DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Ports 8003 & 8444 exposed to the internet

More
30 Apr 2021 17:55 #99202 by pharcyder
Hi all,

Been using Draytek routers for about 10 years now and I've never seen this before. Just picked up a new 2650ac to power my symmetrical gigabit FTTP connection.

I've noticed that TCP ports 8003 & 8444 are exposed to the internet and are actively listening for a connection and I can't figure out what this is or why. With all Open Ports closed, all VPN protocols disabled and all Management features disabled with the exception of the Web GUI which listens on 8080 with WAN Management disabled, I can't close these ports.

I noticed that OpenVPN listens on 8444 but that is disabled in PPP Setup. I can't see anything using 8003.

Any ideas what this could be?

Edit: running 4.2.3 if that matters

Please Log in or Create an account to join the conversation.

More
30 Apr 2021 20:01 #99203 by lorian
look on system maintenance -> management
anything there?
nat-> open ports?
switch off applications->upnp

Please Log in or Create an account to join the conversation.

More
30 Apr 2021 20:06 #99204 by colinjmair
Replied by colinjmair on topic Re: Ports 8003 & 8444 exposed to the internet
Have you checked that Central Management is not turned on ?

Please Log in or Create an account to join the conversation.

More
04 May 2021 13:59 #99212 by pharcyder
Replied by pharcyder on topic Re: Ports 8003 & 8444 exposed to the internet
All Open Ports disabled, UPnP disabled and WAN Management Ports all disabled.

I think I have found what services ports are alligned to....but they are disabled

  • Port 8444 is SSL VPN but it is disabled

  • Central Management >> Switch >> Status - TR069 Setting is set to use Port 8003....but that too is disabled.


....yes these ports are open on my WAN port. Any suggestions?






Edit: These are definitely the offending services as if I change the port numbers on these 2 settings, the same internet facing ports change too. These services appear to be enabled despite having them disabled in the WebGUI.

Please Log in or Create an account to join the conversation.

More
05 May 2021 11:13 #99219 by admin3
You can resolve the SSL VPN one by going to [VPN and Remote Access] > [Remote Access Control] and untick SSL VPN server.

The TCP 8003 issue is something I think the firmware team are aware of with the 4.2.3 / 4.2.4 firmware. Could you tell me how you're scanning the WAN side and what TCP 8003 is detected as? Does it respond if you open something like a Telnet session to it?

I don't see it respond from the WAN side with the latest beta of the 2865 firmware.



Forum Administrator

Please Log in or Create an account to join the conversation.

More
07 May 2021 11:08 #99231 by pharcyder
Replied by pharcyder on topic Re: Ports 8003 & 8444 exposed to the internet
I did have SSL VPN service disabled but the port was still open. Changing the port in SSL General Setup also changed the port that was exposed on the WAN port. I upgraded to 4.2.4 and I'm pleased to say this port is now no longer open on WAN when the SSL Service VPN is disabled. That problem is now resolved.

....however the TR069 port is still open with 4.2.4.

I was scanning in 3 ways. Using ShieldsUP at grc.com probing just 8003 and nmap from a linux box. A port scanner on my Phone over cellular reveals the same too.

If I telnet to the port, it connects but no repsonse or feedback to any commands.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami