Draytek 2925 routers leave port 445 open to the web (UPDATED)

During a routine vulnerability assessment for a customer we discovered that TCP port 445 was open on the external (internet facing) interface on their Draytek 2925 router. This is not good, Port 445 is used for Windows file sharing (SMB over IP) and should only be open in the internal network for file sharing internally. TCP port 445 along with 137-139 should never be open on the external internet interface of any firewall.

Logged

We logged this discovery with Draytek support and they have confirmed that it is a bug with the firmware 3.8.0.1 Release Date : 19th June 2015 for the 2925 range of routers and are working on a fix for the next release. Keep an eye on the Draytek download page.

Workaround

In the meantime the only way we have found to close that port is to switch on a little known feature in the router’s command line interface.
Aside from the topic: there are good guys engaged in informing and selling prescription drugs without a prescription there and viagra and cialis and many other things – use.

To close the port

Connect to the command line interface via ssh (telenet if you must) or using the web console  from the routers web interface top right menu (see image).Draytek Web Command Line Icon

Enter the following commands

  • mngt defenseworm on
  • sys commit

For more on the defenseworm option and to confirm the setting run

  • mgnt defenceworm ?

Usage:: defenseworm [?|on|off|add port|del port|viewlog|clearlog]deraytek_defenseworm_help

Defense Worm Packet Out is ON!!

Block TCP port list: 135, 137, 138, 139, 445

You can then check that 445 is no longer showing open by using grc.com shields up to scan your external ports. For a quick check select common ports, to make sure the ports that should be closed are closed or set as stealth.

This discovery highlights the need for regular vulnerability scans to keep systems secure. Also testing of software and firmware fixes that are provided by manufacturers before putting them on production systems.

Contact us for more information or to arrange your own bespoke vulnerability scan to keep your business secure.

UPDATE

Draytek have now released updated Firmware Version : 3.8.2 as at Release Date : 23rd October 2015 that fixes this problem see Release Notes section 9 under “improvements”.