Question My Fritz!Box have too many opened ports

Toggle sidebar Toggle sidebar
WBlueHat

WBlueHat

Nov 26, 2023
22
0
10
As you can see from the photos my Fritz!Box 5530 have too many opened ports for local network connections.
I usually have only xbox one connected so I think it's very strange.
What about an internal bios hack to the router?
Can it be the reason? because I have a vm bootkit on the laptop

ibb.co

20231125-185808 hosted at ImgBB

Image 20231125-185808 hosted in ImgBB
ibb.co ibb.co
ibb.co

20231125-185729 hosted at ImgBB

Image 20231125-185729 hosted in ImgBB
ibb.co ibb.co
ibb.co

20231125-185658 hosted at ImgBB

Image 20231125-185658 hosted in ImgBB
ibb.co ibb.co
 
Last edited:
Sort by date Sort by votes
WBlueHat

WBlueHat

Nov 26, 2023
22
0
10
I have posted the image.
And I have discovered inside the backup file restore of the router that has been hacked.
There are several strange rules and oper ports to trojan site.
If need i can post the screens.
I have tried to edit the files and load it again in the router but samething says the files is not the correct type.
If you do the same without modifing it you can do it anyway.
Very strange
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
29,020
3,022
128,640
Those don't mean much if they are outgoing ports from machines inside your network to the internet.
Hard to tell what those actually represent. It depends on what the ip addresses are of the machines on either end and which machine started the conversation.
It is extremely common to see DNS entries as your machines talks to a DNS server to look up web addresses.

From what I can tell you are not going to be able to do much about any kind of firmware issue. These appear to have fiber modems built in. These type of devices the ISP is in control of firmware updates even if you own the box.
 
Upvote 1 Downvote
WBlueHat

WBlueHat

Nov 26, 2023
22
0
10
My ISp
bill001g said:
Those don't mean much if they are outgoing ports from machines inside your network to the internet.
Hard to tell what those actually represent. It depends on what the ip addresses are of the machines on either end and which machine started the conversation.
It is extremely common to see DNS entries as your machines talks to a DNS server to look up web addresses.

From what I can tell you are not going to be able to do much about any kind of firmware issue. These appear to have fiber modems built in. These type of devices the ISP is in control of firmware updates even if you own the box.
Click to expand...
My ISP denied to me to auto updates firmware from AVM.
They said that if firmware update than u can't connect anymore to their server..that sucks so much to be eard.
The photo I have linked was taked offline,no fiber connection connected to the router.
So the router is telling itself to inbound all that ports for what reason?
The backup file from the router is full of "permit any any inbound"
And connections to trojan site
The file is too long to post screenshot but i can try to send it here maybe
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
29,020
3,022
128,640
Put the ISP box into bridge mode and buy your own router that is secure.

You could I guess just turn off the wifi radios and put your own router in front of it. You really don't care what ports it allows your router will not allow them by default just with the NAT.

Bridge mode is going to be better if you do actually need to forward any ports.

Having your own router where you control the firmware is always the best option but the ISP to protect their network always wants control of devices with a modem in it so they do not allow firmware updates on boxes with a modem. They worry about stupid consumers as much as they do about hackers.
 
  • Like
Reactions: WBlueHat
Upvote 0 Downvote
WBlueHat

WBlueHat

Nov 26, 2023
22
0
10
bill001g said:
Put the ISP box into bridge mode and buy your own router that is secure.

You could I guess just turn off the wifi radios and put your own router in front of it. You really don't care what ports it allows your router will not allow them by default just with the NAT.

Bridge mode is going to be better if you do actually need to forward any ports.

Having your own router where you control the firmware is always the best option but the ISP to protect their network always wants control of devices with a modem in it so they do not allow firmware updates on boxes with a modem. They worry about stupid consumers as much as they do about hackers.
Click to expand...

I have found samething similar to my problem in this post.

www.bleepingcomputer.com

How can I get rid of a Loopback Virtual Machine? - Virus, Trojan, Spyware, and Malware Removal Help

How can I get rid of a Loopback Virtual Machine? - posted in Virus, Trojan, Spyware, and Malware Removal Help: A hacker has hacked our laptops. I now finally know how he continues to plague us. He has installed a Loopback Virtual Machine on the laptops....and WE operate from there. He Remote...
www.bleepingcomputer.com www.bleepingcomputer.com

There must be a way to fix this loopback interface vmware
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom