Timeline for Why are there open ports on my home network router?
Current License: CC BY-SA 3.0
26 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 30, 2017 at 16:36 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Nov 30, 2017 at 14:29 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Oct 31, 2017 at 11:48 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Oct 1, 2017 at 11:24 | history | bumped | CommunityBot | This question has answers that may be good or bad; the system has marked it active so that they can be reviewed. | |
| Sep 4, 2017 at 17:29 | comment | added | Andrew Hardiman | @ThomasCarlisle thank you for taking the time to answer my queries. Again, if you would like to submit an answer I will accept it. Many Thanks. | |
| Sep 3, 2017 at 22:59 | comment | added | Thomas Carlisle | But when your ISP intercepts and redirects traffic to these ports, that gets natted by them, but kind of in reverse. Traffic to those ports gets port forwarded to their servers, and as part of port forwarding there is also natting such that the end result is what you have experienced. Most ISPs just filter those ports, so that connections just fail. If they had done that, it would have been better for you because you wouldn't have been alarmed. | |
| Sep 3, 2017 at 22:54 | comment | added | Thomas Carlisle | NAT is done on your router for the traffic between you and the Internet. Your router is assigned the IP your ISP has assigned. When a device on your internal net makes an outbound connection, your router kind of proxies that and establishes the connection. As far as the outside world knows, the session is between your router and the external service. But when your router receives packets from that session, it sends them to your internal device. Usually, the only natting is on your router, to conceal your internal net. | |
| Sep 3, 2017 at 21:53 | comment | added | Andrew Hardiman | @ThomasCarlisle One final thing I cannot comprehend, is how does my home router talk to my ISP. If my external IP Address is 1.2.3.4, and packets routed to this address get sent to my ISP, how does my ISP forward these packets on to me? Is there another IP Address assigned to my home router that we do not see. Or is the external IP Address 1.2.3.4 used internally on the ISP’s network as well? In other words, does address translation happen twice, once on my home router and then again when it reaches the ISP? I think not, but it could, and I wouldn’t know? | |
| Sep 3, 2017 at 15:24 | comment | added | Thomas Carlisle | Yes, that is their IP which they assign to you, and they direct all traffic to that address to you, except those ports they direct elsewhere and handle. Your router handles making all the devices on your home network appear as a single ip address to the external world, with that one address being the one the ISP has assigned. That is network address translation. | |
| Sep 3, 2017 at 14:42 | comment | added | Andrew Hardiman | @ThomasCarlisle I'm beginning to understand, I think. So, when I search the Internet for "my ip address", the address returned by the website is not actually my IP Address at all, but actually one of a range of IP Addresses assigned to my local ISP, who in turn maps this IP address to me, using NAT? Does this IP Address stay the same, or is the address my ISP uses to find my router different? | |
| Sep 3, 2017 at 13:29 | comment | added | Thomas Carlisle | It is simple firewall technology. Everything that is destined for your home is examined and the traffic destined to those ports are sent elsewhere. They are employing network address translation (NAT) to conceal the actual address where that is re-directed to make it appear with your ip. | |
| Sep 3, 2017 at 12:59 | comment | added | Andrew Hardiman | @ThomasCarlisle I also powered off my home router, and got exactly the same results when running nmap and ftp nn.nnn.nnn.nnn.. So I can see now that these open ports are not directly related to my home router. This raises more questions for me than it answers however. How does my ISP forward packets to me? Using the same IP address? But that IP address is not actually my address. Perhaps it's more to do with the MAC address of my home router. Does my ISP translate addresses. Why does my ISP advertise these ports as open on its systems. I clearly have a lot of work to do. Thanks again. | |
| Sep 3, 2017 at 12:32 | comment | added | Andrew Hardiman | @ThomasCarlisle thank you. There does not appear to be a ftp login message, ftp nn.nnn.nnn.nnn simply returns `Connected to nn.nnn.nnn.nnn.", it does not ask for credentials. The page returned on http is completely blank. If I enter nnn.nnn.nnn.nnn:21 it searches indefinitely. How this all fits together is not making sense to me, although I appreciate I am not connecting to my 'router', rather to the ISP's hardware, so thank you for taking the time to show me that. | |
| Sep 2, 2017 at 0:14 | comment | added | Thomas Carlisle | The fact that you connect does not necessarily mean the connection is to your router. If your ISP is intercepting, then you are connected to them on that port, not you. You should be able to ascertain what you are connected to by the ftp login message, or the page returned on http. If that is not giving you clues, then power your router off and connect. If still you can connect, it isn't your device that the connection is ported through to. | |
| Sep 1, 2017 at 21:46 | comment | added | Andrew Hardiman | @schroeder thank you for being so helpful, I'd up-vote but I have no reputation. Ultimately, I think I am missing a conceptual model in my mind of how everything fits together, I am clearly missing certain layers. I keep reading Wiki pages on TCP/IP model etc. but I cannot seem to translate the model into the real world. I really need to start studying networks from the ground up, but really do not know where to start. | |
| Sep 1, 2017 at 21:20 | comment | added | Andrew Hardiman | @schroeder I've logged into my router, by typing my IP into my browser and entering my admin name and password. I've navigated to "security>firewall rules>Inbound Services", the "action" here is "BLOCK always". Therefore, I would conclude there is no FTP service. I subsequently added the inbound service FTP(TCP:20,21). I then ran FTP again from the command line, and ls as suggested. The output is: "421 Service not available, remote server has closed connection". | |
| Sep 1, 2017 at 20:39 | comment | added | schroeder♦ | @case_2501 you are assuming that you are connecting to your router. Have you logged into your router to see if there is any FTP service? What happens when you run ls on the ftp connection? | |
| Sep 1, 2017 at 20:10 | comment | added | Andrew Hardiman | @schroeder thank you. If I run ftp nn.nnn.nnn.nnn from the command line, from outside of my LAN, it shows as "Connected to nn.nnn.nnn.nnn.". Does this mean that anyone, who knew my external IP Address, could create a connection in this manner? For what purpose would my ISP want this configuration, does it not create a security flaw? | |
| Sep 1, 2017 at 19:43 | comment | added | Andrew Hardiman | @ThomasCarlisle thank you. Still, why is my ISP advertising these ports as open to the outside world, does it not make more sense that these ports are filtered? | |
| Sep 1, 2017 at 13:00 | comment | added | Thomas Carlisle | That is correct, these ports are ports that ISPs usually intercept to either protect the average user from accidentally opening these ports and getting hacked, and/or because their terms of service don't allow running FTP and HTTPD servers. Try to access those services and see what you get. | |
| Sep 1, 2017 at 9:48 | history | edited | Andrew Hardiman | CC BY-SA 3.0 | I've clarified my network sent up, as requested by a fellow user attempting to answer this question. |
| Aug 31, 2017 at 23:46 | comment | added | schroeder♦ | those are not likely to be the open ports on your router, but ports made accessible by your ISP to their own resources - simple test: browse to your IP and connect to FTP | |
| Aug 31, 2017 at 21:55 | answer | added | user3911069 | timeline score: 1 | |
| Aug 31, 2017 at 21:20 | answer | added | Aleksandar Pavić | timeline score: -1 | |
| Aug 31, 2017 at 20:30 | review | First posts | |||
| Sep 1, 2017 at 5:46 | |||||
| Aug 31, 2017 at 20:25 | history | asked | Andrew Hardiman | CC BY-SA 3.0 |