Remote administration disabled on my router, but can still log in using WAN IP address
bbrown9
Enthusiast - Level 3

Nothing is checked off on the Remote administration page of my MI424WR  router, but when I access my WAN IP address, I can connect to my router and login to it. Also, I disabled ping access, yet I can still ping the WAN IP address.

The LinkSys router I had before getting FIOS was completely stealthed. It didn't respond to anything from the outside world unless I setup a DMZ or port forwarding.

What am I missing in this setup? Why can't I get this thing into stealth mode?

Re: Remote administration disabled on my router, but can still log in using WAN IP address
RJA
Enthusiast - Level 1

I'm having this exact same issue.  Out-of-the-blue decided to do a scan at Shields Up! and discovered multiple open ports (telnet, secure telnet, http, https).  Figured it might be remote administration but nothing is checked.  Would love to be able to figure out how to close the ports and disable remote administration.

My equipment is (Model: MI424WR-GEN2, Hardware version E, Firmware: 20.9.0).  Had FiOS but then recently had FiOS TV installed and received that new router.

Anyone have any ideas?

0 Likes
Re: Remote administration disabled on my router, but can still log in using WAN IP address
viafax999
Community Leader
Community Leader

@bbrown9 wrote:

Nothing is checked off on the Remote administration page of my MI424WR  router, but when I access my WAN IP address, I can connect to my router and login to it. Also, I disabled ping access, yet I can still ping the WAN IP address.

The LinkSys router I had before getting FIOS was completely stealthed. It didn't respond to anything from the outside world unless I setup a DMZ or port forwarding.

What am I missing in this setup? Why can't I get this thing into stealth mode?


I assume you are entering http://your.wan.ip.address from within your local network, similarly you are trying ping from your internal network  ??

If you enter tracert your.wan.ip.address you will see why when it returns that your ip address is only 1 hop away, possibly more dependant on how many routers you have on your internal network between your machine and the VZ router.

This is normal behaviour.

You are accessing the internal side of the router and no ports will be blocked on that side.  To really see you need to go to a remote machine and try.

0 Likes
Re: Remote administration disabled on my router, but can still log in using WAN IP address
RJA
Enthusiast - Level 1

@viafax999 wrote:
You are accessing the internal side of the router and no ports will be blocked on that side.  To really see you need to go to a remote machine and try.

I can access my wan ip address from outside my local network on a remote machine.

0 Likes
Re: Remote administration disabled on my router, but can still log in using WAN IP address
viafax999
Community Leader
Community Leader

@RJA wrote:
I can access my wan ip address from outside my local network on a remote machine.

If you go into admin, firewall settings, general what is security set to?

Is there anything checked in DMZ Host?

Do you have anything that is not your entries in the port forwarding table?

Are you using Static NAT?

What do you see in the Security log??  Hopefully a lot of red and very little green

Have you tried resetting the router to defaults and seeing if that clears the issue?

0 Likes
Re: Remote administration disabled on my router, but can still log in using WAN IP address
RJA
Enthusiast - Level 1

If you go into admin, firewall settings, general what is security set to? 

Typical Security - Medium  / Block IP Fragments unchecked

Is there anything checked in DMZ Host? 

No, that DMZ Host IP Address box is unchecked.

Do you have anything that is not your entries in the port forwarding table? 

Three entries all placed by Verizon:  TCP 4567, and two entries for our two DVRs (UDP 63145 and UDP 63146).

Are you using Static NAT? 

No.

What do you see in the Security log??  Hopefully a lot of red and very little green 

No red and very little green.  Some of the green is showing my work IP connecting to my wan IP.

Have you tried resetting the router to defaults and seeing if that clears the issue? 

Not yet.  I can do that in Advanced - Restore Defaults, correct?  What will I need to do once this is done?

0 Likes
Re: Remote administration disabled on my router, but can still log in using WAN IP address
viafax999
Community Leader
Community Leader

@RJA wrote:

If you go into admin, firewall settings, general what is security set to? 

Typical Security - Medium  / Block IP Fragments unchecked

Is there anything checked in DMZ Host? 

No, that DMZ Host IP Address box is unchecked.

Do you have anything that is not your entries in the port forwarding table? 

Three entries all placed by Verizon:  TCP 4567, and two entries for our two DVRs (UDP 63145 and UDP 63146).

Are you using Static NAT? 

No.

What do you see in the Security log??  Hopefully a lot of red and very little green 

No red and very little green.  Some of the green is showing my work IP connecting to my wan IP.

Have you tried resetting the router to defaults and seeing if that clears the issue? 

Not yet.  I can do that in Advanced - Restore Defaults, correct?  What will I need to do once this is done?


You should show a MAJOR a mount of red  and very little green

The green should only be what YOU allowed the red is everything else that is being rejected

Have you tried resetting the router to defaults and seeing if that clears the issue? 

Not yet.  I can do that in Advanced - Restore Defaults, correct?  What will I need to do once this is done?

That isn't good, you would expect to see something like this

Dec 15 19:29:40 2009 Inbound Traffic Blocked - Default policy UDP 78.20.190.27:52250->{edited for privacy}:1024 on eth1

Dec 15 19:29:38 2009 Inbound Traffic Blocked - Default policy UDP 86.44.201.193:42826->{edited for privacy}:1024 on eth1

Dec 15 19:29:30 2009 Inbound Traffic Blocked - Default policy UDP 122.107.182.246:30170->{edited for privacy}:1024 on eth1

 Dec 15 19:29:28 2009 Inbound Traffic Blocked - Default policy UDP 128.208.17.161:37808-{edited for privacy}1024 on eth1

Dec 15 19:29:25 2009 Inbound Traffic Blocked - Default policy UDP 78.233.0.234:23187->{edited for privacy}:1024 on eth1

Dec 15 19:29:23 2009 Inbound Traffic Blocked - Default policy UDP 94.21.98.87:6690->{edited for privacy}:1024 on eth1

Dec 15 19:29:17 2009 Inbound Traffic Blocked - Default policy UDP 90.21.80.52:18579->{edited for privacy}:1024 on eth1

Dec 15 19:29:14 2009 Inbound Traffic Blocked - Default policy UDP 87.248.95.97:15427->{edited for privacy}1024 on eth1

Dec 15 19:29:11 2009 Inbound Traffic Blocked - Default policy UDP 12.172.150.2:37052->{edited for privacy}:1024 on eth1

Dec 15 19:29:05 2009 Inbound Traffic Accepted Traffic - Service Skype TCP at 192.168.1.23:10834 (1079): TCP

I know, I just showed everybody my current WAN address but am fairly confident that my security is good.  Everything in green is being passed to the inside, all the red stuff is being denied access

Yes that is how it's done.  Everything will be reset to startup.  The userid will be admin and the password will be the default password - is that password ord password1 ??  maybe someone else can answer that??

After you've reset to default you will need to enter YOUR port forwarding rules again, it sound like you have enabled something for your work to access your local network, RDP(TCP 3389)?

0 Likes