Netgear DG834 - open port 21

Having installed around a dozen of these ADSL firewall routers, I have now found that port 21 is open to the world.
I can telnet to it and get a black screen, can type and stuff.
I think there is a security risk here, anyone else know anything about this?
BTW, all config is absolutely fine on the router.
john
LVL 1
john_123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Big5250Commented:
Port 21 is for FTP, unless needed I would disable this from the administrative portion of the router.
kbbcnetCommented:
Agreed --

The following network ports may be open to inbound remote scanning and / or attack on the NETGEAR DG834 series router by default:

1863 TCP, 1864 TCP, 4443 TCP, 5190 TCP and 5566 TCP.

Furthermore, the port range 40000-40099 TCP may report as being "closed" when scanned remotely, rather than the normally preferred "stealthed" status (whereby the port does not respond to any form of connection request). Finally, ports 40000-41000 UDP may also be vulnerable.

To counter this, you will need to configure your router's custom service and firewall rules to block each port / port range in turn, until remote scans show the ports as "stealthed".

Run the shields-up port scan from www.grc.com to verify:
http://www.grc.com

Check these others as well.
http://kbserver.netgear.com/kb_web_files/N101145.asp
kbbcnetCommented:
If needed --

http://www.adslguide.org.uk/hardware/reviews/2004/q2/netgear-dg834.asp

Firewall and Port Forwarding Configuration page:
Adding a rule to the firewall is fairly straightforward and relatively jargon free compared to some routers. The options shown above allow you to select the service you wish to add. The Action selection determines whether you are going to allow this service through, or block it.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

john_123Author Commented:
Hello, thanks for responses,
the firewall has all inbound services disabled (including FTP) - it seems this port is open maybe for remote administration of the router.  I cannot find a single place to disable this feature/function within the web administration tool.

this doesnt seem to be referenced anywhere and i am worried could be a vulnerability.
kbbcnetCommented:
<this doesnt seem to be referenced anywhere and i am worried could be a vulnerability>

My previus post gave the URL for the exact procedure:
In Firewall and Port Forwarding Configuration page --
Did you create a rule to block the specific port as describe in the step by step GUI procedure above?
john_123Author Commented:
No i did not create a specific rule to block port 21 as the default rule already exists which blocks all incoming traffic.
will try to also add another rule to block port 21 and let you know.
john_123Author Commented:
Nope, adding a specific rule to block port 21 did not work either.
Like I said, the default rule is block anything, I only allow VPN access through the firewall.

This is the same for all Netgear DG834's I have running.

Should I be concerned?
Big5250Commented:
If you telnet to the port, is there any response?
john_123Author Commented:
If i telnet to them, I get a blank telnet session, like black writing on black screen, I cant see what i am typing nor can i see what it is displaying yet i can see the cursor moving within the telnet session.
john_123Author Commented:
i have used PUTTY to telnet and now i can see what i am writing, but the system doesn't show me any response, i can type press enter, keep typing etc.
Big5250Commented:
I wouldn't worry about it, if it doesn't respond to standard FTP commands, than it's probably a rogue listener.  The only possible scenario I could think of is if it could be DOS'd.  But, as far as intrusion, I don't think that would be a possibility without a valid service on the port.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
john_123Author Commented:
thanks for the re-assurance but what is a "rogue listener"? Is it likely netgear would include this with the firewall?
Big5250Commented:
Some firmwares that I have seen, come with a listener that basically goes nowhere (rogue).  Open by default, most of the time this is corrected in subsequent releases of firmware.  Can you verify if there is a common thread with the firmware revisions on these?  I would try the latest release from the vendor, and see if the listener goes away.  After that, you may want to report a bug to them.

hth
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.