Why does Peplink SOHO expose port 8089?

When using Shodan to identify open ports, it detects port 8089 e…g https://www.shodan.io/host/{IP address}. According to SpeedGuide, it suggests it may be a management port.

If yes, what is the port used for?

It is advised to scan the device by directly connecting to the WAN to avoid unpredictable behavior. There might be a port open on a router in front of the Peplink SOHO or some ISP may intercept the traffics at different times and you may see the port is opened.

Or you can open a ticket for support team to check if you still see the port on on a direct scan on the WAN port.

https://ticket.peplink.com/ticket/new/public

1 Like

The SOHO router is connected directly to the WAN. I scanned it again with Shodan and the same port is presented as being open. Interestingly when I test it using services such as Shields UP!, no such port is discovered.

Shodan is from the Internet. Directly on the WAN port means taking a laptop or pc, and connect a cable between both, and do a port scan from your system LAN port to the router’s WAN port.

1 Like

Why is SOHO exposing the port to the internet though?

The Soho does not just expose ports to the Internet. It is not sure if the Soho is exposing the port. First need to do a port-scan directly from a local pc connected to the WAN port and see if that gives the same result. Scanning from a website on the Internet can give distorted results. If you still find the port open with a direct scan, then you need to check all your settings or let a Peplink Engineer check your device by opening a ticket on https://ticket.peplink.com/ticket/new/public .

1 Like

Hello @motivated,
To add to what @aldwinaldwin has mentioned, you may find the thread " Port 53 open on WAN side " interesting where @Michael234 has written up the experiences and discoveries in working with @sitloongs from Peplink in verifying the exposure of WAN Ports on Peplink & Pepwave equipment.
Happy to Help,
Marcus :slight_smile:

2 Likes

The Internet can not be trusted. Although Shodan sees the port as open, it may well be closed. Probably is closed. A device between the Peplink router and Shodan may have intercepted the port query and answered it.

Shields Up has multiple options and you did not say how you used it. Do this
https://www.grc.com/x/portprobe=8089
to test the one port in question.

And, do that from more than one physical location. A vpn can do this for you easily, just connect to different servers.

The only trusted way to do this, is to connect the suspect router’s WAN port to the LAN port of another router. Then from a computer ethernet connected to another LAN port in the same router, run nmap or another scanning program. No internet this way. more here
https://www.routersecurity.org/newrouter.php

3 Likes