wrt54gx - bad security move?

Discussion in 'Cisco/Linksys Wireless Routers' started by only10, Nov 4, 2005.

  1. only10

    only10 Network Guru Member

    I just hooked up the wrt54gx the other day and ran a port scan against it. To my suprise the scan showed EVERYTHING open.

    I first thought maybe something was wrong with the port scanner I was using so I tried 3 different scanners and all had the same results. I was performing full tcp connect scans.

    so, to my question:
    It appears linksys has taken the 'evil port monitor' approach to security. Whereas all common server ports are open and accept a connection for the purpose of reporting/logging that this event occured. A way to report that "hey, someone just tryied to connect to you on port 80 etc..."

    In this scenario it accepts the connection only to report it, there is no server/service actually running. The PROBLEM with this is that you are drawing A LOT of attention to yourself on the internet for further detailed scans and possible DOS and/or exploitation of any service that may really be running. So instead of you maybe running a few services on non-standard ports that would go unoticed on the internet you are now literally screaming and yelling "hey, look at me, look at all these services I have ready for you to try to exploit".

    I just hooked this up and have not been able to do a lot of research yet but I remembered coming across this site so I thought I would post here first.

    is this normal operation of this unit? can I turn it off? did they really do this? If so I have to go buy a new router. :(
  2. RonWessels

    RonWessels Network Guru Member

    Are you absolutely sure that it's the router accepting all those connections? I was helping a friend set up a wireless network with a WRT54GX and saw the same thing. I replaced it with a WRT54GS and to my surprise, the ports still scanned as open.

    I can only conclude that his ISP (satellite) was performing a proxy accept.
  3. only10

    only10 Network Guru Member

    hmmm. I can't say I'm 100% sure it is the router... Thats partly why I posted here... to see if someone could confirm or deny.

    I will check with my ISP but I dont' think its them. I have a bridged dsl connection. Its just a 'dumb' dsl modem. It is not supposed to be doing anything except bridging (modulating/demodulating). Unless it is proxy accepted higher upstream but I don't see how that would be possible... my IP would be bound to the dsl modem.

    but I could just be wrong. I am not a WAN expert.

    If i find anything out from my ISP i'll post back.

    any other info? anyone else?
  4. only10

    only10 Network Guru Member

    ok, I spoke to my ISP and they said nothing on their end should make that happen. Granted, I was talking to level1 but I said ok. Hopefully someone here can clear this up with a 'yes, thats what the router is doing' or a 'no, its not the router' and if its 'no, its not the router' then I'll call my ISP back and ask for levelII or III support.

    I know someone else has to have noticed this if it is in fact the router and it is doing what I suspect.
  5. dt9394

    dt9394 Network Guru Member

    go to http://www.ipchicken.com and find out what is the IP "outside" world see u as...

    if the IP that shown is different from the IP u get from ur ISP, its mean u are proxylized ... u cant do anything unless ur ISP have to range to subnet (1 with proxy and the other no) then u have to disconnect ur PPPoE and can the IP that is is clean from proxy...

    My ISP have to subnet and i always use the "clean" IP.. :D

    last but not least.. u can ask ur fren do port scanning to ur router IP if want to make sure the port is stealth..

    hope it help..
  6. Avenger20

    Avenger20 Network Guru Member

    Try something like grc.com
  7. Toxic

    Toxic Administrator Staff Member

    grc has some scaremongering tactics. i would use sygate perhaps.


    if ports still show open then check the firewall settings and make sure router has not DMZ enabled to your PC.

    if it still shows open ports, then try a hard reset (press reset for 30 seconds) you will loose all settings but it will default the router.

    make sure as well you have the latest firmware loaded.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice