HOWTO: Block Intel AMT ports in the firewall?

NavigatorN · Post by **NavigatorN** » Sat May 27, 2017 8:00 am

Hi all,

I am new around here and just flashed my beloved TP1043nd-V1 from OpenWRT to Gargoyle 1.9.2. That worked fine. OpenWRT is too difficult for me since i am not an network admin.

The point is i want to block ports 5900, 16992-16995, 623 and 664 as they are all related to the recent Intel AMT open backdoor publication.

But under the firewall section i cannot see an option to block these ports and drop the package, i prefer drop and not reject.

Anyone a noob guideline?

Post by **tapper** » Sat May 27, 2017 6:05 pm

Look under firewall set the ports to reject.. Then install winscp log in to your router and find the /etc/config/firewall file. In the file look for the rules for the ports you blocked and change the line were it says reject to drop. When using winscp your username will be root and password is the one you use to log in to the user interface.

NavigatorN · Post by **NavigatorN** » Sun Jun 11, 2017 11:47 am

Under firewall>restrictions do i have to block Remote or local ports?

And do i have to create a rule for each port or can i add multiple. And if so how to separate the port numbers?

Post by **Lantis** » Sun Jun 11, 2017 6:19 pm

I believe they will be local ports.
I also didn't find mention of port 5900?

List them like
623,644,16992-16995

NavigatorN · Post by **NavigatorN** » Mon Jun 12, 2017 9:49 am

I can do a port scan from various websites and all the ports are closed from the internet.
But how to test them from my local machine? AMT is yelling out as I read it...

Gargoyle Forum

HOWTO: Block Intel AMT ports in the firewall?

HOWTO: Block Intel AMT ports in the firewall?

Re: HOWTO: Block Intel AMT ports in the firewall?

Re: HOWTO: Block Intel AMT ports in the firewall?

Re: HOWTO: Block Intel AMT ports in the firewall?

Re: HOWTO: Block Intel AMT ports in the firewall?