dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
800

mesostinky
join:2002-08-04
Madison, NJ

mesostinky

Member

Can't disable port 2420 on Versalink

2420 is the remote management port on the versalink. With the way Verizon ships it there is no way to turn it off. Its on even if you don't have remote management on.

I own a currently not in service smc router which had ident running on port 113. This could not be disabled. To fix this you simply forward port 133 to a non-existant local ip. I figured I would do the same for port 2420 on the versalink.

Now, on to the versalink. Please anyone feel free to tell me what I'm doing wrong since no matter what I can't get port forwarding working.

1) Go to services, click define custom service, click next with the "port forwarding" checkbox enabled.
2) Type in a service name, and then under Global port range, and Base Host Port put 2420 in every box. Leave TCP selected and click next.
3)Click close on the next screen.

4) Click on the Service Name dropdown box and highlight your newly created service. Click Enable, and then Click OK for Host mode.
5) Type in an IP address (ex 192.168.0.200) and then click done.
6) Repeat for UDP.
7) That's it, port forwarding for the service you specified should be working.

But it doesn't. At least not for me. Btw the firewall is set to None, Upnp is off, and again the remote management feature is NOT checked. If someone could verify if I'm doing something wrong as I'd really appreciate it.

Thanks

Mike
mesostinky

mesostinky

Member

btw I've also tried playing around with the firewall on as well. Can't figure the dam thing out. That or Verizon hard coded port 2420 open in their firmware.

I don't need people port scanning me(which happens constantly) and turning off my modem for fun.

I have no idea if the syntax is right or wrong but with just this in the inbound section port 2420 is still open.

title [ Security Level 1 IN rules ]

begin

RulesDropTCP
drop protocol tcp, to port 2420 >> done

end

Eddy2
@broadred.net

Eddy2 to mesostinky

Anon

to mesostinky
I just scanned my port 2420 and indeed it is open. I also have Remote Access not enabled and the URL on the modem configuration page links to port 2420.

I am guessing that this port is alway open, but will immediately drop connection if Remote Access is not enabled.
Unless Verizon has a back door here .

Or this port needs special protocol that script kiddies can run

Anyway, preliminary search on this site, there are some discussions on this port. One example is:

=======
There is a remote desktop function specifically built in for helpdesk access on port 2420. However it is a only on a per connection basis and it has to be enabled on the customer side.
============

mesostinky
join:2002-08-04
Madison, NJ

mesostinky

Member

"I am guessing that this port is alway open, but will immediately drop connection if Remote Access is not enabled."

Well one thing I noticed was when I clicked wan_IP:2420/ I do get to the Versalink Home page and my connection isn't dropped. I have no idea if the Router "knows" your coming from interal but you can access it even though remote admin is disabled. You get prompted for a password for most settings but you can see all of the connection info and disconnect the connection with no password.

Note that I setup my Old Westell 2200 and it does not show up in port scans unlike the versalink. As far as I can tell unlike the 2200 the versalink cannot be hidden from port scans for port 2420. Unless of course there is just something wrong with my unit.

Tomorrow I'll try to access it remotely and post my results. If I can access my router remotely and disconnect even though remote admin is disabled it I'm going to be pretty annoyed.

Mike
magm58
join:2000-07-12
East Elmhurst, NY

magm58 to mesostinky

Member

to mesostinky
OK in part 2 not press Close you need to press ok

mesostinky
join:2002-08-04
Madison, NJ

1 edit

mesostinky

Member

Actually if your talking about the same part that I am right after step two you see,

"After clicking 'Close' you can enable your new service from the 'Service Name' select box."

You then click close. The custom services are showing up in the dropdown list so I know its getting in there. Thanks for the thought though.

I did want to mention that I just had someone try to connect remotely and they could not get the westell web page or a logon prompt. When I enabled it they got a logon, but when I once again disabled it, they saw no logon or connection which is obviously how it is supposed to work. So I'm very happy about that since that was my main concern. I guess the only reason I can access it at home via 151.198.125.xxx:2420 is because the router see's me as coming from within the Local Lan.

I still have no idea why port 2420 shows up as open though and would be interested in finding out why. But since that alone doesn't grant you access to the dsl mode config page I'm fine with it.

Thanks for anyone who read my babbling.

Mike