1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blocking 1863 & 5190

Discussion in 'General Discussion' started by wency, Nov 2, 2006.

  1. wency

    wency Network Guru Member

    Hi, recently i noticed the following problem with my Linksys Routers:
    I'm unable to block inbound tcp ports 1863 and 5190 on WRT54GL (using the latest DD-WRT firmware) and also on BEFVP41 (1.01.05) and RV082 (v.

    On all three devices nmap (4.03) shows these ports as open and i'm able to telnet trough them (althought disconnected almost immediately).

    All firewalls are turned on, all UPnP functions are disabled and no MSN/ICQ clients are behind the routers.

    I noticed other users with the same problem and without any solutions...

    So i'm forwarding the ports to non-existent local IPs, but i want to know the source of the issue if any...

    Any help will be great.
  2. rickyschrieber

    rickyschrieber LI Guru Member

    FYI 1863 is MSN messenger and 5190 is AIM (AOL).
    You could make a rule to drop these packets but I believe that the programs running on windows will send notification to the server opening a new port thereby bypassing inbound firewall.
  3. wency

    wency Network Guru Member

    port blocking

    I think i mentioned that no MSN/AOL software is running behind the routers and also UPnP is turned Off.
    And of course, i know what apps use these ports :)
    To be more clear - the same effect is in place with no computers behind the router.
    So it looks like the ports are opened inside the router.

  4. HennieM

    HennieM Network Guru Member

    I may be way off here, but I think the defaultish iptables setup allows all incoming connections on the IN part of connecting to the router, i.e. step 1. The drop or non-allowance of packets happens only when the ROUTING decision is made, which is the 2nd step. The 3rd step, OUT, is then never reached by those packets.

    You can of course configure iptables to drop the incoming packets right away on IN (if your firmware allows you).

Share This Page