MI424WR Rev D ports 23, 80, and 53 open

Post new topic   Reply to topic    DD-WRT Forum Index -> ARM or PPC based Hardware
View previous topic :: View next topic  
Author Message
Eotnak
DD-WRT Novice


Joined: 24 Oct 2011
Posts: 4
PostPosted: Sun Feb 05, 2012 20:40    Post subject: MI424WR Rev D ports 23, 80, and 53 open Reply with quote
Hi, I have a bit of experience working with DD-WRT, I have flashed at least 60 Broadcom devices, I have searched for my problem and have come up empty.

I'm running DD-WRT v24-sp2 (08/07/10) std
(SVN revision 14896) the latest from the router database (which the wiki points to)

as the title says these 3 ports are open, I can telnet in with username root (even though I changed it to something else in configuration) and my password, and also use web gui remotely even though both are specifically disabled. I don't know what vulnerabilites port 53 (DNS) is exposing me to...

Is there an updated build that I can use that I can flash? With a Broadcom device I know that there is a bunch of versions to choose from. I'm not sure if the same applies here.

thanks for any help
Back to top View user's profile Send private message
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17619
Location: Hesse/Germany
PostPosted: Sun Feb 05, 2012 21:40    Post subject: Reply with quote
upgrade 1st
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
Back to top View user's profile Send private message
Eotnak
DD-WRT Novice


Joined: 24 Oct 2011
Posts: 4
PostPosted: Tue Feb 07, 2012 16:24    Post subject: Reply with quote
False alarm, I confused myself and didn't realize I was performing a port scan from within the same subnet. All ports seem OK from outside.

I did upgrade to build 18024 thanks to the links in your sig, Sash.

thanks
Back to top View user's profile Send private message
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7492
Location: Dresden, Germany
PostPosted: Thu Feb 09, 2012 21:56    Post subject: Reply with quote
if you want to close these ports from inside too, simply disable telnet, httpd and dnsmasq
_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
Back to top View user's profile Send private message Send e-mail Visit poster's website
kbarb
DD-WRT Novice


Joined: 03 Mar 2010
Posts: 6
PostPosted: Thu Feb 16, 2012 0:57    Post subject: Reply with quote
I made the same mistake. I port scanned my WAN IP with NMap and saw those same ports open, but apparently it wasn't really scanning the WAN IP from the outside. I promptly closed http access to close port 80 and locked myself out of the GUI Wink (fixed it by Telneting in).

If you use one of the web based port scanners they will show those ports closed.

I don't quite get why NMap didn't do the scan I thought it was doing - must be something to do with routing tables I suppose.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> ARM or PPC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum