OpenWrt Forum Archive

Topic: WhiteRussian 0.9 firewall+nmap question

The content of this topic has been archived on 3 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hey all,

I'd like to ask your advice or insights on the following. I have a WR 0.9 on my router and now from an external location I ran some nmap tests out of curiosity.

If I run nmap <host> for let's say the first time, it gives back:

Not shown: 994 closed ports
22/tcp    open     ssh
646/tcp   filtered ldp
711/tcp   filtered unknown
1755/tcp  filtered wms
5033/tcp  filtered unknown
50800/tcp filtered unknown

If I run nmap <host> immediately again, then it gives a scary response:

Not shown: 506 closed ports
1/tcp     open  tcpmux
3/tcp     open  compressnet
13/tcp    open  daytime
20/tcp    open  ftp-data
22/tcp    open  ssh
24/tcp    open  priv-mail
26/tcp    open  rsftp
30/tcp    open  unknown
37/tcp    open  time
43/tcp    open  whois
79/tcp    open  finger
83/tcp    open  mit-ml-dev
89/tcp    open  su-mit-tg
90/tcp    open  dnsix
99/tcp    open  metagram
... and other 495 open ports up to Port 65389 ...

The iptables rules are what's shipped in default with 0.9 + the obvious 22 port opened.

If I try to telnet to these ports "at least" they aren't really open:
root@localhost:~# telnet hostname 389
Trying x.x.x.x...
telnet: Unable to connect to remote host: Connection refused

So the question is something is wrong with the nmap query, or am I missing something with its usage. Or something is shaky with the firewall rules.

The other question is, the 646 and 711 ports are always displayed - how can I find out why these two ports below even appear? I'm not aware about any application which would open them from the LAN, especially nothing on the router itself.
646/tcp   filtered ldp
711/tcp   filtered unknown

Ideally I'd like to see something that only the 22 port is open.


No ideas?

The discussion might have continued from here.