Hi Guys :)
I've done a portscan and discovered that there are at least three ports open, where i don't think that they shouldn't.
- 8118 -> Privoxy, but delivers the WRVS admin page. So the web-content filtering on the WRVS is done by privoxy, but someone forgot to close this port?
- 30443 -> Delivers a secure WRVS admin page, but there is a different certificate (the initial one?) used than for the 443 and 60443 (IPsec config pages) ports.
- 32764 -> This one annoys me most. It returns just a string, ScMM, and closes the connection afterwards.
This ports are just on the LAN side open, so this shouldn't be a security issue.
UPNP, Remote administration, SNMP, SIP Application Gateway Layer, ... are disabled
Angryziber IP Scanner reaches also port 21, on LAN and WAN page, but its not serving FTP request.
Further i discovered a VPN problem when you set the WAN MTU to manual (for example 1472), vpn connections work as expected.
i weren't able to access web pages (via ipsec - qvpn) which were too large and found logs like
klips_error:ipsec_xmit_send: ip_send() failed, err=
klips_error:ipsec_xmit_send: ip_send() failed, err=1sending pkt_too_big (len pmtu) to self
Since i've changed mtu back to auto it works like a charm.
So, for what purpose are this three ports?
i also get occassionaly logs where the router tells me that he "
eth0: received packet with own address as source address".
interface is up to now eth0 and eth2, but that doesn't help much ;), so is there a chance, that in a upcoming
firmware this log message is extended and includes also the mac addresses of the involved devices, so i woudn't have to
guess which device on which port of the router is misbehaving?
the router is also complaining about old IPS signatures, is there already a date when we can expect updated ones?