biob Posted November 23, 2017 Share Posted November 23, 2017 So recently my home router keeps being port scanned from IP’s in China. Today I shields up to check my router and found ports 135,139 and 445 were responding that the ports exist. Can someone more than myself please advise? Quote Link to comment Share on other sites More sharing options...
biob Posted November 23, 2017 Author Share Posted November 23, 2017 Any suggestions for a hardware firewall? Quote Link to comment Share on other sites More sharing options...
Just_a_User Posted November 23, 2017 Share Posted November 23, 2017 if you have ports open, especially ports 1-1000 then it will attract a lot of attention from bots and other port scans. Close them. Port info 138 https://www.speedguide.net/port.php?port=138 139 https://www.speedguide.net/port.php?port=139 445 https://www.speedguide.net/port.php?port=445 Quote Link to comment Share on other sites More sharing options...
Just_a_User Posted November 23, 2017 Share Posted November 23, 2017 1 minute ago, biob said: Any suggestions for a hardware firewall? https://www.pfsense.org/products/ Quote Link to comment Share on other sites More sharing options...
biob Posted November 23, 2017 Author Share Posted November 23, 2017 Hi Just_a_user, I have upnp turned off on my router, so I’m unsure how they got opened. I knew anything to do with SMB is bad on my WAN side :-) I have a Netgear router and have very little control over open ports:-( have been playing with the idea of installing ddwrt. What are your thoughts on this? Quote Link to comment Share on other sites More sharing options...
Just_a_User Posted November 23, 2017 Share Posted November 23, 2017 (edited) 2 hours ago, biob said: I have a Netgear router and have very little control over open ports:-( have been playing with the idea of installing ddwrt. What are your thoughts on this? dd-wrt version 3.0 is currently in beta but maybe your router isn't available https://www.dd-wrt.com/site/support/other-downloads?path=betas%2F2017%2F11-16-2017-r33772%2F Its also worth checking Tomato and gargoyle to see if they have firmware's for your device http://www.polarcloud.com/tomato & https://www.gargoyle-router.com/ or even https://wiki.openwrt.org/toh/start?dataflt[Brand*~]=netgear or https://lede-project.org/ Edited November 23, 2017 by Just_a_User Quote Link to comment Share on other sites More sharing options...
Forkish Posted November 23, 2017 Share Posted November 23, 2017 Port knocking? Similar to nat pinning by Mr. Samy K. https://samy.pl/natpin/ Quote Link to comment Share on other sites More sharing options...
biob Posted November 24, 2017 Author Share Posted November 24, 2017 Thank you for advice. Issue has now been resolved. Turns out my ISP is actively blocking these ports, hence open|filtered result. It totally threw me out when I changed my router and I was getting the same results. Spent all day on it before I found the answer. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.