Incoming requests from the router/modem & NT kernel- Malware ?

[kevroc 0]

Hello, when i connect to my wifi form the laptop i get incoming requests from my TP-link router/moden named "ARCHER_CS". I denied the requests. When i checked in the eset GUI it shows 2 incoming connections beign blocked constantly. One is from "NT Kernel and system" and one if drom the TP-link router. Also when i did a router scan it showed as Telnet port 23 open. So i checked my router and no portforwarding has been done.  I have attached the pics below. Should i be concerned that my router is compromised or a malware in the system ?

[itman 1,659]

As far as Eset Network Inspector showing a warning in regards to Telnet port 23, there are a couple of possibilities.

1. In Windows, Telnet is not installed by default. However, it can be installed via Windows Features option as described in this article: https://www.lifewire.com/what-is-telnet-2626026 . Did you manually install it?

2. Your router for some unknown reason has opened port 23 on its WAN and/or LAN interface. If you are using an ISP provided router/gateway, you will have to ask them why this port is open on the router.

As far as the blocked inbound UDP port 137 and 138, Eset will only allow that traffic if the Eset assigned network connection has Protection type set to Trusted. By default, Eset will defer to the "use Windows setting" option for Protection type at installation time. In Win 10/11, the Win firewall defaults to the Public i.e. untrusted, profile. Hence, Eset by default sets network connection Protection type to untrusted.

[kevroc 0]

Nope, i didn't manually install it nor i have forwarded any port manually in the router. I have even turned off UPnP in the router. Also, telnet is disabled in my windows.  I highly doubt if those guys working in the ISP even know what an open port is ! That's how pathetically the customer care department respond to the queries in my country. 

[itman 1,659]

Using your router's GUI interface, verify a "pinhole" exception for port 23 has not be created. Pinholes create corresponding allow rules for the router's built-in firewall. Many router manufacturers create a bunch of them for common game apps.

If your router is an ISP provided one, it is possible the ISP created a "pinhole" for Telnet. One reason is for maintenance purposes although I have never heard of port 23 being used this way. My ISP for example created a pinhole exception for port 443 on the on the router's WAN interface as unbelievable as it sounds. Now they did restrict what could connect to that port but it was to much of a risk for my liking and I got rid of it.

[kevroc 0]

Thanks a lot for the help itman. I will contact the isp regarding the issue. Hope they could give a possible explanation for the open port. 

[Nightowl 202]

For most secure because most of the times ISP equipment aren't updated regularly , I buy a router myself and ask the ISP to put their router as BRIDGE-MODE MODEM , and then use the router I bought myself to protect the LAN , and the ISP's device just work as a MODEM.