Port 53281 (and now also 63356) forwarded on Asus router

I have a new Asus RT-AC68U Dual-band Wireless-AC1900 Router.

Under the System Log - Port Forwarding page, I see the following:

Destination     Proto. Port range  Redirect to     Local port
ALL             TCP    80          192.168.1.200   80         
ALL             TCP    443         192.168.1.200   443        
ALL             UDP    63356       192.168.1.122   63356 
ALL             UDP    53281       192.168.1.10    53281

192.168.1.200 is a Linux webserver, and I intentionally set these port forwarding rules. 192.168.1.10 is the Windows client I am accessing the router with, and I did not create a port forwarding rule to it. (EDIT. originally, it was just port 53281, but now I see 63356 as well). If I go to the WAN/port forwarding page, this rule does not show up. I've tried logging out of the router on that client, and logged on with another, and the log file still shows port 53281 forward to 192.168.1.10, and not the new client's IP.

My Linux server has recently been under attach, but I don't think it has been breached.

What is the purpose of this port? Should it be closed, and if so, how?

user1032531

Posted 2014-10-25T13:59:50.683

Reputation: 1 331

Rather than looking just at your router, you should check the systems the port is forwarded to. Also, update the router’s firmware and change its password from a known-safe computer. Turn off UPnP port forwarding on your router, because it’s a security issue. – Daniel B – 2014-10-26T15:05:13.097

Answers

I suspect the issue is due to uPNP being enabled on your router.

I took a look at my own for comparison. Port Forwarding is enabled and I've been running with uPNP enabled.

Log prior to disabling uPNP:

Destination     Proto. Port range  Redirect to     Local port
ALL             TCP    32400       192.168.0.15     32400      
ALL             UDP    32400       192.168.0.15     32400      
ALL             TCP    5001        192.168.0.254   5001       
ALL             UDP    5001        192.168.0.254   5001       
ALL             TCP    17134       192.168.0.15     32400      
ALL             UDP    26287       192.168.0.107   26287      
ALL             TCP    26287       192.168.0.107   26287      
ALL             UDP    21539       192.168.0.227   21539      
ALL             TCP    21539       192.168.0.227   21539      
ALL             TCP    5001        192.168.0.254   5001

From that list 5001 and 32400 are the only ones that I have set explicitly. My two client IPs that had strange UDP connections were both windows boxes and both had applications that would have tried to uPNP their way out (uTorrent and a media server). After disabling uPNP, only the 32400 and 5001 ports remained (I fired up my Xbox 360 to make sure it couldn't poke a hole using uPNP).

Also, if your port forwarding is failing intermittently (starts, then just quits for whatever reason), be sure to turn off the hardware acceleration built into the router. You may just want to do that anyway since it seems to be the cause of all kinds of port forwarding issues with this router (as of the latest firmware November 2014)

mdip

Posted 2014-10-25T13:59:50.683

Reputation: 184