Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.




809 posts

Ultimate Geek
+1 received by user: 44

Subscriber

Topic # 79010 11-Mar-2011 20:02 Send private message

Hi all,

Just did a port scan of my computer (via my wag310g router) and was surprised to see port 21 as open. I double checked all of my settings and couldn't see any reason for it to be open.

Looking through the router settings for  Single Port Forwarding, Port Range Forwarding, DMZ and Port Range Triggering I could not see any reason for it to be shown as open. I did another scan and checked the logs and couldn't see any dropped entries as I would have expected.

I then decided to forward port 21 to a non existent computer and do another scan, nope still getting an answer to the scan (which means it wouldn't work if I did actually want to run a ftp server as it is going to this "ghost server").

I decided to telnet to my router on port 21 and discovered that it has it's own ftp server that appears to be accessible to the internet.

Here's part of the connect string returned from the router.
"220 WAG310G CPE Batch Provision Tool v1.0 SN(SQL00JA00032), MAC(00:nn:nn:nn:nn:nn)"

So, does anyone know how to stop this server from being globally accessible?


Current Firmware  is Version:1.00.03(100701-1727)-AU

Device is provisioned with a xnet vfx line



View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2


809 posts

Ultimate Geek
+1 received by user: 44

Subscriber

  Reply # 449277 17-Mar-2011 15:55 Send private message

No one knows? from the connect string

"220 WAG310G CPE Batch Provision Tool v1.0 SN(SQL00JA00032), MAC(00:nn:nn:nn:nn:nn)"

It seems likely it has something to with the provisioning of the device that would be done by xnet I presume (big stretch there), as opposed to something I have control over.


172 posts

Master Geek


  Reply # 450235 21-Mar-2011 02:03 Send private message

What IP did you use to telnet into the router?

If it was a 192.168.x.x number, that is an internal IP, so not directly accessible from the internet.



809 posts

Ultimate Geek
+1 received by user: 44

Subscriber

  Reply # 450275 21-Mar-2011 09:28 Send private message

Oldhat: What IP did you use to telnet into the router?

If it was a 192.168.x.x number, that is an internal IP, so not directly accessible from the internet.


From my work machine (that is connected to the internet via testraclear), I have used ftp to connect to my router that is at home, connected via xnet. The router is accepting connections from both the internet and the local lan and giving a login prompt to its ftp server.

Here's a copy of the session from last Friday

C:\Documents and Settings\olsend>ftp 118.90.141.nnn
Connected to 118.90.141.nnn.
220 WAG310G CPE Batch Provision Tool v1.0 SN(SQL00JA00032), MAC(00:nn:nn:nn:nn:n
n)
User (118.90.141.nnn:(none)): none
331 not login in.
Password:
503 USER expected.
Login failed.

Having said that, I just tried it today and I am unable to connect. This could be because of changes locally at my work machine though.

I tried ringing xnet about this (as I thought they look after provisioning of the router and they may have seen this) and they advised to contact cisco / linksys.

I've had a couple of chat sessions with cisco / linksys but, they have not been able to understand what the problem is. They keep thinking that it is a ftp service behind the router but it is definitely, absolutely, the router.




809 posts

Ultimate Geek
+1 received by user: 44

Subscriber

  Reply # 450325 21-Mar-2011 11:51 Send private message

dolsen:
Having said that, I just tried it today and I am unable to connect. This could be because of changes locally at my work machine though.




Just found my updated ip address, and, can still ftp in to my router. not being able to connect before was due to the somewhat broken dyndns support in the router (it updates when it shouldn't resulting in the account being blocked for abuse).


172 posts

Master Geek


  Reply # 450970 23-Mar-2011 02:39 Send private message

It would seem to be a none standard setting.

Perhaps to confirm if that is the case you should save your current router configuration and then do a factory reset. After the reset just do a basic configuration and then check to see if the port is open.



809 posts

Ultimate Geek
+1 received by user: 44

Subscriber

  Reply # 470953 19-May-2011 09:38 Send private message

OK, time for an update.

After a couple of not so sucessfull chat sessions with linksys support (they didn't really understand what I was talkinig about), I raised a security bug fix to cisco who were really responsive. Here's their response below.

