2

It can be a security risk to have unwarranted open ports.

So I ran nmap 192.168.0.1 to investigate if I had open ports on my home network, it turns out, I do:

PORT STATE SERVICE 53/tcp open domain 80/tcp open http 5431/tcp open park-agent 49163/tcp open unknown

This concerned me. However, upon further reading, I have discovered that running nmap from my home desktop does not obtain the actual open ports, but rather ports which are accessible from my desktop on the local network side; I'm interested in ports open to the Internet at large.

Therefore, I tethered my desktop to my phone Wi-Fi Hotspot and ran nmap again, this time I am outside of my local network, i.e. I am not connected to my home router provided by my ISP but rather connected to the Internet through my phone service provider. I ran nmap again, this time using the external IP Address of my home network. The output is as follows:

PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 113/tcp closed ident 443/tcp open https 1935/tcp open rtmp 8080/tcp open http-proxy

There are still numerous open ports, which I was not expecting, as I am not running any servers and simply use my home network for Internet browsing.

Given the answers here, I do not think I should have any open ports.

Why are these ports open to begin with? And should I be concerned/close them?

Edit: I have a single gateway device provided to me by my ISP. I have one desktop connected to this device. My ISP is Sky.

Improve this question
17
  • those are not likely to be the open ports on your router, but ports made accessible by your ISP to their own resources - simple test: browse to your IP and connect to FTP Commented Aug 31, 2017 at 23:46
  • That is correct, these ports are ports that ISPs usually intercept to either protect the average user from accidentally opening these ports and getting hacked, and/or because their terms of service don't allow running FTP and HTTPD servers. Try to access those services and see what you get. Commented Sep 1, 2017 at 13:00
  • @ThomasCarlisle thank you. Still, why is my ISP advertising these ports as open to the outside world, does it not make more sense that these ports are filtered? Commented Sep 1, 2017 at 19:43
  • @schroeder thank you. If I run ftp nn.nnn.nnn.nnn from the command line, from outside of my LAN, it shows as "Connected to nn.nnn.nnn.nnn.". Does this mean that anyone, who knew my external IP Address, could create a connection in this manner? For what purpose would my ISP want this configuration, does it not create a security flaw? Commented Sep 1, 2017 at 20:10
  • 1
    @ThomasCarlisle I also powered off my home router, and got exactly the same results when running nmap and ftp nn.nnn.nnn.nnn.. So I can see now that these open ports are not directly related to my home router. This raises more questions for me than it answers however. How does my ISP forward packets to me? Using the same IP address? But that IP address is not actually my address. Perhaps it's more to do with the MAC address of my home router. Does my ISP translate addresses. Why does my ISP advertise these ports as open on its systems. I clearly have a lot of work to do. Thanks again. Commented Sep 3, 2017 at 12:59

2 Answers 2

Reset to default
1

In general, you should close them if you have such capability and have no reason to allow incoming connections.

What you did not state, however, is what your home network looks like. Do you have a cable modem and external router, or single gateway device? or? Who is your ISP? Depending on your ISP, you might be talking to an IP entity on their network or on your LAN.

Improve this answer
6
  • thank you. I have a single gateway device provided to me by my ISP. I have one desktop connected to this device. My ISP is Sky. I've edited my question to include this information. Please could you clarify your last sentence for me, as I'm unsure what you mean. Commented Sep 1, 2017 at 9:43
  • @case_2501 the last line is what I commented on under your question - the ports might not go to your device but to something in the ISP's network - you can test this Commented Sep 1, 2017 at 10:39
  • @schroeder thank you. My knowledge of networking is in its infancy to say the least. If I'm querying my external IP Address with Nmap, and the IP Address is associated with my gateway device, why is Nmap talking to a ISP resource not specified in the command? Commented Sep 1, 2017 at 13:04
  • 1
    @case_2501 look up "port forwarding" - it's normal for ISPs to redirect traffic, like port 80, so that someone does not try to host their own websites from home, for instance - to help you think through the networking, think of it this way: your external IP is not directly tied to your device, it gets to your device eventually, but it passes through a lot of ISP layers first Commented Sep 1, 2017 at 13:06
  • @schroeder thank you. I'll do some further reading. I'm flicking through articles left, right and center on the Internet, and I'm finding it difficult to get a coherent picture, can you recommend a specific resource that would really give me a thorough and detailed understanding; i'm hesitant to go off Amazon book reviews, and Wikipedia/Internet articles seem to repeat the same, quite superficial, information. Any guidance you can give to help me help myself would be greatly appreciated. Commented Sep 1, 2017 at 13:21
-1

You are right it's a security issue, and there are already documented cases of massive hacks done thru home routers, for example in Brasil:

https://nakedsecurity.sophos.com/2012/10/01/hacked-routers-brazil-vb2012/

Most routers will let you do DMZ, port-forwarding, etc. However such ports should be disabled/closed/firewalled by default.

The very least what your ISP should have done is ensured that ports like the ones you have enlisted are accessible (open) only from their corporate IP's if they are using it to collect some usage data, etc...

They could have done it at their core firewalls/routers... My suggestion is to report security issue to your ISP, and monitor if they have corrected it, if not, then seek for another ISP, but ask them for mentioned security issue.

Or try to put flash your router with software like DD-WRT.

Improve this answer
4
  • Why would the ISP be responsible for that? I would hate my ISP even more if they decided to block my ports. Commented Aug 31, 2017 at 21:44
  • Those are the ports from your modem/router... And you can configure port-forwarding, DMZ etc... But you should rather check what's running on them... Commented Aug 31, 2017 at 21:51
  • Of course you should check what's running on them, but why would you want your ISP to block them? Commented Aug 31, 2017 at 21:56
  • I mean ports for router's config, they should be accessible from your lan and from their corporate IP's not from the rest of the world... Commented Sep 1, 2017 at 6:47

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.