I have tested the WAN port of 4 Peplink routers using nmap.
Three routers are running firmware 6.3.4 and each of them has TCP port 53 and UDP port 53 open. One is a Balance 20, the other two are Surf SOHOs.
One router, a Surf SOHO is running firmware 7.1.2 and it has both of these ports closed on the WAN side. I do not have access to a router running firmware 8.
Is port 53 open on purpose or a bug? Each router is similarly configured.
I am not the first customer to notice TCP port 53 open on WAN side.
Would you able to provide RA access for the devices that running 6.3.4 ? Possible please PM me the info, I would like to confirm this.
For the old forum post 6.2.2 and 6.1.2, we did not get the reply from the forum users after that and support team tested we don’t see the ports is opened.
Glad to give you the public IP addresses of any of the routers so you can confirm nmap results. Just not here in a public forum. Yes, should be able to get remote access for you. Or, I could dump the config files and send them to you. Whatever you prefer.
I checked the same 3 routers running firmware v6 today and NONE of them shows port 53 open for either TCP or UDP. I have no explanation. Maybe losing my mind. Maybe they were being scanned or DoS’d and shut down the port in self-defense? Will continue to check and if the port opens up again will take screen shots of the nmap report this time. Sorry for what appears to have been a false alarm.
You not losing your mind This is common when the traffics travelling to multiple service provider end (Route Path). Some ISP may intercept the traffics at different times and you may see the ports is opened.
I just sent you a reply via private message, i’m scanning the device direct connect to the WAN to avoid those unpredictable behavior. Confirmed the TCP53/UDP53 ports is not listening for firmware 6.3.4/6.3.5.
And today, one of the routers again shows as having port 53 UDP and TCP open (only tested one). This is all new to me. Will send you screen shots privately, just to prove my sanity.
Your point makes sense when you consider that sometimes I use a VPN and sometimes I do not. And, when I do use one, I often pick a different VPN server. So, my network path to the tested routers is likely to be very different from day to day.
It turns out that port 53 is special. At times, something between the nmap requestor and the target router is intercepting the nmap port probe on port 53 and answering in the affirmative. The Peplink router never sees the port 53 probe. This was confirmed by running a full packet trace on a target Peplink router and making an nmap port test of ports 52, 53 and 54. Wireshark showed the incoming requests for port 52 and 54 but not for 53.
Live and learn. Many thanks for the assistance from Peplink.