***
Hello Daniel,



I confirmed with my product engineer that that your ISP can do remote management to your device to do a change configuration to close this port. It is also interesting that you received this router via a retail outlet because this model was sold direct to ISPs. Our product engineers left this port intentionally open for the ISP to allow them to use CBPT (CPE Batch Provision Tool) to configure their own factory default settings (such that pressing factory reset button would default to their settings and not to our default config). They supposed to close this port once they?re done with the provisioning but look like they didn?t. Since it also appears you got this through another channel other than the ISP. That is probably why the port is still open. You want to check back with your ISP to get this resolved. You may want to speak to a higher level dept within your ISP as well.
***

So, based on that, it appears that Xnet will be the only people who can close this port for me.

It's interesting as this firmware is the same version as Xnet was pushing out to devices on their network. I wonder if all of the devices have port 21 open, or, if there is something special about the way it was loaded (I manually loaded the firmware onto the device before connecting it to the internet).





181 posts

Master Geek


  Reply # 471597 20-May-2011 14:30 Send private message

It is interesting that you had this issue...

When I had my WAG310 a while back, I did notice too that port 21 was open. I originally bought the WAG310G to replace my router, which went dud, and was hoping to use it as a all-in-one device of modem/router and ATA, so that I can remove my trusty old SPA2102 from the picture. I bought the WAG310G off PB Tech here in Welly, but then decided to use it only a a router, and kept my SPA2102 (plugged into the WAG310G) as my ATA with one VFX line configured on it. So, effectively the VoIP lines on the WAG310G was unused and not provisioned. This could have explained why my WAG310G had the port 21 issue open, since there as no "provisioning" to be done on my device and as such the port could not have been closed by the provisioning tool.

Anyway, when the cabinet to which I am connected to was upgraded to ADS2+ a couple of months back, I switched from the WAG310G to a TP-Link as I found the WAG310G just cannot sustain ADSL2+ speeds, altho I was synching at between 16-18 Megs (I am only about 50 meters from the cabinet) - speedtest continually gives me readings of 7-6 Megs download throughout. And since I was only really using it as a mode/router, I went for the TP-Link.

But reading your post and the explanation from Cisco above, it does explain why I am seeing this behaviour of port 21 being open.



809 posts

Ultimate Geek
+1 received by user: 44

Subscriber

  Reply # 471613 20-May-2011 15:20 Send private message

wlgspotter: It is interesting that you had this issue...

When I had my WAG310 a while back, I did notice too that port 21 was open.

So, effectively the VoIP lines on the WAG310G was unused and not provisioned. This could have explained why my WAG310G had the port 21 issue open, since there as no "provisioning" to be done on my device and as such the port could not have been closed by the provisioning tool.


But reading your post and the explanation from Cisco above, it does explain why I am seeing this behaviour of port 21 being open.




Thanks, I'm glad I'm not the only one who is experiencing this issue.
My device is provisioned by xnet (I'm on the Fusion plan) but the port is still open. I think the cpe provisioning tool is different to the voice provisioning in the router.
 
It's interesting that your router was not able sustain the ADSL2 speeds, I have not experienced this issue and am able to download at the sync speed (I'm using a dynalink router that syncs at ~16.5Mb/s instead of the internal modem that synced at 14.5-15Mb/s), but, I had no slow down with either. I'm not using any QoS settings though.


181 posts

Master Geek


  Reply # 471624 20-May-2011 15:31 Send private message

dolsen:

It's interesting that your router was not able sustain the ADSL2 speeds, I have not experienced this issue and am able to download at the sync speed (I'm using a dynalink router that syncs at ~16.5Mb/s instead of the internal modem that synced at 14.5-15Mb/s), but, I had no slow down with either. I'm not using any QoS settings though.



Well, yeah it was strange for my case.  I had the latest firmware at that time (I think it was the same one as yours, dated/released Oct 2010), and I have tried it both with and without QOS, but still achieved the same results.  I maxes out the ADSL1 connection, but just never got above that although I can sync up to 15-17 megs.  I tried all different variants of ADSL Modulation settings - from Multimode to forcing it to ADSL2Plus only.  I have even tried doing a factory reset and just configure the basics to get my internet connection going, but it worked for a while before slowing to 6 megs again.  By a "while", I really mean a "while" - i.e. 5 mins!

