Hi all,

Been using Draytek routers for about 10 years now and I've never seen this before. Just picked up a new 2650ac to power my symmetrical gigabit FTTP connection.

I've noticed that TCP ports 8003 & 8444 are exposed to the internet and are actively listening for a connection and I can't figure out what this is or why. With all Open Ports closed, all VPN protocols disabled and all Management features disabled with the exception of the Web GUI which listens on 8080 with WAN Management disabled, I can't close these ports.

I noticed that OpenVPN listens on 8444 but that is disabled in PPP Setup. I can't see anything using 8003.

Any ideas what this could be?

Edit: running 4.2.3 if that matters

look on system maintenance -> management
anything there?
nat-> open ports?
switch off applications->upnp

Have you checked that Central Management is not turned on ?

All Open Ports disabled, UPnP disabled and WAN Management Ports all disabled.

I think I have found what services ports are alligned to....but they are disabled

• Port 8444 is SSL VPN but it is disabled

• Central Management >> Switch >> Status - TR069 Setting is set to use Port 8003....but that too is disabled.

....yes these ports are open on my WAN port. Any suggestions?






Edit: These are definitely the offending services as if I change the port numbers on these 2 settings, the same internet facing ports change too. These services appear to be enabled despite having them disabled in the WebGUI.

You can resolve the SSL VPN one by going to [VPN and Remote Access] > [Remote Access Control] and untick SSL VPN server.

The TCP 8003 issue is something I think the firmware team are aware of with the 4.2.3 / 4.2.4 firmware. Could you tell me how you're scanning the WAN side and what TCP 8003 is detected as? Does it respond if you open something like a Telnet session to it?

I don't see it respond from the WAN side with the latest beta of the 2865 firmware.

I did have SSL VPN service disabled but the port was still open. Changing the port in SSL General Setup also changed the port that was exposed on the WAN port. I upgraded to 4.2.4 and I'm pleased to say this port is now no longer open on WAN when the SSL Service VPN is disabled. That problem is now resolved.

....however the TR069 port is still open with 4.2.4.

I was scanning in 3 ways. Using ShieldsUP at grc.com probing just 8003 and nmap from a linux box. A port scanner on my Phone over cellular reveals the same too.

If I telnet to the port, it connects but no repsonse or feedback to any commands.