Open Ports

dadzejson · August 10, 2018, 2:19am

When i scanned my router with nmap i got this:

25/tcp open smtp
110/tcp open pop3-proxy Avast! anti-virus pop3 proxy (cannot connect to 10.0.0.1)
119/tcp open nntp-proxy Avast! anti-virus NNTP proxy (cannot connect to 10.0.0.1)
143/tcp open imap-proxy Avast! anti-virus IMAP proxy (cannot connect to 10.0.0.1)
465/tcp open tcpwrapped
563/tcp open tcpwrapped
587/tcp open smtp-proxy Avast! anti-virus smtp proxy (cannot connect to 10.0.0.1)
993/tcp open tcpwrapped
995/tcp open tcpwrapped
8291/tcp open winbox MikroTik WinBox

How did those ports got open on my router and how can i close them ?

gotsprings · August 10, 2018, 2:57am

Export your firewall and maybe we can figure it out.

/ip firewall filter export

Jotne · August 10, 2018, 5:16am

Do you scan in inside LAN or on utside WAN?
And post your FW config.

dadzejson · August 10, 2018, 12:27pm

i scan from inside LAN…

add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=accept chain=input comment="Accept Ping" protocol=icmp
add action=accept chain=input comment="VPN Protocol" protocol=gre
add action=drop chain=input comment=SMTP dst-port="" port=25 protocol=tcp

Can applications on PCs open ports on router ?

proximus · August 10, 2018, 12:47pm

That’s not a valid scan. Avast is intercepting the nmap scan and reporting open ports, but almost all of them are not on the router .. they are local to the host.

The “proxy” ones are self evident. Another example .. tcp/563 is the Avast service itself. Google and see what the others are.

dadzejson · August 10, 2018, 1:36pm

i used to scan the network from lan and in results had open just 2 ports (dns for example and mikrotik winbox)

now when i scan the network from inside (im scaning WAN interface btw not LAN) i have tons of open ports…dont have avast installed anywhere tho

and when i try to scan WAN interface from some remote PC with nmap its says that “host seems down. maybe its really up but blocking our ping probes”

tippenring · August 10, 2018, 2:02pm

Yes, you have Avast installed somewhere. Probably on the PC you are scanning with is my guess. Avast is responding to a lot of your SYN packets.

The IP you are pinging is not responding.

anav · August 10, 2018, 3:56pm

As was noted, if you are scanning from a PC within the LAN, the scan is filtered by whats going out to the LAN in accordance with the security apps on your PC and you are scanning your LAN and not the router.

If you want a more valid test of your router (not the litmus test but a reasonable test) go to grc.com.
Click on the Shields Up logo/url then after the next screen scroll down to " New Shields Up Test" (usually right after the Spinrite block).
Select proceed.

Try the file sharing selection first.
Then conduct the Common Ports
If you want you can also select specific ports or all ports (will take awhile).
Have fun!