Home/Support/Support Forum/I'm not using the ports
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

I'm not using the ports

0 votes
Hi,
Of course i'm not using the ports. What's why it is my concern. WR11 set connect (by using the ports) to same IP addresses and ports (Chech, Russia, Ukraine and Romania) - at the first days; so i don't think it is "bot" like scan.
One of IP even has private www blog :).
related to an answer for: Could somebody explain WR11 log record
asked Dec 16, 2016 in Digi Connect Cellular by YuriyKl New to the Community (1 point)

Please log in or register to answer this question.

2 Answers

0 votes
What you are seeing is a bot network. Even if one of the IP addresses has a WWW blog all that means is that the underlying server has been hacked and is being used as a bot.

Use networking best practices and turn the firewall on blocking everything except the services you need from the IP addresses you need.

You should never deploy any networked equipment without some form of network security. The WR11 has a full stateful firewall built in. It costs you nothing to activate it.
answered Dec 19, 2016 by NicholasWilson Veteran of the Digi Community (969 points)
Underlying server(device) is under own firewall. Problem is the connections are established by WR11 :).
I don't think it is a bot like - IMHO, it looks like developer back door/ or hidden things. Will  re-read anual and re-configure WR11, will see. PS: Today, i had to reboot WR11 to bring back underlying server back (port 80)
How do you know the connection is established by the WR11?  The -> in the eventlog means nothing just that a connection happened.  Confusing I know, you would expect it to point in traffic direction but it does not.

If the initial sou source was 0.0.0.0 then it may have come from the WR11.
Your example in your other post is
"19:22:44, 30 Oct 2016,GP socket connected: x.x.x.x:4000 -> 46.161.40.180:62829"

This clearly shows that you have no firewall enabled because you are having these ports interrogated.  There are many ports open on a default WR router.  The 400x ports in particular are the default ports aligned to the WR serial mappings which have been in the device since before these devices were Digi.  If you don't need these services then you either turn them off or firewall them.

Also, a developer back door I would highly doubt.  A bug sure, but if you really want to trace this and understand what is happening then use the analyser trace to see where the TCP syn is coming from.  The IP level tracing will show you exactly the interface and the source of this traffic.

If you think there is an issue after you have disabled the ports and turned the firewall on then contact the support team who would be happy to help.
The connections was set by WR11 - it is to verify: i asked detached all things (wired) - picture is still same.

Could please you or somebody else explain to me with more details, What it is ASY 0...9 ports, why they are open and why WR11 listen on them by default? Can it be off?  I'm not WR11 guru, and don't have WR11 nearby to play a lot. Just scared to change settings remotely :). Thanks
0 votes
I am getting hundreds of GP socket connections in my Log. So many it is crashing the WR41 requireing a Hard Repowering so someone has to drive to the site and climb the roof to repoer the damn router! Then a few days later it happends again!
answered 6 days ago by Desmogger New to the Community (2 points)
...