jav31 1 Posted January 22, 2020 Posted January 22, 2020 hello cordial greeting Sorry if I have bad English, but I'm using a translator my doubt is the following: i was analyzing my router with the protection of the home network in eset internet security and the results i get is that the router is running insecure network services (port 443 service TLS 1.0 ,TLS 1.1 , TLS 1.2, HTTP and tcp). but what confuses me is that below are part of the same results saying that these services of the router are common so what should i do ignore this antivirus warning ? thank you very much for your attention
itman 1,811 Posted January 23, 2020 Posted January 23, 2020 (edited) On 1/22/2020 at 9:59 AM, jav31 said: the results i get is that the router is running insecure network services (port 443 service TLS 1.0 ,TLS 1.1 , TLS 1.2, HTTP and tcp). Check if port 443 is open on the WAN side of the router. You can do this at various web sites such as Gibson Research Shields Up web site: https://www.grc.com/shieldsup Note; It is impossible to determine what your Eset posted screen shots are stating since there are not in English. Edited January 23, 2020 by itman
jav31 1 Posted January 27, 2020 Author Posted January 27, 2020 On 1/23/2020 at 4:18 PM, itman said: Check if port 443 is open on the WAN side of the router. You can do this at various web sites such as Gibson Research Shields Up web site: https://www.grc.com/shieldsup Note; It is impossible to determine what your Eset posted screen shots are stating since there are not in English. hi itman thank you very much for answering Here I have translated what the captures say: Sensitive open network services: The router runs sensitive network services that others could exploit. This is due to a poor configuration or a compromised router. verify the router configuration or consult the advanced help in some cases only internet providers can manage the router configuration Port: 443 Service: TLS 1.0, TLS 1.1, TLS 1.2, HTTP Internet reachable The second capture reads as follows: Network Services The router is running common network services. These are necessary for the network and are probably safe. Port: 53 Service: DNS, TCP Port: 80 Service: HTTP, TCP Port: 443 Service: TLS 1.0, TLS 1.1, TLS 1.2, HTTP Port: 53 Service: DNS, UDP Port: 22 Service: SSH, TCP That's all the screenshots say I did the test you provided me and if I find that port 443 is open): here I attach it in the screenshot if it becomes necessary I also have full access to my router configuration thank you very much for your help I am attentive to your answer
jav31 1 Posted January 27, 2020 Author Posted January 27, 2020 1 hour ago, BeanSlappers said: Hey Jav31, Have you port forwarded 443? If so, then this would cause it too. I have personally had to do this for my NAS server, so I can access it outside the network too, hello BeanSlappers thanks for your reply I have never gotten to use port forwarding the main router I use it for everyday tasks like youtube facebook games etc already when I need to do something I use a second router for it although the results on this main router confuse me because I have never gotten to use it for other tasks besides the daily ones thank you very much for your attention
itman 1,811 Posted January 27, 2020 Posted January 27, 2020 (edited) 1 hour ago, jav31 said: hi itman thank you very much for answering Here I have translated what the captures say: Sensitive open network services: The router runs sensitive network services that others could exploit. This is due to a poor configuration or a compromised router. verify the router configuration or consult the advanced help in some cases only internet providers can manage the router configuration Port: 443 Service: TLS 1.0, TLS 1.1, TLS 1.2, HTTP Is there any reason why port 443 needs to be open on the WAN side of the router? I had a similar situation with my ISP, AT&T, Pace gateway. The "phony baloney" explanation given was they created a pinhole in the gateway firewall so they could access my TV desktop devices for maintenance purposes. Never worried about this since the pinhole only allowed access from their IP address. Well, recent gateway firewall log review showed know malicous IP addresses were accessing that pinhole. So I deleted the pinhole on the firewall and have had zip problems since. Edited January 27, 2020 by itman
jav31 1 Posted February 5, 2020 Author Posted February 5, 2020 Thank you very much Itman and BeanSlappers for your kind attention and help Snooping through all the configurations of the router I found as you said there is a rule of the one configured for WAN with this name: (Emcali admon) and indeed this rule is the one that has the port 443 open, it bothers me enough to see this and when I call my ISP EMCALI The only thing they told me is that this rule is to be checking the state of the router (it gives a little laugh at the pious support that my ISP has given me 😂) and to complete my "happiness" I tried to eliminate that rule but it returns to be created again): I don't know if I am satisfied with the response of my internet operator :( a question friends can't I create a rule in the ESET firewall to block incoming communications through port 443? obviously allowing only the communications that I have opened I mean create an interactive rule Or it will be that this can only be solved but on the router :( ?? Thank you very much for the help
itman 1,811 Posted February 5, 2020 Posted February 5, 2020 (edited) 5 hours ago, jav31 said: a question friends can't I create a rule in the ESET firewall to block incoming communications through port 443? obviously allowing only the communications that I have opened I mean create an interactive rule No because it will block the majority of your Internet connections. 5 hours ago, jav31 said: Or it will be that this can only be solved but on the router ?? Yes. If the attackers can access this ISP created router firewall exception, they can access your router internal settings. Granted and hopefully your router has a strong password assigned, most can be brute forced given enough time. Also if a keylogger can be installed locally, the attacker can capture your password as you access the router via your browser interface. I assume the ISP provided ZTE modem is used for purposes other than just Internet connectivity. Perhaps to control desktop cable/DSL TV boxes. One possibility is to purchase another router with a strong firewall plus NAT and statefull inspection capability to control your internal PC network. Then configure the ISP provided ZTE router to forward all non-desktop cable/DSL TV box network traffic to the purchased router. This new router would then handle all local PC network traffic. Edited February 6, 2020 by itman
Recommended Posts