Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anonymous User
Not applicable

‎02-02-2019 22:00

Default Open Ports on Now Broadband Router?

Hi,

Apologies for the lengthy post, but I wanted to get as much information in as possible.

Does anyone know if any ports are defaulted to be open (even if stealthed) on the Hub Two device? (model NR801) on the WAN side?

Could someone else run a port scan and report back on what they see?  

I have not changed any software on the device and without m changing anything from how it is being set by the firmware at boot up, here’s what I have:

From the LAN side, the following ports are open:

53 for DNS (ok)

80 for the web config GUI (ok)

30005 unknown service (what is this?)

Running a port scan against the public IP of the router when not on the LAN, the following ports are open:

25 SMTP (stealth)

80 HTTP (stealth)

443 HTTPS (stealth)

30005 unknown service (Open)

Whilst ports 25, 80 and 443 are stealthed, they still respond, there is a service behind them.

Port 30005 is the biggest concern as it goes straight through from the WAN onto the LAN.

I have completed a factory reset, both from the GUI and by holding the reset button down for 45 seconds. These ports are opened immediately. I have upnp turned off and there are no ports listed in the table.

Using the built in firewall, I used the the inbound services to try to block the port, but of course they stay open on the WAN side. I set to log and see this:

Feb 2 21:00:07 syslog: [ 1919.842000] always->SMTPIN=ptm0.1 OUT= MAC=[MAC ADDRESS OF WLAN] a0:f3:e4:47:ee:30:08:00:45:00:00:3c:6d:26:40:00:38:06:89:73:b9:45:91:fd src=185.69.145.253 DST=[PUBLIC IP OF ROUTER] LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID

Heres what I have on the Maintenance > Router Status page:

Manufacturer Sky
Model NR801
Firmware Version 1.00.2182.R
DSL Firmware VersionA2pv6F039m1.d24m
 
I called support, they will send me a new router, but I’m interested to find out if this is the norm?
 
Thanks!
0
2 REPLIES 2
Anonymous User
Not applicable

‎26-02-2019 1:45 - edited ‎26-02-2019 1:46

I use Gibson Research Shields-Up website to analyse my network. Previously, with an EE router, it reported that all ports were stealthed, and that my network was invisible to hackers.

 

Using my NowTv Hub2, according to shields-up, ports 21(FTP) 22 (SSH), 80(HTTP), 443 (HTTPS) , 30005 are all open, unstealthed. Also, by default, the router responded to pings. That can be turned off readily enough in the "Advanced Settings". 

 

When I go into the settings under Security -> firewall rules, Inbound Services, HTTP, FTP, SSH are blocked, always, so I don't understand why the ports are open, and I can't find a way of closing or stealthing them. 

0
Anonymous User
Not applicable

‎01-06-2020 20:50

Did you ever get any answer to this problem?
I found that my NowTV Hub has a security problem.   Port 30005 is open and is a potential security vulnerability.  I have read that this port can be used by NowTV to update the router and so I am wary of closing the port. Does anyone know if it is safe for me to close this port in some way while still allowing for firmware updates?  Is this a problem with all NowTV routers as I have read that both NowTV and sky routers can have this problem. 

0