![]() ![]() Should give an idea of why a glitch like this bothers me. Hello, This is my first post so please bear with me and I apologize if this is not in the right forum. If anyone else has experienced this, has questions or anything at all, I'm all ears.ĮTA: Attached a network topo. I'm working now to try and replicate the issue in the hopes of figuring out why this is happening and to help others in the community from experiencing the same issue. It appears that there may be a bug in the A2300 firmware that wrongly opens/forwards ports when certain triggers are met. I see no evidence of tampering or any sort of breach on any of my machines. ![]() Step 2 Connect to any server that allows access to your favorite sites. #Hideme vpn for archer a2300 install#It was confirmed opened and responsive via an nmap scan, and then by requesting the site ( both from an off-site machine.Īs a security analyst, this troubles me. Step 1 Download and install VPN for Windows. The router's WebUI did not indicate that this port was opened or forwarded. I was made aware of this after receiving an email from my NIDS stating a large number of connections and unsuccessful authorization attempts were happening on this machine. The server that was exposed this morning resides at 10.10.10.10 and the open port was 8096/tcp, which is a Jellyfin media server. Remote management and all other unneeded/insecure services have been disabled. #Hideme vpn for archer a2300 how to#Just want information on how to setup the VPN server. Encrypts data using Open VPN protocols (UDP / TCP). ![]() Encrypts all traffic with sha256, each and every packet with dh2048 keys. All servers are in High Availability mode & accept huge amounts of data. There are currently no machines residing in the DMZ and no other ports have been explicitly opened or forwarded. Is it Archer C2300 or Archer A2300 What do you mean by blocking VPN Please provide more information. HideMe Speed VPN protects your privacy from ISP. This is a VPN server and serves as the only means of accessing my internal services while working remotely. Under the hood are a dual-core CPU (1.8GHz), 512MB of RAM, and 128MB of flash memory. The only port I have explicitly open/forwarded on the A2300 is 1195/udp, which forwards internally to 10.10.10.5 on port 1195. The C2300 supports Link Aggregation, which allows you to combine two LAN ports for data rates of up to 2GB. The network in question is connected to a small virtualized lab hosting a handful of virtual machines, along with some Docker containers which host a number of services for internal use. Longer version - I have been using an Archer A2300 on one of my networks for about two years now. Disabling port forwarding (destined for another port/machine), then re-enabling it, seems to have fixed the issue. The logs give no indication of this ever happening. TL:DR - This morning, I noticed that my Archer A2300 had opened/forwarded a single port to an internal server without my authorization. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |