Open ports problem,how can I close them?

Discussion in 'other security issues & news' started by Katmai, Sep 15, 2012.

Thread Status:
Not open for further replies.
  1. Katmai

    Katmai Registered Member

    Joined:
    Dec 25, 2008
    Posts:
    12
    I have a Tp-Link TD8961ND adsl modem/router.When I make a port-scan by using sites like grc.com, it finds these ports open:port 443(https),port 23(Telnet),port 22(ssh),sometimes port 80(http).Installing/uninstalling enabling/disabling a software firewall does not have any effect on the test results.NAT and SPI firewall of the router is enabled.

    Why do these ports appear open and how can I close them?
     
  2. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    You have most likely nonpublic IP address, so you are behind your ISP router, which is set to have those ports open.
    Check your IP: http://www.whatismyip.com then check your IP in the router, if it is different, then that is the case.
     
  3. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    Yikes! 22 & 23 open? that's a huge vector of attack! My advice upgrade your modem to a router that has better security. Billion, Draytek, Juniper, & Fortinet routers can all be picked up cheap on eBay. Much better quality than TP-LINK if you ask me.

    Are you sure you have NAT on? Because 22 &23 should not be open in any circumstance.
     
  4. BrandiCandi

    BrandiCandi Guest

    It doesn't matter if those ports are open as long as there are no services listening.

    It's a good thing that ports 443 and 80 are open. That's how you access the internet!

    Your router probably uses telnet (port 23) to access the router configuration page from your computer (most home routers do this). Make sure you changed the default username & password on your router and you'll be fine.

    Check your services running. I'm assuming you're using Windows. Do you have PuTTY installed? That uses port 22. You can see what services are listening for connections by opening a command prompt and typing
    Code:
    netstat -ano
    You can paste the results here and I can help you interpret them.
     
  5. Katmai

    Katmai Registered Member

    Joined:
    Dec 25, 2008
    Posts:
    12
    Thanks for your answers.

    I checked ips TOMxEU , and you are right,ip address of the modem and ip address appears on which http://www.whatismyip.com/ are different.

    Also,I checked open ports(listening ports) with Comodo's firewall,it lists the ports which are listened by any application,and those ports I mentioned are not in the list.

    So it seems like TOMxEU is right about his diagnosis.Additional info:I am living in a group of houses(I am not sure how it is written in English) and here there is a free internet connection available for us,I am not sure of the mechanics of this connection,but I use my router to connect to this internet connection(?).
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Ports are open when an app or service is listening on it. If nothing is listening, they're not open. It doesn't have to be on the PC. It can be on any piece of equipment between your PC and the web.
    Ports don't need to be open to use the internet. Open means able to receive incoming connection requests, not just incoming traffic.

    Many of the ports you listed are open on ISP supplied equipment. Sometimes it's so they can maintain, service, and upgrade them remotely. Sometimes it's just lousy configuration where they didn't shut the services off. Access to that equipment is usually password restricted. If you have or can get the password, you can shut off those services yourself, or you can ask your ISP or the equipment owner if they will.
     
  7. BrandiCandi

    BrandiCandi Guest

    I see what you're saying. What I was saying is that if I forward port 22 on my router to the ssh server on my network, then I have opened that port to the internet. When the box is powered down, the router still has port 22 "open" and an external scan will report that it's open. However the service using port 22 isn't listening because the machine is powered down. Alternatively I could stop my ssh server on that machine and achieve the same result. The machine won't be listening but the port is open on the router.

    @Katami: So I'm thinking perhaps other people on your network have services using those ports. Thus an external scan would show those ports open on your external IP. However, the router will forward any traffic to those ports to the machines elsewhere in your buildings that are actually listening for that connection. Maybe that's what TOMxEU was driving at?
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Sometimes sitting behind a firewall, whether hardware or software, is all you can do to address open ports. A hardware firewall is certainly a recommended addition to one's security setup.
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Forwarded isn't the same as open. When a port is forwarded to a PC behind the router, the scan will see the port on the PC instead of the router. The request passes thru. If the app or service that uses that port isn't running, the port will then appear closed to the scan, just as it would if it were closed at the router. The only time this would change is if the PC has a software firewall that just drops the requests instead of replying. In that case, the port would appear stealthed. If both the modem/router and the PC are configured to behave the same, (both set to respond to or drop the requests), the scan will look the same.
     
Loading...
Thread Status:
Not open for further replies.