cancel
Showing results for 
Search instead for 
Did you mean: 

Open Ports reported on my Zyxel VMG3925-B10C by AVG

ukbobboy
Dabbler
Posts: 19
Thanks: 5
Registered: ‎16-10-2022

Open Ports reported on my Zyxel VMG3925-B10C by AVG

Dear Forum Members

Recently, within the past few days, my AVG Internet Security reported that there are 10 open and vulnerable ports on my router, being totally gobsmacked I contacted CSC at Plusnet Help.  What I got was, sorry can't help because we haven't been trained, contact the Plusnet user forum.

So, I am here rooting around (no pun intended) to see if anyone else has had a similar problem and, more importantly, applied a fix. I found that these ports are deliberately left open so that Plusnet can apply updates and fixes when required, I also found that I should check with GRC ShieldsUp!, which I did, to see if I was really vulnerable to Internet attacks. As it happens, GRC says my system is OK.

BTW, GRC ShieldsUp! is a blast from the past, I used to use it back in my WinXP SP3 days and because I haven't used it in such a long time I had totally forgotten about it.

Anyway, what I would like to know is the following:

1) Is it possible to close these ports via the Zyxel's admin pages, as a means of extra security, I've had a look and could not see anything obvious.

2) Would manual closure of these ports affect the equipment on my network, such as my Wi-Fi attached smart TV, laptop, tablet etc., or my wired NAS drives.

and finally

3) Is there an app or utility available that will stealth all "so-called" open ports without having a detrimental affect on my system.

That said, if there are any queries or clarifications required then please let me know.

Thanks, in anticipation

 

UK Bob

 

 

14 REPLIES 14
MisterW
Superuser
Superuser
Posts: 16,190
Thanks: 6,172
Fixes: 446
Registered: ‎30-07-2007

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

I found that these ports are deliberately left open so that Plusnet can apply updates and fixes when required, I also found that I should check with GRC ShieldsUp!, which I did, to see if I was really vulnerable to Internet attacks. As it happens, GRC says my system is OK.

There are some ports ( i thought is was only one ?) open to allow TR069 access to PN for remote updates. These are only open to the IP address of the PN server which is why GRC says your system is OK. Its not possible to close these ports.

HTH

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

jab1
Legend
Posts: 19,050
Thanks: 6,240
Fixes: 287
Registered: ‎24-02-2012

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

@ukbobboy I would take AVG's 'warnings' with a large pinch of salt. When I was using it on my W7 machine, it kept on telling me I had open ports/unsafe programs/false entries/you name it. However, I checked the first few, and it even told me my browser was an 'insecure program' - go figure!

This is all designed to make you 'upgrade' to the paid version.

John
RPMozley
Pro
Posts: 1,351
Thanks: 88
Fixes: 13
Registered: ‎04-11-2011

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

If GRC has tested all ports and they all report as stealth then there is no problem. AVG could simply be reporting local open ports (i.e. only accessible from within your local network). AVG has a habit of reporting “problems” only to advertise a paid product as a “fix”, not sure if this is the case here or not.

Answers to your specific questions:

1) I don’t know the specific router so can’t help on this but seems unlikely if you’ve not seen anything about it.

2) It might stop things from being accessible locally. You need to be careful.

3) If these open ports are local then there’s nothing to help that won’t block all connectivity to your other devices on your local network.
That's RPM to you!!
jab1
Legend
Posts: 19,050
Thanks: 6,240
Fixes: 287
Registered: ‎24-02-2012

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

@RPMozley Your first paragraph sums it up beautifully,AVG used to be a unobtrusive program, actually just doing what is was supposed to do, but since its purchase by/merger with Avast, it has turned into a monster.

John
Anonymous
Not applicable

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

@ukbobboy  have you got more than just your Plusnet single IPv4 connection on the firewall's WAN side ?

 

For example do you have any of the following ?

   1)    A 3G/4G dongle connected to the router  - as a second WAN interface acting as a connection backup ?

   2)    Do you have more than one Plusnet WAN address (I have a /30  block of 4, each separately firewalled)

   3)    Are you running something like a "6in4" tunnel to provide IPv6 - which again would be separately firewalled

   4)    Are you running any sort of tunnel or VPN which could be regarded as another WAN interface ?

   5)    Do you have a manually configured route through your router to access a stand-alone DSL modem ?

 

Any additional WAN side interface should be separately firewalled and might have ports open.

 

My last random thought,  does the problem disappear if you switch OFF any UPnP functionality in the router's config and then  reboot the router ? - as UPnP could open firewall ports on demand.  You could also run the GRC "UPnP Exposure Test" that is on the same page as ShieldsUP!