Anyway, it is history now for me, I am now very happy with my TP-Link.  Kind of a shame really as I thought the WAG310G was (supposed) to be good...



809 posts

Ultimate Geek
+1 received by user: 44

Subscriber

  Reply # 471645 20-May-2011 16:15 Send private message

Ok, have made a help desk call to xnet and they will look into it (they were dubious about it being something for them). Will see what they come back with. I was hoping that Maverick or someone else would read this and have a look, but, I guess, the title of the thread implies a local issue.

3569 posts

Uber Geek
+1 received by user: 62

Trusted
WorldxChange

  Reply # 474349 26-May-2011 12:25 Send private message

hmm, just picked this up thru a PM... interesting the config files that we provision for this device have no reference to this at all, we don't open that or touch it with anything we do, I am guessing that the wag310 sku that was shipped had this on by default.

I understand what they are saying , this sku had left this port open to allow a SP to set the factory defaults for their service before shipping, we did not sell these directly so had no control over this, we did have some locally which we had for swap outs but did not sell them directly, was actually not aware of this setup or even what the options for this were.

Not 100% sure what we can do around this as of yet





Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



809 posts

Ultimate Geek
+1 received by user: 44

Subscriber

  Reply # 474372 26-May-2011 12:56 Send private message

maverick:

I understand what they are saying , this sku had left this port open to allow a SP to set the factory defaults for their service before shipping, we did not sell these directly so had no control over this, we did have some locally which we had for swap outs but did not sell them directly, was actually not aware of this setup or even what the options for this were.

Not 100% sure what we can do around this as of yet




Thanks for looking.

Yeah, The Cisco CSR would probably be more familiar with the situation in the US where the device would have been sold locked down through the provider, as opposed to NZ where it was sold as an unlocked retail device.

From memory, these devices were sold "pre configured" for XNET. Presumably, this would have been done at the point of manufacture for devices bound for Nz, as opposed to someone from XNET opening every single device and loading the configuration onto it (I could be wrong, if so, poor guy at xnet with this job). Perhaps the image they used had this open? If this is the case though, I would expect every device with that load to have this issue and I haven't seen widespread reports of this issue.

Having said all of this, I am not 100% sure of the history of this particular router.









809 posts

Ultimate Geek
+1 received by user: 44

Subscriber

  Reply # 477020 2-Jun-2011 12:12 Send private message

Hi All,

Any update on this?


3569 posts

Uber Geek
+1 received by user: 62

Trusted
WorldxChange

  Reply # 477022 2-Jun-2011 12:13 Send private message

No sorry , not at this stage




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



809 posts

Ultimate Geek
+1 received by user: 44

Subscriber

  Reply # 481931 16-Jun-2011 16:18 Send private message

Hi,

Any update on this?

Cheers,
Daniel.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Slaughter of Innocents
Created by networkn, last reply by networkn on 19-Dec-2014 17:46 (64 replies)
Pages... 3 4 5


youtube downloader
Created by Ford, last reply by jarledb on 22-Dec-2014 16:57 (18 replies)
Pages... 2


Spray Foam Insulation
Created by AACTech, last reply by timbosan on 19-Dec-2014 16:58 (36 replies)
Pages... 2 3


Crew Drinking on Flights - Why!?
Created by networkn, last reply by Geektastic on 22-Dec-2014 09:35 (34 replies)
Pages... 2 3


Police Camera Van Disguise
Created by Reanalyse, last reply by joker97 on 23-Dec-2014 10:56 (79 replies)
Pages... 4 5 6


Spark, the least secure part of your home network?
Created by NZtechfreak, last reply by NonprayingMantis on 23-Dec-2014 02:02 (31 replies)
Pages... 2 3


Some lowlife is using my easy to remember number to commit idiocy
Created by joker97, last reply by joker97 on 22-Dec-2014 15:48 (15 replies)

What has Geekzone led you to buy?
Created by russelo, last reply by alasta on 23-Dec-2014 11:45 (29 replies)
Pages... 2



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.