Port 200 TCP etc. open and telnet by default?

silverstr8p · May 19, 2017, 8:02pm

I’m looking at open ports on an RB3011 and by default Telnet is open, why? That’s horrible. Why is FTP enabled by default? I disabled them both. Also, I noticed port 200 TCP open and a several others, what are they all for? The WebUI says:

api 8728
aoi-ssl 8729
ftp 21
ssh 22
telnet 23
winbox 8291
www 80
www-ssl 443

But here’s what netcat thinks:

#:> nc -z -n -v 192.168.10.25 1-10000 2>&1 | grep succeeded
Connection to 192.168.10.25 port 21 [tcp/*] succeeded!
Connection to 192.168.10.25 port 22 [tcp/*] succeeded!
Connection to 192.168.10.25 port 23 [tcp/*] succeeded!
Connection to 192.168.10.25 port 53 [tcp/*] succeeded!
Connection to 192.168.10.25 port 80 [tcp/*] succeeded!
Connection to 192.168.10.25 port 200 [tcp/*] succeeded!
Connection to 192.168.10.25 port 443 [tcp/*] succeeded!
Connection to 192.168.10.25 port 2000 [tcp/*] succeeded!
Connection to 192.168.10.25 port 3128 [tcp/*] succeeded!
Connection to 192.168.10.25 port 8080 [tcp/*] succeeded!
Connection to 192.168.10.25 port 8291 [tcp/*] succeeded!
Connection to 192.168.10.25 port 8728 [tcp/*] succeeded!
Connection to 192.168.10.25 port 8729 [tcp/*] succeeded!

According to IANA, port 200 TCP is “IBM System Resource Controller”, uh, okay. I’m guessing some of the others are used for non-standard things?

Revelation · May 20, 2017, 3:16am

It’s the user’s responsibility to lock their device down.

I mean, sheesh, why would they ship a device that has a default admin account with no password; what were they thinking… /sarcasm

silverstr8p · May 20, 2017, 5:11am

A quick masscan of the web I’m sure would prove that they don’t, or don’t know how to. Look at all the issues with default passwords. Why would telnet need to be open by default.

che · May 20, 2017, 8:48am

Did you install breaker panel in your aparatment on your own or you called an electrician?

Port 200 and few proxy ones in your list are not open by default (probably your port forwarding rule and activation of non-default services), and if you don’t know what services are active on the router by default you are not competent enough to safely operate the box.

Revelation · May 20, 2017, 1:08pm

None of that matters; the USER is responsible for hardening their equipment.

silverstr8p · May 20, 2017, 5:15pm

There is no port forwarding, I didn’t open any ports, and I closed FTP and telnet, other than that they are all standard port configuration.

pe1chl · May 20, 2017, 5:35pm

By default nothing is open from the internet side. You scanned the LAN side.
It is possible to disable services that you don’t like.
However, when you think open telnet service is a risk and open ssh service is not, you have not understood the issue.
(similar for the other services with ssl vs without ssl)

silverstr8p · May 20, 2017, 10:00pm

Still, the original question is what are the other ports for? Why are they open? Why would telnet be needed to be open by default?

pe1chl · May 21, 2017, 7:16am

The ports indicate in the service list are open to provide their respective services. From the LAN side only.
Telnet is open by default to allow access to the command line configuration service.
Several of the ports you show are not open by default but are opened because you configured certain services.
(e.g. the proxy ports)