.

ukbobboy
Dabbler
Posts: 19
Thanks: 5
Registered: ‎16-10-2022

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

Dear Forum Members, especially jab1, RPMozley and Nibiru

I would first of all like to thank all of you guys for replying to my query, your answers have consolidated my thoughts on this matter and that is this "so-called" open port scare is designed to entice me in to buying more product. Therefore, as advised, I will not add to or take anything from my current set-up, it just is not necessary.

I would now like to address Nibiru's questions directly, which was "Do I have any of the following?"

1)    A 3G/4G dongle connected to the router  - as a second WAN interface acting as a connection backup ?

A1) No.

2)    Do you have more than one Plusnet WAN address (I have a /30  block of 4, each separately firewalled)

A2) No.

3)    Are you running something like a "6in4" tunnel to provide IPv6 - which again would be separately firewalled

A3) No.

4)    Are you running any sort of tunnel or VPN which could be regarded as another WAN interface ?

A4) No, not anymore. I used to run "AVG Secure VPN" but I found it slowed down my PC and, more importantly, interfered with my online transactions.

5)    Do you have a manually configured route through your router to access a stand-alone DSL modem ?

A5) No but I had to change some of my router's standard (out of the box) settings so that I could use my NAS devices.

As a personal policy, especially when working with anything computer related, I follow the KISS principle - it keeps me sane and from sprouting more grey hairs. 😄😄😄😄😄😄😄

Way back when, I used to enjoy exploring my computer facilities and seeing how far I could stretch them, but now I'm  very restrictive in what I add to my system and in what I now do.

Anyway, I thank you for your interest and the facinating questions you have asked.

I hope to be helpful to this forum and converse/debate with you guys in the near future.

with regards and thanks

 

UK Bob

 

 

 

 

 

Anonymous
Not applicable

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

@ukbobboy  -  One more simple thing you could do to give another layer of protection to your router's WAN's incoming ports, is login to your Plusnet "Member Centre" and check that your connection's server side "Broadband Firewall" isn't switched Off - I would recommend you set it to "Low" and then reboot your connection.

Anonymous
Not applicable

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

@ukbobboy  -  Here are your router's UPnP controls that ideally should both be set to "Disable" -

 

ZyXEL UPnP.jpg

ukbobboy
Dabbler
Posts: 19
Thanks: 5
Registered: ‎16-10-2022

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

Hi Nibiru

Thanks for your suggestions, I was able to implement switching off the "UPnP NAT-T" facility, especially as it's used for stuff like P2P and VoIP, which I certainly do not use.

However, getting to the server side "Broadband firewall" is a whole new ball game, after clicking on your link I immediately get thrown out of this option and it becomes forever unavailable to me, no matter what I do e.g. entering my password, etc. And of course, I called Plusnet's help desk and drew a blank on that (I'm batting 100 blanks when asking help desk tech questions).

So, how do I access this "Broadband firewall" facility, i.e. what else do I need to do?

Eagerly awaiting your advice.

TIA

 

UK Bob

Anonymous
Not applicable

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

The link I posted above to the "Broadband Firewall" is working for me (I just re-tested it to be sure).

I wonder if you have the same problem recently reported here -  Broadband Firewall Blank Page  ?

Perhaps you could add your own reply to the end of that topic and ask Gandalf  for help ?

.

ukbobboy
Dabbler
Posts: 19
Thanks: 5
Registered: ‎16-10-2022

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

Cheers Nibiru

I've sent a message to Gandalf 🤞, I'll let you know how I get on.

Catch you later.

 

UK Bob

 

Dan_the_Van
Hero
Posts: 3,065
Thanks: 1,494
Fixes: 90
Registered: ‎25-06-2007

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

@ukbobboy 

You might find the option available if you try another browser, I noticed that issue with Firefox but not Chrome or Edge

 

ukbobboy
Dabbler
Posts: 19
Thanks: 5
Registered: ‎16-10-2022

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

Hi Dan

Just tried Edge (Version 115.0.1901.203 (Official build) (64-bit)) and it didn't work, I also tried Opera, Firefox, and AVG Secure Browser and none of them worked.

You know Dan, this reminds me of the time I tried to access my Netgear ReadyNAS devices, I had to install an add-on in each NAS device (and make changes to my Windows settings) before I could use my Win10/11 PC and Firefox browser to fully access these devices, so I'm wondering whether I'll need an add-on or utility installed or change some settings on my PC before I can gain access to this "Broadband Firewall" facility?

Anyway, thanks for your suggestion, it has helped to narrow down the area to where this solution lives.

Cheers

 

UK Bob

 

 

Dan_the_Van
Hero
Posts: 3,065
Thanks: 1,494
Fixes: 90
Registered: ‎25-06-2007

Re: Open Ports reported on my Zyxel VMG3925-B10C by AVG

I have a range of systems running Ubuntu flavours or Windows both real or virtual. Never had to install any add-ons to have access to any of the areas of the members centre.
I cleared the Firefox issue by deleting the history including off-line