How can I close an open port on my router?

Posted on

QUESTION :

I have a ZTE ZXHN H168N V3.1 router. I did a random network scan on my ESET Internet Security and it says I have an open port 23, which is caused by poor configuration of the router.

I checked my router settings and Telnet is using that port. I can’t seem to find any good info on this router model as if it is non-existent.

How can I fix this problem? Can I fix it or do I have to contact my ISP?

I’m really not comfortable with having an open port because I use online banking, shopping and have a lot of sensitive data on my PC.

ANSWER :

Your computer gets something called a default gateway from your router when it uses DHCP to try to get an IP from somewhere on your network. The default gateway will be the IP of your router.

Getting your system’s default gateway on Windows is simple – just open a command prompt (search in Start Menu if needed), type the command ipconfig, and look for the line that says Default Gateway.

Most non-commercial routers are configurable by going to your browser and putting in http:// followed by the IP address of the default gateway.

From there it gets tricky because each router manufacturer is different. You will have to consult the documentation for your router for the exact process and also the administrator password to the router. You should definitely change the administrator password from something other than the default.

Brief searching shows that the default username is user and the default password is simply blank.

While this is not the same exact model, there’s a good chance these instructions for the H106N would apply.

As @Akina says, it’s possible Port 23 is open on the LAN interface but not your WAN (hopefully). It’s also possible you won’t see port 23 open in the settings, there may be a separate setting that needs to be changed to specifically disable Telnet access.

The Telnet port probably allows access to a command line or shell. It likely uses the same password you set in the web interface to allow access. Having this accessible on your LAN is equivalent to having the web site accessible on your LAN, which it already is.

Honestly it’s probably better securitywise to disable the web interface and use Telnet to configure or change the device, as vulnerabilities with Web interfaces are more common than with a shell prompt exposed through Telnet (unless someone is sniffing your password on your LAN when you sign on to Telnet). If this device lets you disable Telnet and enable SSH, it’s better (password can’t be sniffed via SSH).

Leave a Reply

Your email address will not be published. Required fields are marked *