Hi Draytek,

Using firmware 3.8.1 on a 2860 and have recently swapped onto WAN1 using the inbuilt vdsl modem, to my horror tonight I have found a security issue where Port 445 is open. I found a post relating to same thing on a different model (still draytek) - https://www.baigents.net/draytek-2925-routers-leave-port-445-open-to-the-web/ I followed the instructions but 445 remains open.

Please let me know you are aware of this....

John

UPDATE:

After looking further into this, it turns out it is regarding the USB General settings, If you have SMB File sharing service disabled then port 445 (according to shields up) is stealthed however, if you have it enabled EVEN WITH ACCESS MODE SET TO LAN ONLY Port 445 is opened to the net.

BEWARE!!

Hoping Draytek will address this issue.

John

It might be a bug (?) but I'm not sure it's either a security issue or urgent for users.

Hi Admin,

Ok then. I thought port 445 was a bad one to have open from what I've seen and read. I just thought it needed pointing out especially if users think their ports are hidden (wan side) then turn on smb sharing for the USB and suddenly there not as 'hidden' as they thought they were.

Regards John.

As far as I can tell it's not open or accessible, but if file-sharing is not enabled from
the WAN you're right, it shouldn't respond at all so should be tidied up.... unless
there's some deliberate reason/explanation I don't know of.

n.b. if you think you've found a genuine security problem, IMHO you should report it privately
to the vendor firstly to give them a head start on making a fix if it is
confirmed as a real problem otherwise you just alert bad guys and
expose users without them having anything they can do about it...