Solved Correct modem/router configuration

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
Wendy

Wendy

PCHF Member
Jul 12, 2017
142
11
32
I did an Avast scan and it came back saying I have a vulnerability with open ports 4567. My multiple computers and printer on my LAN are individually wired (RJ45) to the router. I was just told that because of this configuration that port is open and vulnerable. That I should have the computers and printer wired to a switch, then a single RJ45 wire from the switch to the modem. And nothing should be wired to the router - just use its wi-fi connection for my cell phone.

I'm willing to learn the right way to do things and change. I'm just concerned, and upset, that I've had it wrong and unsecured for so long , even though the computers, printer and Internet access have all worked.
 
can I start off by saying Avast is nowhere near the great bit a AV software it was many years ago.
I'd even go as far as suggesting you remove it straight away.

if you have Win10, their inbuilt Defender software is better than Avast.
Defender has scored as well, and even better, than all the other services for at least 8'ish years now.

see here; https://malwaretips.com/threads/av-lab-test-aggregate-scores.94037/
Defender scored 99.33, Avast was 94.20

and here; https://www.av-test.org/en/antivirus/home-windows/
defender is 6, avast is 5.5

BUT I digress. :)

the other issue is Avast (and any security software) is bias and subjective - that is, what one regards as vulnerable, another may not.
so a pinch of reality is needed to see if, for example, port 4567 really is of concern.
only if that port is being used as a backdoor would it be of concern, and any malware/AV software will tell you if you are infected.
so yes, while any open port can be a potential attack point, port 4567 will be open for a reason.

if you have ever seen a list of port being used on your PC, it would blow your socks off, there are thousands, literally.

who ever told you about the LAN wire configuration was blowing smoke up your butt.
how you cable your hardware together may affect speed, it does not affect security!
 
  • Like
Reactions: Wendy
Thank you very much Bruce. So I feel better that I haven't been negligent and may have caused problems. And from what you wrote I don't have to change the configuration for security. But you mentioned a speed issue - am I losing significant speed with my configuration? And your sort of recommendation to remove Avast - I expect that's because Avast can be misleading and missing things.

By the way, the person who told me to change the configuration was from the ISP support (they provide the router and modem).
 
  • Like
Reactions: Bruce
that ISP support person..... what can I say, we all have bad days, and in this instance, he was wrong.
making your devices connect to a switch first instead of straight to the modem would serve no benefit, even if the switch was managed, as any decent modem also covers the basic protection offered by a switch. the modems with multiple RJ45 ports are after all a modem with a built-in switch.

one time you will need to add a switch is to give you more ports than the modem offers.

with network speeds, you can't really govern the bandwidth, it is what it is, based on RJ45 capabilities, ethernet cable version, number of users, errors in data packets, and thorough-put bandwidth of the hardware gear to name a few.

but one thing you can control is how many hops a data packet has to take in order to complete the data request.
and even then, a hops is microseconds, so even adding a few of them together will still not hinder the normal household setup.

it comes more into play in large companies, where the modem connects to a large switch with 48 (or so) ports.
but there are more than 48 connectable devices (PCs, printers, security cams, alarms, VoIP phones, etc) so they add more switches.
you then have to connect switch 2 (SW2) to switch 1 (SW1).
then say, you have a laptop that connects wirelessly - now you have to connect a Wireless Access Point back to SW2.

before you know it, in order for the laptop to get out to the wide world, every data packet goes via the WAP, SW2, SW1, then the modem.
rather than the one hop if the laptop directly connected to the modem.
then there is the return journey.
in short, it quickly adds up to an overhead that needs to be considered in large networks.

for your home - don't give it a second thought. :)
(sorry if that got a bit geeky)
 
  • Like
Reactions: Wendy
Thank you Bruce and PeterOz. I appreciate the detailed explanation -don't worry about it being "geeky" - it helps put things into perspective. So just to summarize, I'll continue to have the multiple computers and printer connected to the router and the only things directly connected to the modem are the RJ45 from the router and coax cable from the ISP.
 
that will be just fine.
there is no good or bad way to connect those things up - there may be good or better but any benefit in changing the configuration will yield little, or no, results.

if it ain't broke, don't fix it!
 
  • Like
Reactions: Wendy and PeterOz
Status
Not open for further replies.
Top Bottom