cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11085
Views
0
Helpful
5
Replies

WRVS4400N V2 - Questions / Issues

DominikAu
Level 1
Level 1

Hi Guys :)

I've done a portscan and discovered that there are at least three ports open, where i don't think that they shouldn't.

  • 8118 -> Privoxy, but delivers the WRVS admin page. So the web-content filtering on the WRVS is done by privoxy, but someone forgot to close this port?
  • 30443 -> Delivers a secure WRVS admin page, but there is a different certificate (the initial one?) used than for the 443 and 60443 (IPsec config pages) ports.
  • 32764 -> This one annoys me most. It returns just a string, ScMM, and closes the connection afterwards.


This ports are just on the LAN side open, so this shouldn't be a security issue.

UPNP, Remote administration, SNMP, SIP Application Gateway Layer, ... are disabled

Angryziber IP Scanner reaches also port 21, on LAN and WAN page, but its not serving FTP request.


Further i discovered a VPN problem when you set the WAN MTU to manual (for example 1472), vpn connections work as expected.

i weren't able to access web pages (via ipsec - qvpn) which were too large and found logs like

klips_error:ipsec_xmit_send: ip_send() failed, err=
klips_error:ipsec_xmit_send: ip_send() failed, err=1



sending pkt_too_big (len[1500] pmtu[1472]) to self


Since i've changed mtu back to auto it works like a charm.

So, for what purpose are this three ports?

Edit:

i also get occassionaly logs where the router tells me that he "

eth0: received packet with  own address as source address".

interface is up to now eth0 and eth2, but that doesn't help much ;), so is there a chance, that in a upcoming
firmware this log message is extended and includes also the mac addresses of the involved devices, so i woudn't have to
guess which device on which port of the router is misbehaving?

Edit2:

the router is also complaining about old IPS signatures, is there already a date when we can expect updated ones?

cheers,

Dominik

5 Replies 5

DominikAu
Level 1
Level 1

would be great if a cisco guy could give me a hint why this ports are open and when we could expect a more recent ips signature file.

cheers

no worries about that, we work on it.

Hi Ed, how is the weather with you in ....eeeeeehhhh....

Hi, this product has open security bulliten and it's being addressed.

I don't know if you can open this link..

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Undocumented%20Test%20Interface%20in%20Cisco%20Small%20Business%20Devices&vs_k...

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/