1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRT54G with tftp Open on WAN Port

Discussion in 'Cisco/Linksys Wireless Routers' started by msquard, Sep 2, 2005.

  1. msquard

    msquard Guest

    Hi everyone,

    I am new to the group so please cut me a little slack :)

    I have a WRT54G, what I believe to be a version1.0. It has worked fine for a few years. On Monday I downloaded version 4.20.06 of the Linksys firmware. As habit after upgrading firmware, I ran nmap against my router the next day from work. I'm pretty used to the output that I should get.

    Running "nmap -v -sT [ip addr]" shows port 22 open.
    Cool it is forwarded. No problem here.

    But running nmap -v -sU [ip addr] results in:

    69 filtered tftp
    135 filtered msrpc
    445 filtered ms-ds
    4444 filtered krb524

    Interesting. I don't remember this type of output before. Realizing
    that UDP connections are stateless, I decided to check this out.
    I was very surprised to find it possible to connect to the EXTERNAL
    ethernet port using "tftp [ip address]"!

    The reason I point this out is that I noticed over 1000 unsuccessful
    attempts to break into my internal Linux machine. The firewall IS enabled on the wrt, so I was very curious as to how they got through. I logged on and noticed that the 4.20.06 version of firmware had been replaced with an old version!!

    I haven't put the whole puzzle put together yet. But I am very
    suspicious of the tftp port open on the WAN side. Is this normal?
    Does anyone else see this? I've uploaded 4.20.06 and get the same nmap output.

    TIA

    Mike
     
  2. 4Access

    4Access Network Guru Member

    Something sounds really weird here...

    Can you still connect to tftp on the WAN IP address? If so check your port forwarding rules. Assuming port 69 isn't forwarded could you try resetting your router to defaults and then reconfiguring. (Hold reset button for 30sec) After that see if you can still access TFTP remotely.

    On a side note: How secure is your router password?
     
  3. Raisins

    Raisins Networkin' Nut Member

    yo msquard, u played aoe3?
     

Share This Page