Open wan ports TL-ER7206

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Open wan ports TL-ER7206

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Open wan ports TL-ER7206
Open wan ports TL-ER7206
2024-01-22 12:46:39 - last edited 2024-01-26 00:54:38
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: latest (22/01/2024)

Hi,

 

I just setup my ER7206 and im managing it from a omada oc200. I did a off site port scan and have this ports open (wan):

 

53/udp    open|filtered domain
111/udp   open|filtered rpcbind
192/udp   open|filtered osu-nms
502/udp   open|filtered mbap
539/udp   open|filtered apertus-ldp
989/udp   open|filtered ftps-data

 

im new in the omada ecosystem and wonder whats the best approach to stop this ports being accesible from the internet (wan). I dont really mind if the ports are seen from the lan side.

 

Any extra sugested actions to "secure" my ER7206?

 

Thanks :-)

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Open wan ports TL-ER7206-Solution
2024-01-25 12:49:05 - last edited 2024-01-26 00:53:50

Hi,

 

Scans from the same ISP return the expected results. NO weird open ports.

 

Thanks for all the help.

Recommended Solution
  0  
  0  
#7
Options
6 Reply
Re:Open wan ports TL-ER7206
2024-01-23 03:00:15

Hi @azarug 

Thanks for posting in our business forum.

I find something not true in your statement.

First, ER7206 V2 has the latest firmware release in Jan 2024. Is your model ER7206 V1 or V2?

Second, I did a test on ER7206 V1's latest firmware in Dec 2023, this does not reveal any ports open.

You may share your nmap result here and mosaic partially if your IP is a public one.

 

 

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:Open wan ports TL-ER7206
2024-01-23 07:11:59

  @Clive_A 

 

It looks like a scan has been made against the WAN ip from the LAN on the router,
then there will be a similar result.
I have seen several others do this and they complain about the router security.

 

@azarug try a scan from WAN and look at the result.

 

 

  0  
  0  
#3
Options
Re:Open wan ports TL-ER7206
2024-01-23 09:00:49

  @azarug 

 

Hi, thanks for the quick reply and all the efford used in helping.

 

About model and firmware version ive misled using a specific date, i just met "latest" at a specific day to avoid misleading in future dates.

 

About the port scan its a WAN to WAN scan. But i just noticed that the Linux scan returns different results from the Windows scan. Im not sure its due to using 2 different ISP in the scan or not. Its a simple nmap using the same parameters "nmap -sS -sU -T4 -A -v {router_public_wan_ip}".

 

At this moment im not sure if its a nmap windows/linux thing or a isp thing.

 

Anyways, is there a way to fine tune the firewall im a omada setup?

 

Thanks

 

 

 

 

 

 

 

  0  
  0  
#4
Options
Re:Open wan ports TL-ER7206
2024-01-24 02:43:52

Hi @azarug 

Thanks for posting in our business forum.

azarug wrote

  @azarug 

 

Hi, thanks for the quick reply and all the efford used in helping.

 

About model and firmware version ive misled using a specific date, i just met "latest" at a specific day to avoid misleading in future dates.

 

About the port scan its a WAN to WAN scan. But i just noticed that the Linux scan returns different results from the Windows scan. Im not sure its due to using 2 different ISP in the scan or not. Its a simple nmap using the same parameters "nmap -sS -sU -T4 -A -v {router_public_wan_ip}".

 

At this moment im not sure if its a nmap windows/linux thing or a isp thing.

 

Anyways, is there a way to fine tune the firewall im a omada setup?

 

Thanks

 

 

 

 

 

 

 

 

So, from a WAN scan, testing the same WAN interface, in both Linux or Windows scans, they show ports like 53, 363, 559 and 773 open? And the result is consistent?

I gotta confirm this before I make my next move.

 

Do you have any port forwarding set on your router? Paste a screenshot.

The WAN does not matter because two WANs are getting two different IPs. I am simply using the scan instead of traceroute on the nmap and the result shows no port opened.

 

If possible and necessary, are you willing to debug with us? Which I need to know your time zone and your available time during the workdays. I need to check if we have a suitable time.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#5
Options
Re:Open wan ports TL-ER7206
2024-01-24 08:11:59

  @Clive_A 

 

Hi again,

 

Just did a few scans and you seem to be in the correct path, ports are not consistent; only 53 UDP remains in all scans. Did a quick research and maybe our provider, Akamai, is doing some kind of obfuscation, with security in mind.

 

Ill try to spin a linux server connected to the same ISP the ER-7206 is on and do some scans. Have in mind its not so easy, its two locations in two different countries (GB - ES).

 

About ports, yes, theres port forwarding for means of remote backup. This dont affect scan results cause we have the same backup setup in other locations with the expected scan results.

 

Again thanks for helping so much and looking into this issue. Ill let you know about the "clean scan" results. Im unfamiliar with the ER-7206 and omada software, but right now it seems its not a issue with tplink enviroment.

 

 

 

 

  0  
  0  
#6
Options
Re:Open wan ports TL-ER7206-Solution
2024-01-25 12:49:05 - last edited 2024-01-26 00:53:50

Hi,

 

Scans from the same ISP return the expected results. NO weird open ports.

 

Thanks for all the help.

Recommended Solution
  0  
  0  
#7
Options