Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unknown Ports, which should be closed? 1

Status
Not open for further replies.
braddds

braddds

Technical User
Apr 26, 2001
385
CA
I have a simple home network which uses a Linksys router to access the internet. I'm using netbieu for local and TCP/IP (not binded for local) for the net. I also run firewalls, trojan and spyware applications on each of the local pc's (sounds paranoid, huh!).

I've run a portscan and found the following open:

Port 25 Open (smtp)
Port 110 Open (pop3)
Port 21 Open (ftp)
Port 2468 Open
Port 5678 Open (rrac)
Port 6688 Open

The top 3 I understand...the FTP is OK as I use this for file transfers between home and work, which has been setup to allow only specific IP's, no anonymous and strong passwords.

It is the last 3 that have me wondering. Do I need these open and if so, what for!? I've tried finding out what these are but the information is cryptic, at best...as is most port explanations!

If a simple answer isn't available then an educated guess would be appreciated.

thx in advance

cheers
 
Sort by date Sort by votes
How did you obtain the information on your "open" ports?
Are you running your own Mail Server?
What Operating system and what firewall?

Can make a more calculated suggestion of risk and protection with some more info.

In general, you should not have any ports "open". They are available to unsolicited connections. It sounds like you have MS IIS running somewhere on your network and it is soliciting ftp and snmp connections from the world.

Known exploits for port 21:
Back Construction, Blade Runner, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan, Fore, FreddyK, Invisible FTP, Juggernaut 42, Larva, MotIv FTP, Net Administrator, Ramen, RTB 666, Senna Spy FTP server, The Flu, Traitor 21, WebEx, WinCrash

Known exploits for port 25:
Ajan, Antigen, Barok, BSE, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Stukach, Tapiras, Terminator, WinPC, WinSpy

Known Exploits for port 110:
ProMail trojan

You might want to check these FAQs

General Home Computer and Small Network Security Questions
FAQ83-3147

Firewalls and the Small Network
FAQ83-3148

Ports, IP addresses, and NAT
FAQ83-3149

Regards,
David
"Just because your paranoid, doesn't mean they aren't out to get you"
[noevil]
 
Upvote 0 Downvote
I used a freeware portscan called "PortScan" from I ran the utility from inside my network so I maybe getting some internal ports not available to the outside! I'll try this later and let you know!

I'm running win2000 pro and winxp pro using zonealarm pro. I'm running an FTP on my win2000 pc but as I said it's protected with specific IP access and strong password protection. No other server is running and I frequently check for trojans (Trojan Remover), spyware (adware 6 and spybotsd) and viruses (Nortons 2003). Also, I logon as a user (not Admin) when using my pc's...I only use Admin when checking/updating system, software and components.

If I close these ports how will that effect my mail and web? Additionally, I'm not familiar with MS IIS - what is it and how do I check if it is running?
 
Upvote 0 Downvote
Yeah I pass shields up with flying colors. GRC only checks know exploited ports and not the higher ones that are indicated on my portscan. Interestingly GRC wasn't able to detect my FTP yet I'm able to connect to it! As I said maybe I'm picking up internal ports and should not be concerned...I'll try later!
 
Upvote 0 Downvote
Yes people seem to put far too much faith in GRC's portscanning, I've received results from the same machine on different scans within a 5 minute period.
 
Upvote 0 Downvote
As promised, here is my report from an external portscan of my home network:

Only port 21 (ftp) is open, again this is by design (funny, GRC didn't catch this). I do show two ports as closed; ports 20 nad 113 which isn't a problem since port 21 is open so "hackers" would already be aware of my site. All others show filtered...I guess this is the same as "stealthed"!?

thx for the info browolf

I've read somewhere that one or two of the unknown ports may have something to do with my linksys router...remote administration...here it is, google gives me a hit back to tek-tips.


thread83-417739

It seems Stingreen has already answered this post so a star for them.

thx all for your help

...and yes Grenage, GRC is only so good! As net-izens we are responsible to discover and implement all security issues regarding our online usage and community.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Ailuin
  • Locked
  • Question
Best Residential proxy provider.
Replies
1
Views
679
AvivBes
AvivBes
DShanks
  • Locked
  • Question
Sonicwall TZ170 LAN ports canot be accessed intermittently
Replies
1
Views
87
joepc
joepc
GoApex
  • Locked
  • Question
Avaya IP Office iPhone SIP Client won't establish talk path (RTP Ports) through ASA
Replies
1
Views
129
nnaarrnn
nnaarrnn
smalltownguy
  • Locked
  • Question
WAP connected to TZ-100 keeps having to be power cycled
Replies
0
Views
91
smalltownguy
smalltownguy
raist3001
  • Locked
  • Question
Unable to remote into PBX behind Sonicwall TZ-190
Replies
1
Views
118
fojin
fojin

Part and Inventory Search

Sponsor

Back
Top