FVS 338 Prosafe Router is showing its administrative console on an external IP address
Posted on 2011-03-18
I am working on blocking up some holes in the security on my network and there was an IIS server running which was not up to date and not actually being used. I disabled the IIS services and changed the port forwarding on my Prosafe FVS338 router to stop forwarding port 80 to the server.
Subsequently, I ran port scans on my external address and it still reported that port 80 was open. I manually accessed my external address via a web browser and low and behold, my Netgear router has decided to start displaying the administrative console to the outside world. In my opinion, a big security risk, and I need to get it to stop asap! Of course, Netgear sent me around in circles and then asked for a bunch of money just to think about solving my problem.
Again, the router is a Netgear Prosafe FVS338.
The only settings in the admin console that I can find that seem to indicate turning this ability on or off, are the remote management settings in administration. There are options to allow Telnet Management and Allow Secure HTTP Management. Neither of these abilities are enabled.
I quite feel like my rear is hanging in the wind right now so any help would be greatly appreciated.
Oh, on a last note, I set a firewall rule to block all requests for port 80 but it apparently doesn't monitor itself...