Reply

Why are these ports open in the router?

tietack
Aspirant

Why are these ports open in the router?

Just got the WNDR3800, and so far it's great. But I'm curious about all of the open ports. Ran the nmap command on the router (using my current public IP address), and got the following output (IP addresses and FQDN obscured):

Two Questions

1) What are all of these open ports (I understand some of them, noted below)
2) Can i close some of these ports in some way?

*******nmap output*******************************
Interesting ports on c-xx-yy-zzz-gg.name.state.someplace.net (xx.yy.zzz.gg):
Not shown: 1671 closed ports
PORT STATE SERVICE
21/tcp filtered ftp
53/tcp open domain
80/tcp filtered http
548/tcp open afpovertcp
3333/tcp open dec-notes
5555/tcp open freeciv
20005/tcp open btx
***************end nmap output *******************************************

I understand why ports 21, 53, and 80 are open; 21 and 80 supports access to the router and the directories associated with the connected hard drive. 53 supports DNS searches.

I assume 548 relates to Time Machine. But the purpose of the other open ports is beyond me, and think I should close them.

Thanks!
Message 1 of 10
fordem
Mentor

Re: Why are these ports open in the router?

Maybe you should scan the WAN side and not the LAN side.

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 2 of 10
jmizoguchi
Virtuoso

Re: Why are these ports open in the router?

go to grc.com and use shields up to scan your WAN side. Smiley Happy
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 3 of 10
tietack
Aspirant

Re: Why are these ports open in the router?

I appreciate your responses!

As I stated, I did apply nmap on the public IP address. That is by definition the "WAN side".

I also did apply a nmap on the internal network side (192.168.0.1 for me). That reveals additional open ports. That is as I expected, and is not a problem for me (though I know security experts who would cringe at that).

The shieldsup test on the public IP address reveals 0 open ports. The nmap scan revealed 5, plus 2 filtered. I don't know shieldsup. Nmap is pretty well known in the security community, ref http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717
Message 4 of 10
tietack
Aspirant

Re: Why are these ports open in the router?

Now that I've elaborated on what I've done, I renew my questions --

Why are the ports that I've specified open

and what can I do from the WNDR3800 menu to close those ports.
Message 5 of 10
somsubhro
Aspirant

Re: Why are these ports open in the router?

Tietack,

I think to check for security issues you should be running the Security scan on the WAN port and not the LAN ports. This is also suggested by Fordem...

We just ran a complete scan on the WAN port - a free public port scan web site (https://www.grc.com/x/ne.dll?bh0bkyd2). We also tested those ports which reported by you. WNDR3800 are safe for these ports.

If you send me a private message, I will send you the screenshots of the report.

21 - Stealth - FTP
53 - Stealth - Domain
80 - Stealth - http
548 - Stealth - AFP over TCP
3333 - Stealth - Personal Agent
20005 - Stealth - Unknown application (which means the public website could not categorize the Application)

7 ports tested. All ports found to be stealth.
TrueStealth: - Passed: All tested ports were stealth
- No unsolicited packets were received
- No PING reply (ICMP Echo) was received

Thanks
-Som
Message 6 of 10
fordem
Mentor

Re: Why are these ports open in the router?

You may have been scanning the public ip address, but the only way to see those ports as open from the WAN side is to forward those ports and have an app waiting to respond - it is the nmap results themselves that tell me you are scanning from the LAN side.

Where was the machine running the nmap scan connected? WAN side or LAN side?

To scan the WAN side you need to either be scanning across the internet - or - connected to a switch connected between the router and the modem.

You're dealing with a NAT router - by default the router will discard all incoming connections on the WAN side unless it has been configured to pass them, you're not going to see any of the common ports open when you scan from the WAN side.

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 7 of 10
tietack
Aspirant

Re: Why are these ports open in the router?

You're right. I didn't think in terms of iptables, which block ports only in one direction. I've confirmed with the help of nmap-online.com.

I've revised my Amazon review accordingly.
Message 8 of 10
jmsjr
Aspirant

Re: Why are these ports open in the router?

With regards to port 20005, I believe that port is used by the router for the USB PrinterShare Utility, as I was investigating why I can see my USB printer in the "Netgear USB Control Centre" when in a wired connection ( with wireless turned off ), but not when in a wireless connection ( with wired unplugged ):

http://forum1.netgear.com/showthread.php?t=81351
Message 9 of 10
JustinGoldberg
Aspirant

Re: Why are these ports open in the router?

This router's open LAN ports may be responding to your scan, even though you're scanning the WAN. Some soho routers are like this, their routing tables get short-circuited and respond on the LAN.

A true test would be to get a remote computer to scan you, like from a cafe's wifi. Or grc.com as others have suggested.
Message 10 of 10
Top Contributors
Discussion stats
  • 9 replies
  • 42511 views
  • 0 kudos
  • 6 in conversation
Announcements

Orbi WiFi 6E