DX3301-T0 Can't disable remote management (http ports always exposed)
So as the title says I cant get my router to not expose its port publicly. This a major security issue and needs to be addressed asap. Even when I enable Telnet or SSH the respective ports are immediately open to the public.
No one noticed that by now?
All Replies
-
Enabling a port will always make it visible, otherwise it would not be able to respond to valid requests to that port. The only way you can truly hide a port is by closing it (disable the port).
There are firewall rules you can use to make it more secure, by limiting access to specific subnets or addresses, or things like that. If you want to have invisible open ports, you need something like Port Knocking or combined proxy services using other ports and other addresses different from your real network information.
0 -
Hello @kian1991 and @smb_corp_user
I think that if the ports are not selected against WAN in the above screenshot then they are probably not open to the Internet through your device's WAN connection and your ISP.
A ShieldsUp port scan by Gibson Research Corporation, which is free, could confirm whether the device does expose those ports or not. see https://www.grc.com/shieldsup
Setting the device's firewall to at least Medium as shown in the user guide available at https://support.zyxel.eu/hc/en-us/articles/5858783065362-User-Guide-AX-DX-PX-3301-T0-Serie-V5-13-5-50 should help as well.
I hope that this is helpful.
Kind regards,
Tony
0 -
Well @smb_corp_user sorry but you're certainly wrong in this case. Sure thing i would have my ports open to my local network but sadly with this configuration they are still open to WAN. Even tho I unchecked it.
But thanks anyway. Also @tonygibbs16 thats the problem even tho I unchecked it I can access everything through my dynamic dns host address (ie. my public IP address).
My "Workaround" is now to assign a random IP port forward to a not used IP address like this:
So I think EVERY zyxel DX3301-T0 is just openly accessable which really bad….
0 -
Thanks @kian1991 for your reply.
Are you able to say what version of firmware your device is running please?
Because there might be a later firmware release with a fix in it for what you have found…
Kind regards,
Tony
0
Master Member
Guru MemberCategories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 84 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 915 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
