Balance One admin ports 80 and 443 show open even though configured to be closed

Good morning:

I have a Balance One Core running 7.0.2 firmware. I set up Admin Security to use only https/443 and to only connect via LAN. I’m also using the default inbound firewall rule with the block ANY still in place. The device is currently configured to use InControl.

I recently performed a port scan and it’s showing both port 80 and port 443 are still open from the WAN side. Is this a bug or am I missing something?

Thanks!


[xxxxxx@xx-xxx-x ~]$ nmap -p 1-65535 -T4 -A -v -Pn xxx.xxx.xxx.xxx

Starting Nmap 6.40 ( http://nmap.org ) at 2018-01-25 09:19 CST
NSE: Loaded 110 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Parallel DNS resolution of 1 host. at 09:19
Completed Parallel DNS resolution of 1 host. at 09:19, 0.00s elapsed
Initiating Connect Scan at 09:19
Scanning mydevice.myisp.com (xxx.xxx.xxx.xxx) [65535 ports]
Discovered open port 443/tcp on xxx.xxx.xxx.xxx
Discovered open port 80/tcp on xxx.xxx.xxx.xxx

Completed Connect Scan at 09:30, 672.28s elapsed (65535 total ports)
Initiating Service scan at 09:30
Scanning 2 services on mydevice.myisp.com (xxx.xxx.xxx.xxx)
Service scan Timing: About 50.00% done; ETC: 09:33 (0:01:41 remaining)
Completed Service scan at 09:32, 141.14s elapsed (2 services on 1 host)
NSE: Script scanning xxx.xxx.xxx.xxx.
Initiating NSE at 09:32
Completed NSE at 09:34, 144.64s elapsed
Nmap scan report for mydevice.myisp.com (xxx.xxx.xxx.xxx)
Host is up (0.00089s latency).
Not shown: 65533 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http?
443/tcp open https?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at Nmap Fingerprint Submitter 2.0 :


54

This is not expected. I need to check your settings then only can conclude. Please open ticket for us to take a closer look.

Thanks.

1 Like

The thingie that is responding on port 80 may not be your Peplink router. Perhaps its the modem that connects the router to the Internet. Or, perhaps some device in your ISP network.

Try connecting on port 80 and see what happens.

Have you tried nmap with the Peplink router off-line? That is, connect suspect routers WAN port to a LAN port of another router and run nmap on the suspect WAN port from a computer on the same LAN. This will eliminate the modem and ISP as suspects.

Finally, you would be a bit safer if you did not use port 443 for HTTPS access. Peplink makes it easy to pick an alternate port. Anything between 9,000 and 65,000 should be OK.

1 Like

Thanks. I’ll give that a shot.