TPG Community

Get online support

Archer VR1600v FTP port (21) is OPEN when it shouldn't be . .

phillip_rhoades
Level 2

People,

 

I just noticed when I did an nmap of my domain that it showed port 21 was open! - when it definitely should NOT be (ie there is no config for it in Port Forwarding).  I don't know if this is a recent change due to some malware in the modem but it needs attention ASAP - is there a non-mailicious explanation?

 

Thanks,

Phil.

5 REPLIES 5
Anonymous
Not applicable

Hi @phillip_rhoades,

 

Thanks for bringing this to our attention, we will raise this to our network Engineering Team for investigation and assessment. We will post an update on this thread when it becomes available.

 

Regards,

 


@phillip_rhoades wrote:

People,

 

I just noticed when I did an nmap of my domain that it showed port 21 was open! - when it definitely should NOT be (ie there is no config for it in Port Forwarding).  I don't know if this is a recent change due to some malware in the modem but it needs attention ASAP - is there a non-mailicious explanation?

 

Thanks,

Phil.


 

david64
Master

Hi @phillip_rhoades . When you ran nmap, was it on your computer on the home network? It would be looking at ports open on local side, like port 80 is open for router admin. 

Did nmap report any others? Like 139 and 445? I think these are used for accessing USB storage. VR1600 supports FTP (port 21), SMB (ports 139 and 445). These are open on my VR1600.

You can use sites like portchecktool.com to check if specific ports are open or not.

@Anonymous 

phillip_rhoades
Level 2

> When you ran nmap, was it on your computer on the home network? It would be looking at ports open on local side, like port 80 is open for router admin.

 

Yes, but I used nmap on the FQDN not the local IP . . 

 

> Did nmap report any others? Like 139 and 445? I think these are used for accessing USB storage. VR1600 supports FTP (port 21), SMB (ports 139 and 445). These are open on my VR1600.

 

PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
88/tcp filtered kerberos-sec
443/tcp open https
587/tcp open submission
993/tcp open imaps
1900/tcp open upnp
2525/tcp filtered ms-v-worlds
5000/tcp filtered upnp
8200/tcp open trivnet1

 

> You can use sites like portchecktool.com to check if specific ports are open or not.

 

Result:  "Problem!  I could not see your service on xxx.xxx.xxx.xxx on port (21)."

 

Using: https://hackertarget.com/nmap-online-port-scanner/

 

I get:

 

PORT     STATE    SERVICE
21/tcp   filtered ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  filtered pop3
143/tcp  filtered imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

- filtered being a little more reassuring . .

Thanks,
Phil.

 

Anonymous
Not applicable

Hi @phillip_rhoades,

 

Our Network Engineering Team confirmed that the ports are filtered by default and w​e enable uPnP on the modem by default so any service that is running on the LAN can use the uPnP protocols to open the port on the WAN.


If port 21 is open on the modem the it is likely that the modem has a device on the LAN with an FTP server running.
 

If you prefer to set up port forwarding manually we advise to disable the uPnP.

 

Let us know should you require further assistance.

 

Regards,

 

 

 

People,

 

I just noticed when I did an nmap of my domain that it showed port 21 was open! - when it definitely should NOT be (ie there is no config for it in Port Forwarding).  I don't know if this is a recent change due to some malware in the modem but it needs attention ASAP - is there a non-mailicious explanation?

 

Thanks,

Phil.

phillip_rhoades
Level 2

Shane,

 

> If port 21 is open on the modem the it is likely that the modem has a device on the LAN with an FTP server running.

None of my computers are running ftpd - it is something I have routinely turned off for decades . . 

 

> If you prefer to set up port forwarding manually we advise to disable the uPnP.

 

Well that's interesting - when I go to look at the uPnP status, there IS in fact a service running that was unexpected but is in fact OK (ie it is NOT ftp) - however I will disable uPnP and manually add the auto opened port.  It will be interesting to see if disabling uPnP fixes the ftp problem . . 

 

> Let us know should you require further assistance.

 

Thanks - I will update this thread after uPnP disabling . .