Hey all,
I'd like to ask your advice or insights on the following. I have a WR 0.9 on my router and now from an external location I ran some nmap tests out of curiosity.
If I run nmap <host> for let's say the first time, it gives back:
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
646/tcp filtered ldp
711/tcp filtered unknown
1755/tcp filtered wms
5033/tcp filtered unknown
50800/tcp filtered unknownIf I run nmap <host> immediately again, then it gives a scary response:
Not shown: 506 closed ports
PORT STATE SERVICE
1/tcp open tcpmux
3/tcp open compressnet
13/tcp open daytime
20/tcp open ftp-data
22/tcp open ssh
24/tcp open priv-mail
26/tcp open rsftp
30/tcp open unknown
37/tcp open time
43/tcp open whois
79/tcp open finger
83/tcp open mit-ml-dev
89/tcp open su-mit-tg
90/tcp open dnsix
99/tcp open metagram
... and other 495 open ports up to Port 65389 ...The iptables rules are what's shipped in default with 0.9 + the obvious 22 port opened.
If I try to telnet to these ports "at least" they aren't really open:
root@localhost:~# telnet hostname 389
Trying x.x.x.x...
telnet: Unable to connect to remote host: Connection refused
So the question is something is wrong with the nmap query, or am I missing something with its usage. Or something is shaky with the firewall rules.
The other question is, the 646 and 711 ports are always displayed - how can I find out why these two ports below even appear? I'm not aware about any application which would open them from the LAN, especially nothing on the router itself.
646/tcp filtered ldp
711/tcp filtered unknown
Ideally I'd like to see something that only the 22 port is open.
thanks,
nm