ASUS RT-N66U Firewall do i need an extra?

Toggle sidebar Toggle sidebar
G

gunnar.kjemphol

Prominent
Dec 28, 2017
1
0
510
I have an ASUS RT-N66U router. My ISP router is configured as a bridge, so my RT-N66U has the public IP address.

Firewall is enabled in the RT-N66U.

Do I need an extra firewall in front of my RT-N66U?
If so any suggestions?

I see with nmap that a lot of ports are open at my RT-N66U, and i do not se in the configuration menu, that i can close them.

{'tcp': {'services': '1-10240', 'method': 'connect'}}
host;hostname;hostname_type;protocol;port;name;state;product;extrainfo;reason;version;conf;cpe
192.168.1.1;router.asus.com;PTR;tcp;53;domain;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;80;http;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;139;netbios-ssn;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;445;microsoft-ds;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;515;printer;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;1723;pptp;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;1990;stun-p1;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;3394;d2k-tapestry2;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;3838;sos;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;5473;apsolab-tags;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;8200;trivnet1;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;9100;jetdirect;open;;;syn-ack;;3;
192.168.1.1;router.asus.com;PTR;tcp;9998;distinct32;open;;;syn-ack;;3;
 
Solution
B
You are running the nmap on the inside address. Not sure why those ports are open, some like 80 are for management.

If you were to run a port scanner from a website to scan the outside address I suspect you will find nothing open.

By default even without the firewall the NAT function in the router will protect internal machines. This is the port forwarding issue you see people ask about. If you do not port forward the router does not know where to send any attack traffic so it discards it.

A firewall in front of your router would make thing more complex for little benefit. It would be protecting against a attack against the router itself...but then you have the problem of a attack against the firewall which it not much...
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,319
2,754
125,640
You are running the nmap on the inside address. Not sure why those ports are open, some like 80 are for management.

If you were to run a port scanner from a website to scan the outside address I suspect you will find nothing open.

By default even without the firewall the NAT function in the router will protect internal machines. This is the port forwarding issue you see people ask about. If you do not port forward the router does not know where to send any attack traffic so it discards it.

A firewall in front of your router would make thing more complex for little benefit. It would be protecting against a attack against the router itself...but then you have the problem of a attack against the firewall which it not much different. Not one of those things you worry about if you are home user since you are mostly concerned about protecting your end devices.
 
Upvote 1 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom