Jump to content

Incoming requests from the router/modem & NT kernel- Malware ?


Recommended Posts

Hello, when i connect to my wifi form the laptop i get incoming requests from my TP-link router/moden named "ARCHER_CS". I denied the requests. When i checked in the eset GUI it shows 2 incoming connections beign blocked constantly. One is from "NT Kernel and system" and one if drom the TP-link router. Also when i did a router scan it showed as Telnet port 23 open. So i checked my router and no portforwarding has been done.  I have attached the pics below. Should i be concerned that my router is compromised or a malware in the system ?

NT Kernel & System_incoming.PNG

TP-Link_incoming.PNG

eset network scan_report.png

Link to comment
Share on other sites

As far as Eset Network Inspector showing a warning in regards to Telnet port 23, there are a couple of possibilities.

1. In Windows, Telnet is not installed by default. However, it can be installed via Windows Features option as described in this article: https://www.lifewire.com/what-is-telnet-2626026 . Did you manually install it?

2. Your router for some unknown reason has opened port 23 on its WAN and/or LAN interface. If you are using an ISP provided router/gateway, you will have to ask them why this port is open on the router.

As far as the blocked inbound UDP port 137 and 138, Eset will only allow that traffic if the Eset assigned network connection has Protection type set to Trusted. By default, Eset will defer to the "use Windows setting" option for Protection type at installation time. In Win 10/11, the Win firewall defaults to the Public i.e. untrusted, profile. Hence, Eset by default sets network connection Protection type to untrusted.

Link to comment
Share on other sites

Nope, i didn't manually install it nor i have forwarded any port manually in the router. I have even turned off UPnP in the router. Also, telnet is disabled in my windows.  I highly doubt if those guys working in the ISP even know what an open port is ! That's how pathetically the customer care department respond to the queries in my country. 

Link to comment
Share on other sites

Using your router's GUI interface, verify a "pinhole" exception for port 23 has not be created. Pinholes create corresponding allow rules for the router's built-in firewall. Many router manufacturers create a bunch of them for common game apps.

If your router is an ISP provided one, it is possible the ISP created a "pinhole" for Telnet. One reason is for maintenance purposes although I have never heard of port 23 being used this way. My ISP for example created a pinhole exception for port 443 on the on the router's WAN interface as unbelievable as it sounds. Now they did restrict what could connect to that port but it was to much of a risk for my liking and I got rid of it.

Link to comment
Share on other sites

Thanks a lot for the help itman. I will contact the isp regarding the issue. Hope they could give a possible explanation for the open port. 

Link to comment
Share on other sites

  • Most Valued Members

For most secure because most of the times ISP equipment aren't updated regularly , I buy a router myself and ask the ISP to put their router as BRIDGE-MODE MODEM , and then use the router I bought myself to protect the LAN , and the ISP's device just work as a MODEM.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...