WRVS4400N V2 - Questions / Issues

Unanswered Question
Mar 28th, 2010

Hi Guys :)

I've done a portscan and discovered that there are at least three ports open, where i don't think that they shouldn't.

  • 8118 -> Privoxy, but delivers the WRVS admin page. So the web-content filtering on the WRVS is done by privoxy, but someone forgot to close this port?
  • 30443 -> Delivers a secure WRVS admin page, but there is a different certificate (the initial one?) used than for the 443 and 60443 (IPsec config pages) ports.
  • 32764 -> This one annoys me most. It returns just a string, ScMM, and closes the connection afterwards.

This ports are just on the LAN side open, so this shouldn't be a security issue.

UPNP, Remote administration, SNMP, SIP Application Gateway Layer, ... are disabled

Angryziber IP Scanner reaches also port 21, on LAN and WAN page, but its not serving FTP request.

Further i discovered a VPN problem when you set the WAN MTU to manual (for example 1472), vpn connections work as expected.

i weren't able to access web pages (via ipsec - qvpn) which were too large and found logs like

klips_error:ipsec_xmit_send: ip_send() failed, err=
klips_error:ipsec_xmit_send: ip_send() failed, err=1

sending pkt_too_big (len[1500] pmtu[1472]) to self

Since i've changed mtu back to auto it works like a charm.

So, for what purpose are this three ports?


i also get occassionaly logs where the router tells me that he "

eth0: received packet with  own address as source address".

interface is up to now eth0 and eth2, but that doesn't help much ;), so is there a chance, that in a upcoming
firmware this log message is extended and includes also the mac addresses of the involved devices, so i woudn't have to
guess which device on which port of the router is misbehaving?


the router is also complaining about old IPS signatures, is there already a date when we can expect updated ones?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
DominikAu Wed, 04/14/2010 - 10:23

would be great if a cisco guy could give me a hint why this ports are open and when we could expect a more recent ips signature file.


Tom Watts Tue, 01/14/2014 - 08:17