Edit - Turned out it was not the router, was my ISP....

On 3.8.2.2, ports 135, 136, 137, 138, 139 are showing as CLOSED on port scans (i.e., they are not stealthed)

Not sure why the change of the behaviour, and this is not ideal really.

Hmmm. Telnet to the router and try this, then rescan?

> mngt defenseworm ?
Usage:: defenseworm [?|on|off|add port|del port|viewlog|clearlog]
Defense Worm Packet Out is OFF!!
Block TCP port list: 135, 137, 138, 139, 445
> mngt defenseworm on
Defense Worm Packet Out is ON!!
> sys commit

Hi,

Is there a way of doing this in the web GUI?

(not that I don't like CLI, but I don't like using it on Draytek).

Port 445 is actually closed, and 136 is open, so may be a different issue.

Also, I applied .RST file to the router and then did my usual configuration. I can't see anything which should cause this that I did. I've never had this issue before.

May just do .RST again and configure step by step running port scans each time I configure an option and see what is triggering it (Draytek support say this should not happen). Must admit, this is a bit of a pain in the arse.

Edit - gone through all options once again and cannot see anything that should cause 135-139 to be "closed".

Port 445 can be different - make sure Samba is disabled under USB Apps to get rid of it.

You could go to firewall -> Dos defence and briefly untick "enable Dos Defence" and then re-scan.

I don't have the issue on 3.8.2.2 so its likely to be config I think.......

:oops: :oops: :oops:

For some reason on the way home from work the thought of it being the ISP came into my head.

Turns out it is: https://support.zen.co.uk/kb/Knowledgebase/Do-Zen-block-any-ports

Hold my hands up, I jumped the gun this time around. So apologies for wasting yours and draytek support time.

Think I'll query why ISP are not stealthing them instead of just having them "closed".