Jump to content

doubt with eset internet security's home network protection


Recommended Posts

hello cordial greeting

Sorry if I have bad English, but I'm using a translator

my doubt is the following: i was analyzing my router with the protection of the home network in eset internet security and the results i get is that the router is running insecure network services (port 443 service TLS 1.0 ,TLS 1.1 , TLS 1.2, HTTP and tcp). but what confuses me is that below are part of the same results saying that these services of the router are common so what should i do ignore this antivirus warning ? 

thank you very much for your attention

Captura.JPG

Captura2.JPG

Link to post
Share on other sites
On 1/22/2020 at 9:59 AM, jav31 said:

the results i get is that the router is running insecure network services (port 443 service TLS 1.0 ,TLS 1.1 , TLS 1.2, HTTP and tcp).

Check if port 443 is open on the WAN side of the router. You can do this at various web sites such as Gibson Research Shields Up web site: https://www.grc.com/shieldsup

Note; It is impossible to determine what your Eset posted screen shots are stating since there are not in English.

Link to post
Share on other sites

Hey Jav31,

Have you port forwarded 443?  If so, then this would cause it too.  I have personally had to do this for my NAS server, so I can access it outside the network too,

Link to post
Share on other sites
On 1/23/2020 at 4:18 PM, itman said:

Check if port 443 is open on the WAN side of the router. You can do this at various web sites such as Gibson Research Shields Up web site: https://www.grc.com/shieldsup

Note; It is impossible to determine what your Eset posted screen shots are stating since there are not in English.

hi itman thank you very much for answering
Here I have translated what the captures say:


Sensitive open network services:
The router runs sensitive network services that others could exploit. This is due to a poor configuration or a compromised router.

verify the router configuration or consult the advanced help in some cases only internet providers can manage the router configuration

Port: 443
Service: TLS 1.0, TLS 1.1, TLS 1.2, HTTP

Internet reachable

The second capture reads as follows:

Network Services

The router is running common network services. These are necessary for the network and are probably safe.

Port: 53
Service: DNS, TCP

Port: 80
Service: HTTP, TCP

Port: 443

Service: TLS 1.0, TLS 1.1, TLS 1.2, HTTP

Port: 53

Service: DNS, UDP

Port: 22
Service: SSH,
TCP

That's all the screenshots say

I did the test you provided me and if I find that port 443 is open): here I attach it in the screenshot

if it becomes necessary I also have full access to my router configuration

thank you very much for your help I am attentive to your answer

 

Captura.JPG

Captura2.JPG

Link to post
Share on other sites
1 hour ago, BeanSlappers said:

Hey Jav31,

Have you port forwarded 443?  If so, then this would cause it too.  I have personally had to do this for my NAS server, so I can access it outside the network too,

hello BeanSlappers

thanks for your reply

I have never gotten to use port forwarding the main router I use it for everyday tasks like youtube facebook games etc already when I need to do something I use a second router for it

although the results on this main router confuse me because I have never gotten to use it for other tasks besides the daily ones

thank you very much for your attention

Link to post
Share on other sites
1 hour ago, jav31 said:

hi itman thank you very much for answering
Here I have translated what the captures say:


Sensitive open network services:
The router runs sensitive network services that others could exploit. This is due to a poor configuration or a compromised router.

verify the router configuration or consult the advanced help in some cases only internet providers can manage the router configuration

Port: 443
Service: TLS 1.0, TLS 1.1, TLS 1.2, HTTP

Is there any reason why port 443 needs to be open on the WAN side of the router?

I had a similar situation with my ISP, AT&T, Pace gateway. The "phony baloney" explanation given was they created a pinhole in the gateway firewall so they could access my TV desktop devices for maintenance purposes. Never worried about this since the pinhole only allowed access from their IP address. Well, recent gateway firewall log review showed know malicous IP addresses were accessing that pinhole. So I deleted the pinhole on the firewall and have had zip problems since.  

Link to post
Share on other sites
  • 2 weeks later...

Thank you very much Itman and BeanSlappers for your kind attention and help

 
Snooping through all the configurations of the router I found as you said there is a rule of the one configured for WAN with this name: (Emcali admon) and indeed this rule is the one that has the port 443 open, it bothers me enough to see this and when I call my ISP EMCALI The only thing they told me is that this rule is to be checking the state of the router (it gives a little laugh at the pious support that my ISP has given me 😂) and to complete my "happiness" I tried to eliminate that rule but it returns to be created again):


I don't know if I am satisfied with the response of my internet operator :(

a question friends can't I create a rule in the ESET firewall to block incoming communications through port 443? obviously allowing only the communications that I have opened I mean create an interactive rule

Or it will be that this can only be solved but on the router :( ??

Thank you very much for the help

Link to post
Share on other sites
5 hours ago, jav31 said:

a question friends can't I create a rule in the ESET firewall to block incoming communications through port 443? obviously allowing only the communications that I have opened I mean create an interactive rule

No because it will block the majority of your Internet connections.

5 hours ago, jav31 said:

Or it will be that this can only be solved but on the router :( ??

Yes.

If the attackers can access this ISP created router firewall exception, they can access your router internal settings. Granted and hopefully your router has a strong password assigned, most can be brute forced given enough time. Also if a keylogger can be installed locally, the attacker can capture your password as you access the router via your browser interface.

I assume the ISP provided ZTE modem is used for purposes other than just Internet connectivity. Perhaps to control desktop cable/DSL TV boxes. One possibility is to purchase another router with a strong firewall plus NAT and statefull inspection capability to control your internal PC network.  Then configure the ISP provided ZTE router to forward all non-desktop cable/DSL TV box network traffic to the purchased router. This new router would then handle all local PC network traffic.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...