networking - Problems with opening ports and running listen servers in Red Orchestra (Router keeps restarting)

07
2014-07
  • THOMASNATOR

    I'm no stranger to having to open ports, doing it a couple of times on a couple of different routers, and have done it on this router a few times. I'd opened up ports to play Terraria through TShock, Minecraft, Source games and such.

    However early last night I and a friend tried to play RO, and it wouldn't work - I needed to open some ports as it turned out after a bit of google-fu. This morning, I thought we could play, but after running the listen server after opening the ports, I got into the listen server and the router would constantly reboot.

    After a bit of turning off/on and restarting I decided to undo what I did and remove all my forwarding rules.

    I'm looking to try and find a way for this to work, what could have happened, and how I can catch it doing it in the act. The 192.168.0.1 interface says something about syslog, if I can watch that at all? If you require I can provide the numbers of the ports I opened.

    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    Netgear router listening on port 32764?
  • Dentrasi

    I've got a Netgear DG834G running firmware V5.01.01. From the LAN side, if I port scan it, it's listening on tcp port 32764. Trying to telnet into this port gives me the response MMcS\xff\xff\xff\xff\0\0\0\0 (in hex, obviously).

    I've got UPnP disabled, it's not a remote management port, and it's not open on the WAN side. I can't find anything in Netgear's documentation, and searching online doesn't find anything either. A few people seem to have noticed, but no one actually has an answer. I've also created a firewall rule blocking outbound access to that port, and it's still open, so it's actually the router that's listening on it.

    Does anyone know what this could be?


    • Related Answers
  • Mokubai

    Hmm, weird.

    Hex ff = Decimal 255, so logically the response you are receiving is equivalent to

    MMcS 255.255.255.255 0.0.0.0 (dots added for networking clarity) which to me is basically a broadcast address on your network. It could be stating that any ip on your network can use the MMCS service, i.e. 255.255.255.255 net mask 0.0.0.0.

    There are a number of things that MMCS could be, such as the MultiMedia Class Scheduler that Vista is able to use to get priority for multimedia traffic over the network. It would explain why the port is only open on your local network too.

    Also a bit of info on point 5 of the first post of this page

    I doubt it would be something to do with MIP-MANET Cell Switching which appears to be something to do with mobile phone networks. Wow there is some weird stuff that gets returned when you Google for MMCS 255.255.255.255. Like this.

    So I'd say it's most likely a port that allows the Windows MultiMedia Class Scheduler to talk to the router to prioritize traffic, but it could be some weird funky mobile phone network stuff.

  • Jeff Gohlke

    Actually, this appears to be a software back-door included by the manufacturer as described here and exploitable using this script.

    So far non-vendor related persons have reported there are back-doors in the following routers: Linksys WAG200G, Linksys WAG320N (Firmware V1.00.12) and Netgear DM111P. But it seems the following devices (yours included) may also be present, Netgear DG834, DG834G WPNT834 DG934, WG602, WGR614 router, Linksys WAG160N and DGN2000, WAG120N wireless-WRVS4400N. It seems likely this back-door is present in other devices as well.