During a routine vulnerability assessment for a customer we discovered that TCP port 445 was open on the external (internet facing) interface on their Draytek 2925 router. This is not good, Port 445 is used for Windows file sharing (SMB over IP) and should only be open in the internal network for file sharing internally. TCP port 445 along with 137-139 should never be open on the external internet interface of any firewall.
We logged this discovery with Draytek support and they have confirmed that it is a bug with the firmware 188.8.131.52 Release Date : 19th June 2015 for the 2925 range of routers and are working on a fix for the next release. Keep an eye on the Draytek download page.
In the meantime the only way we have found to close that port is to switch on a little known feature in the router’s command line interface.
Aside from the topic: there are good guys engaged in informing and selling prescription drugs without a prescription there and viagra and cialis and many other things – use.
To close the port
Connect to the command line interface via ssh (telenet if you must) or using the web console from the routers web interface top right menu (see image).
Enter the following commands
- mngt defenseworm on
- sys commit
For more on the defenseworm option and to confirm the setting run
- mgnt defenceworm ?
Defense Worm Packet Out is ON!!
Block TCP port list: 135, 137, 138, 139, 445
You can then check that 445 is no longer showing open by using grc.com shields up to scan your external ports. For a quick check select common ports, to make sure the ports that should be closed are closed or set as stealth.
This discovery highlights the need for regular vulnerability scans to keep systems secure. Also testing of software and firmware fixes that are provided by manufacturers before putting them on production systems.
Draytek have now released updated Firmware Version : 3.8.2 as at Release Date : 23rd October 2015 that fixes this problem see Release Notes section 9 under “improvements”.