

Unsual Open Network Services notification

Recommended Posts

I recently bought a " Tp-Link Archer D2 (EU) " Router/Access point . im getting this fishy notification even tho the telnet is disabled in the windows , ALG and NAT are disabled in the router settings . currently im using it on bridge mode . i did rescan many times . im still getting this telnet notification and i get these blocked devices in my firewall everytime i connect my modem prior to connecting to internet . am i a victim of a telnet attack ? if not how can i fix this ? 

 

FYI : im living in Iran and like most ppl here im not running a Genuine windows 10 so i did exclude the crack . ( C:\Windows\AutoKMS ) . would this be related ?
ps: i saw another topic in here with some one having the same issue which did not get solves in that topic . im assuming it was due to miscommunication and the person who had the same problem were also from iran judging by his name .

2019-05-20_7-54-35.thumb.png.a234a7823d906ce61d9a57b93ce7b061.png2019-05-20_7-46-26.thumb.png.4c9f4d9c210a3efd67f6baf75e2361a1.png

Share this post


Link to post
Share on other sites
Posted (edited)

The telnet that ESET is talking about is not among Windows features , you need to login in into your router and check the Telnet settings or disable it if you are not using it.

If you are using your modem in Bridge Mode then the firewall does get turned off because it's in Bridged Mode , so there should be a router connected to the modem which is in Bridge Mode , the router should be with a firewall , so your devices won't be without a firewall.

Connecting direct to the internet without any firewall is kind of risky.

Edited by Rami

Share this post


Link to post
Share on other sites

Normally, Telnet is disabled by default on the router. My router's log is full of such like external connection attempts.

Also using a cracked Win OS version is "just asking for trouble." Are you also using a cracked Eset version?

Share this post


Link to post
Share on other sites

On my home router I didn't find a setting to disable Telnet in LAN and I'm getting the same detection. I have only a setting that allows to enable it for WAN. So if you have Telnet disabled for WAN you should be ok since it's unlikely that attackers would be within your home LAN.

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

I have only a setting that allows to enable it for WAN.

In the router settings, it's usually under the "allowed protocols" section. And yes, those protocol options all apply to router WAN settings. For example, NetBIOS should also be disabled by default.

Share this post


Link to post
Share on other sites
13 hours ago, itman said:

Normally, Telnet is disabled by default on the router. My router's log is full of such like external connection attempts.

Also using a cracked Win OS version is "just asking for trouble." Are you also using a cracked Eset version?

first of all thank you for your reply . i did not know there`s a crack version for eset 12 . i do have a one year internet security license which i did paid in full :D . and about the telnet issue  , i almost solved it . but i did get a blue screen in the process . driver power state failure to be exact altho i doubt if it had anything to do with the issue , it would be most likely related to my "killer control center" Driver app for wifi adapter i assume . i will look further into this and post the results in couple of hours.

Share this post


Link to post
Share on other sites
13 hours ago, Rami said:

The telnet that ESET is talking about is not among Windows features , you need to login in into your router and check the Telnet settings or disable it if you are not using it.

If you are using your modem in Bridge Mode then the firewall does get turned off because it's in Bridged Mode , so there should be a router connected to the modem which is in Bridge Mode , the router should be with a firewall , so your devices won't be without a firewall.

Connecting direct to the internet without any firewall is kind of risky.

even tho im using it on a bridge mode , i have the lan dhcp enabled so the modem/router does do the routing automatically . i havent changed the private IP address of the device since i figured im not gonna use it on any wireless connection since i make sure im not getting any telnet attack , they tend to be a bit harsh u know , its not like you getting DDOS. i might have to check Tp Link emulator for this , linux is alot more helpful in these cases comparing to microsoft windows. the blue screen of death made the whole thing more complicated...

Share this post


Link to post
Share on other sites
13 hours ago, Marcos said:

On my home router I didn't find a setting to disable Telnet in LAN and I'm getting the same detection. I have only a setting that allows to enable it for WAN. So if you have Telnet disabled for WAN you should be ok since it's unlikely that attackers would be within your home LAN.

thats what i was assuming but since Telnet is no joke i had to make sure .  i`l let ya know if i find anything new about this issue.

Share this post


Link to post
Share on other sites
Posted (edited)

To be 100% accurate in regards to telnet is the following. The telnet client is not installed on Win 10 by default: https://www.rootusers.com/how-to-enable-the-telnet-client-in-windows-10/ . As noted in the article if the telnet client is installed, any port can be used by it; not just port 23.

When router's reference telnet, they are just referring to its default use of port 23. Disabling the telnet option on the router is just blocking all inbound/outbound WAN side port 23 TCP/UDP traffic to/from the router.

When the router is set to bridge mode, you are  instructing the router to pass all inbound and outbound traffic through the WAN side of the router. All firewall, IDS, and protocol filtering methods on the router are disabled. Additionally, both NAT and stateful transmission detection are also disabled on the router. As such, you are now relying 100% on Eset's firewall for port 23 protection. Whereas Eset's firewall will block an unsolicited inbound port 23 traffic by default, such is not the case for any outbound port 23 traffic. By default, Eset allows all outbound traffic.

Edited by itman

Share this post


Link to post
Share on other sites

yep , i agree with the most parts. the telnet client is disabled by default on windows 10 , but usually on the Router/Access points that have this feature , its enabled by default and thats why you get this notification in eset >> 

193207672_2019-05-20_7-46-17-A.png.d1bbeef47e3bf4c7d18d395f751f4253.pngIn order to deal with this issue you have to disable that feature from the web interface of your device AKA "modem settings" . 

but here`s the problem . when you connect a new device like a router etc , Eset Firewall blocks it by default . specially when you try to change the settings in your router web interface for which it require running certain scripts and those also will get blocked in your Firewall , etc .   

So in order to do this the easiest way would be to disconnect from the internet , then disable your Eset Firewall , and only then go to your router settings otherwise you have to unlock the required Devices  , ports , and services manually everytime you want to change your settings which might not go smooth as u think everytime.  here are some examples of the Firewall blocking attempts for your device to be connected to your Pc>> 925350898_2019-05-20_22-34-29-C.thumb.png.d704f1123b8d39ca057ff19d1149f3ca.png131405307_2019-05-20_11-30-49-B.thumb.png.f8e968a8c498359b789c1e8ff7e3d02d.png

Share this post


Link to post
Share on other sites

side note :  i dont believe in all that  " Built-in Router Firewall STUFF" . i never had any problems bypassing them , so i usually disable them for my home network , by which im not allowing extra protocols that have many security vulnerabilities effect my connections . plus i usually use this connection for Gaming on Steam , for which using a cable works way better than wireless connections , as it could effect the stability of your ping etc . having said that , if you do not know how to protect yourself manually then u might put your trust in your device software firewall , which i would not recommend personally. 

Share this post


Link to post
Share on other sites

Some further info on Telnet. Port 23 is not the only port used. Port 107 is used by Remote Telnet.

Also there is a way to shut down all Telnet activity using the Eset firewall. You would have to create a firewall rule to block all inbound and outbound activity specifying the protocol as "Custom" and the protocol number as 240 - 255. In other words, 15 firewall rules would be needed since the Eset firewall only also one protocol number to be specified per firewall rule.

Ref.: http://www.networksorcery.com/enp/protocol/telnet.htm

Share this post


Link to post
Share on other sites

Maybe an actual Telnet malware attack example will help. This malware uses Telnet to hijack non-PC devices within your local network: https://www.pentestpartners.com/security-blog/what-is-mirai-the-malware-explained/ . Really can't see how Eset installed on a PC within the network is going to help in this situation.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...