Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response  (Read 9884 times)

polymath

  • Member
  • **
  • Posts: 19
ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« on: January 13, 2017, 04:19:28 PM »

Just bought a ZyXEL VMG3925-B10B-EU01V1F. This is through a retail channel, not an ISP cast-off. Set up went ok and connected to the internet first go. I have not played with the settings other than to get an ADSL 2+ logon.

First place I went to was the Gibson Research Corp Shields Up! site to test response to port probing.

I got a strange response (at least strange to me) to the various port scans.

The common ports scan (about 20 of the most popular ports from 0 to 1057) failed the stealth test. The first half or so of the common ports were stealth but the last 5 or so were closed. I specifically checked port 7547 on its own and that returned a closed result.

The "all service ports" scan (0 to 1055) produced an odder result still. Ports 0 to 4 were closed then most ports were stealth except for groups of 3 ports (about 10 groups of 3) spread across the rest of the range of ports. I ran the "all service ports" scan a second time and the groups of 3 closed ports moved by 1 upwards!

I have attached two images that summarise the "all service ports" scan.

This ZyXEL was intended to replace a Netgear DG834G. With everything the same, except using the Netgear, the Netgear produces a stealth result whatever Shields Up! test is used.

Does anyone recognise this sort of Shields Up! response? More hopefully, does anyone know how to congigure the ZyXEL's settings to give a consistent stealth response?
Logged

nix

  • Just arrived
  • *
  • Posts: 9
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #1 on: January 13, 2017, 05:03:50 PM »

Hello polymath,
That is a strange result...

I have a ZyXEL VMG3925-B10B but ISP supplied, I have, with the kind help from the folks on this forum, installed the latest stock firmware, my router passes the Shield Up! test, all the ports I have tested are reported as Stealth apart from port 7547 which is reported as Closed.
I do get a different result when I test through a VPN connection as I think it is then testing the VPN and not my router.
Have you installed the latest firmware 5.11(AAVF.3)C0 ?
Have you tried a hard reset and then running the Shields Up! test again?

nix

« Last Edit: January 13, 2017, 05:10:47 PM by nix »
Logged

polymath

  • Member
  • **
  • Posts: 19
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #2 on: January 13, 2017, 05:10:51 PM »

I do have the latest firmware. Not sure a hard reset would do much, I have only had the unit a couple of days. Apart from updating to the latest firmware and setting up the ADSL parameters, it is as received.
Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #3 on: January 13, 2017, 05:38:42 PM »

Any idea what 7547 is used for? My 8924 router shows it as stealth.

Stuart
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

tubaman

  • Senior Kitizen
  • ******
  • Posts: 12514
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #4 on: January 13, 2017, 05:52:46 PM »

7547 is for TR069 I believe.
 :)
Logged
BT FTTC 55/10 Huawei Cab - Zyxel VMG8924-B10A

j0hn

  • Kitizen
  • ****
  • Posts: 4093
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #5 on: January 13, 2017, 06:19:13 PM »

It's best practice to perform a reset and/or restore factory settings after updating firmware, particularly if you're updating from a much older firmware. Are things like upnp on or off? Is TR-069 menu showing and is it disabled?
Logged
Talktalk FTTP 550/75 - Speedtest - BQM

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #6 on: January 13, 2017, 06:41:02 PM »

7547 is for TR069 I believe.
 :)

Indeed.  ;)

Specifically, the port is used by the remote ACS to send a message to the local device, requesting that the latter then initiates a connection from itself to the ACS, using the preconfigured details that have been stored in the CPE.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

polymath

  • Member
  • **
  • Posts: 19
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #7 on: January 13, 2017, 06:45:36 PM »

There is no TR069 (or TR064) option in the Maintenance menu. If I do a reset will I have to reinput the ADSL connection settings (e.g user and password)?
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #8 on: January 13, 2017, 06:48:13 PM »

Does anyone recognise this sort of Shields Up! response?

Yes, I have seen similar. That "diagonal effect" is the result of a defect in the ShieldsUP! tester.  :o

When the same circuit was scanned by a remote application of nmap the correct result was obtained.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

j0hn

  • Kitizen
  • ****
  • Posts: 4093
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #9 on: January 13, 2017, 07:22:04 PM »

There is no TR069 (or TR064) option in the Maintenance menu. If I do a reset will I have to reinput the ADSL connection settings (e.g user and password)?
You may need to clear the Rom-D to restore the TR-069. The procedure seems to be the same on most Zyxel VMG models. We've seen this on both retail and ISP issued Zyxels. Buying retail does not always give a "clean" unit.

restore default settings from within the GUI
open telnet and run the command "save_default clean"
after clearing the romd from telnet do not power off the modem
insert a paperclip into the reset hole for around 10 seconds, or until the lights go out and the unit starts to reboot

Here's an AAISP tutorial for a different model
Here's a recent thread on the procedure
Logged
Talktalk FTTP 550/75 - Speedtest - BQM

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #10 on: January 14, 2017, 10:18:48 PM »

by the way guys ignore the ping response advice, I like shields up but it is very outdated by advising people to disable echo replies.

In regards to closed ports vs stealth ports, essentially both are as secure as each other, they refuse access, but stealth means it sends no response so it just times out, closed means a specific denied response is sent.  The only advantage really is security vs obscurity which isnt real security.
Logged

polymath

  • Member
  • **
  • Posts: 19
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #11 on: January 16, 2017, 02:56:45 PM »

OK, some progress. I got rid of nearly all the closed port responses (blue markers). I had configured a DMZ lan address and associated the lan address with a specific MAC address. But I had not connected a network device with the MAC address. Removing the lan ip address / MAC association and removing the DMZ setting cleaned up the GRC results, except for one port. My old Netgear was happy with this DMZ stuff and has always come back as stealth from a Shields Up! test.

The one port that fails is of course 7547. Depending on how one uses Shields Up! (scan single port or range of ports including 7547) it shows as closed or stealth (dropped).

It would be nice to get the ZyXEL to drop stuff to port 7547 consistently. I did try a Firewall Protocol Access Control combination (which I have read about elsewhere on the forum) but so far it has either failed to alter the port 7547 response, or stopped the WAN connection altogether.

The current state is an improvement, especially as nearly all the reported port scans and dos attacks logged by my old router involve ports 23 and 2323 (I know they may not be real dos attacks but that is how it is reported).

Can anyone offer a set of Firewall Protocol / Access Control settings which would ensure port 7547 response is to DROP?
Logged

Dray

  • Kitizen
  • ****
  • Posts: 2361
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #12 on: January 16, 2017, 03:26:46 PM »

Have you tried the advice here? http://www.speedguide.net/port.php?port=7547
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #13 on: January 16, 2017, 10:08:12 PM »

Can anyone offer a set of Firewall Protocol / Access Control settings which would ensure port 7547 response is to DROP?

I've attached some images that show how I performed the task for my VMG1312-B10D.

The first three images . . .
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: ZyXEL VMG3925-B10B-EU01V1F - Strange Shields Up! Response
« Reply #14 on: January 16, 2017, 10:08:59 PM »

The final three images . . .
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.
Pages: [1] 2
 

anything