Hi guys,
I do a service scan on Mikrotik routerboard with a software (GFI Lan Guard) and it find POP3, SMTP, IMAP4 service enable on routerboard: why?
I check under IP/service of routeros but I don't find any smtp,pop3 or imap4 service.
Also with Dude if i try to check a routerboard it find smtp,pop3 and imap4 service; if i try to connect via telnet (telnet ip address 110) I can't, so i think service isn't available: is it correct?
Thanks for your help
Best regards
Re: POP3, SMTP, IMAP4 enable on Mikrotik routerboard
Yes, it is correct.
Perhaps your software checks, whether port is open or not and then reports about such service.
Perhaps your software checks, whether port is open or not and then reports about such service.
Re: POP3, SMTP, IMAP4 enable on Mikrotik routerboard
you have to configure the firewall, so that it blocks such requests. put firewall rules in the input chain, that block everything coming from unknown addresses, and also block access to unused ports. just make sure that you allow things like DNS requests for the router.
Re: POP3, SMTP, IMAP4 enable on Mikrotik routerboard
I use routerboard in bridging mode in a point-to-point wireless link and so I wouldn't use firewall rules.
Why does Dude software find pop3, smtp and IMAP4 service active in routerboards? Is it possible to disable this services?
Thanks
Best regards
Why does Dude software find pop3, smtp and IMAP4 service active in routerboards? Is it possible to disable this services?
Thanks
Best regards
Re: POP3, SMTP, IMAP4 enable on Mikrotik routerboard
quite a while here ... BUT ... i ran into the same curiosity ...
despite i have a fw-rule which blocks all ports for the INPUT chain on the gateway interface, nmap shows open ports which have NEVER been opened, used, forwarded etc.
nmap -sT -sU -T4 -v -v -F -Pn [my host's wan ip from ISP]
and here is my firewall setup:
Address Lists (some permanently blocked "china-nets" are not pasted)
filter rules (sensitive data has been altered)
despite i have a fw-rule which blocks all ports for the INPUT chain on the gateway interface, nmap shows open ports which have NEVER been opened, used, forwarded etc.
nmap -sT -sU -T4 -v -v -F -Pn [my host's wan ip from ISP]
Code: Select all
Starting Nmap 7.01 ( https://nmap.org ) at 2016-02-09 17:27 CET
Initiating Parallel DNS resolution of 1 host. at 17:27
Completed Parallel DNS resolution of 1 host. at 17:27, 0.00s elapsed
Initiating UDP Scan at 17:27
Scanning home.[myDomainName].at (178.xxx.xx.xxx) [100 ports]
Completed UDP Scan at 17:27, 11.13s elapsed (100 total ports)
Initiating Connect Scan at 17:27
Scanning home.[myDomainName].at (178.xxx.xx.xxx) [100 ports]
Discovered open port 995/tcp on 178.xxx.xx.xxx
Discovered open port 993/tcp on 178.xxx.xx.xxx
Discovered open port 443/tcp on 178.xxx.xx.xxx
Discovered open port 80/tcp on 178.xxx.xx.xxx
Discovered open port 110/tcp on 178.xxx.xx.xxx
Discovered open port 143/tcp on 178.xxx.xx.xxx
Discovered open port 22/tcp on 178.xxx.xx.xxx
Completed Connect Scan at 17:27, 2.36s elapsed (100 total ports)
Nmap scan report for home.[myDomainName].at (178.xxx.xx.xxx)
Host is up, received user-set (0.022s latency).
rDNS record for 178.xxx.xx.xxx: 178.xxx.xx.xxx.wireless.dyn.drei.com
Scanned at 2016-02-09 17:27:03 CET for 13s
Not shown: 100 open|filtered ports, 93 filtered ports
Reason: 193 no-responses
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack
80/tcp open http syn-ack
110/tcp open pop3 syn-ack
143/tcp open imap syn-ack
443/tcp open https syn-ack
993/tcp open imaps syn-ack
995/tcp open pop3s syn-ack
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 14.33 seconds
Raw packets sent: 200 (7.156KB) | Rcvd: 36 (5.102KB)
and here is my firewall setup:
Address Lists (some permanently blocked "china-nets" are not pasted)
Code: Select all
[spippan@Cerberus] /ip firewall address-list> print where !dynamic
Flags: X - disabled, D - dynamic
# LIST ADDRESS TIMEOUT
13 ;;; LAN sp-private
whitelist 192.168.1.0/24
14 ;;; VPN net Cerberus
whitelist 10.20.30.0/24
17 ;;; daniLAN
whitelist 192.168.3.0/24
18 X whitelist 62.218.xxx.xxx/31
21 ;;; VPN net sp-private
whitelist 10.20.31.0/24
Code: Select all
[spippan@Cerberus] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward
1 chain=input action=drop protocol=tcp in-interface=ether1-gateway dst-port=53 log=no log-prefix=""
2 chain=input action=drop protocol=udp in-interface=ether1-gateway dst-port=53 log=no log-prefix=""
3 chain=forward action=drop protocol=udp in-interface=ether1-gateway dst-port=53 log=no log-prefix=""
4 chain=forward action=drop protocol=tcp in-interface=ether1-gateway dst-port=53 log=no log-prefix=""
5 ;;; ADMIN Blocked via ACL "admin_block"
chain=forward action=drop src-address-list=admin_block log=no log-prefix=""
6 ;;; ADMIN Blocked via ACL "admin_block"
chain=input action=drop src-address-list=admin_block log=yes log-prefix=""
7 ;;; accept WHITELIST ACL input
chain=input action=accept src-address-list=whitelist log=no log-prefix=""
8 ;;; ***allow OpenVPN port
chain=input action=accept connection-state=new protocol=tcp dst-port=1194 log=no log-prefix=""
9 ;;; ***allow WINBOX
chain=input action=accept protocol=tcp src-address-list=whitelist dst-port=8291 log=no log-prefix="WINBOX_IN"
10 ;;; ***allow WINBOX
chain=input action=accept protocol=tcp src-address=62.218.xxx.xxx/27 dst-port=8291 log=no log-prefix="WINBOX_IN"
11 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage3 address-list=ssh_blacklist address-list-timeout=5d dst-port=22 log=no log-prefix=""
12 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3 address-list-timeout=1m dst-port=22 log=no log-prefix=""
13 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2 address-list-timeout=1m dst-port=22 log=no log-prefix=""
14 chain=input action=add-src-to-address-list connection-state=new protocol=tcp address-list=ssh_stage1 address-list-timeout=1m dst-port=22 log=no log-prefix=""
15 ;;; ***allow SSH Port
chain=input action=accept protocol=tcp src-address-list=!ssh_blacklist dst-port=22 log=yes log-prefix="SSH_IN"
16 ;;; EST./REL.
chain=input action=accept connection-state=established,related log=no log-prefix=""
17 chain=forward action=fasttrack-connection connection-state=established,related src-address=10.20.30.0/24 log=no log-prefix=""
18 chain=forward action=accept src-address=10.20.30.0/24 log=no log-prefix=""
19 chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""
20 chain=forward action=accept connection-state=established,related log=no log-prefix=""
21 chain=forward action=accept in-interface=LAN-bridge log=no log-prefix=""
22 chain=forward action=drop connection-state=!established,related log=no log-prefix=""
23 chain=input action=accept protocol=icmp limit=1,5:packet log=no log-prefix=""
24 ;;; DRP invalid
chain=input action=drop connection-state=invalid log=no log-prefix=""
25 ;;; DRP if not allowed above
chain=input action=drop log=no log-prefix=""
Who is online
Users browsing this forum: No registered users and 74 guests