Balance 305 has ports open on the outside that are not defined in the GUI


#1

I got a notice from my ISP that port 53 (DNS) was open on my router and could potentially be used in a DNS reflection attack. I checked the port forwarding (Inbound) rules and 53 is not open to any where. I did and external scan and found that there are 7 ports open to the outside world that are not defined in the inbound rules. The open undefined ports are 53, 135, 139, 389, 445, 1025, and 6001. Any Ideas why these are open, where they point to and what to do to close them?

Router Name Balance_5151
Model Peplink Balance 305
Hardware Revision 1
Firmware 6.1.2 build 3071


#2

Hi,

  1. Your scanned result is TCP or UDP 53? If TCP 53, please disable Zone Transfer (Network > DNS Settings > Zone Transfer) if this is not needed.

  2. Temporarily disable all Inbound Firewall Rules. Changed Default Inbound Firewall Rule to Deny Any Any.

Do let me know the result after performed 2 steps above.


#3
  1. Zone transfer is already disabled, not sure if TCP or UDP as my port scanning utilities don’t work from behind other firewalls. I used the online port scanner from MXToolbox which just lets you know if it is open or closed (as all other online scanners I’ve found do). I can telnet into the port from outside which would suggest TCP but it could imply UDP as well.

  2. Not possible on a production network where three branch offices RDP into the head office and mail is delivered to the in house exchange server. May be able to arrange a test after hours in the evening on a weekend. Not practical for the purposes of troubleshooting.


#4

Hi,

To faster the troubleshooting, do you might to open support ticket here for the team to check further ?

Do share us the support ticket number after you have do so.

Thank You


#5

I have an open ticket ([Ticket #759526]), but it seems I do not get any response unless I also post it the forum. On that note;

I updated to the latest firmware, and the issue is not resolved.

I also removed all port forwards and the issue was not resolved, With no ports forwarded there were sill 7 ports open from the outside
I set the firewall rules to deny any/any and the ports were no longer open. I then added the port forwarding rules back and the ports defined in the forwarding rules were not opened. I added those ports to in inbound rules and they were still not open. I had to set the incoming firewall rules to allow any any to get any ports to open, which then opened all the undesired ports as well.

Any other ideas?


#6

Please check your spam filter and allow emails from support@peplink.com

Do note that the firewall rules are executed from the top going down. If you created rules to allow the port forwards then these would need to be placed above the deny any/any rule.