Strange port 23 connection from .ch on my device

Installing and Using OpenWrt
1

Just checked what the traffic all was but it seems I have a connection open from .CH to my external device that's connected to my modem in bridge mode.

┌snip my external ip:23 = 0 0 ---- eth0.2 │
│└188.154.68.116:20212

What's this all about?

188.154.68.116 xdsl-188-154-68-116.adslplus.ch

Why is this host connecting on my device OpenWrt device on telnet port from .CH?

Using firmware from the OpenWrt site:

OpenWrt 19.07.0, r10860-a3ffeb413b

Do OpenWrt devs have access to our devices?

2
  1. Telent is not installed; and therefore does not run on an OpenWrt 19.07.0 device.
  2. Can you better explain where you're seeing a record of this connection (what command are you running, are you in the Connection Details screen, etc.)?
  3. There are no remote access-based ports opened on WAN by default; therefore no, the devs cannot access a device.
1 Like
3

Netstat and lsof did not showed anything.

Seeing this traffic with iptraf-ng (installed via opkg).

4

No. There are no backdoors built into OpenWrt -- it is intended to be secure. And the firewall is also configured to be simple but secure out of the box (i.e. default configuration).

Can you post your config files for /etc/config/firewall and /etc/config/network?

did you install any additional packages or make other modifications to the default config (except maybe wireless or the LAN address)? If so, what were the changes?

Are you certain that this isn't some other device on your network that has opened the connection to the IP in question?

1 Like
5

Perhaps, it's just a port scan.

I assume this means no traffic (i.e. no packets and no bytes)?

If so, then there was never a connection made.

2 Likes
6

I am so paranoid.

Probably indeed a port scan since there was 0 byte traffic.

And now I created this topic... Please admins delete this topic :pleading_face:

7

Actually, probably good that it exists. May help future viewers with similar questions.

That said, you can mark it as "solved."

EDIT: I see you marked this as the solution -- probably best to tag @lleachii's explanation as the solution.

2 Likes
8

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.