Hi All,

I have noticed that my RB435G(RouterOS 5.19) has 1723/ tcp port is opened by default. I am not using any pptp features now, and want to close it.

[$]> sudo nmap -P0 XXX.XXX.XXX.XXX
Starting Nmap 6.00 ( http://nmap.org ) at 2013-07-18 21:34 EEST
Nmap scan report for XXX.XXX.XXX.XXX
Host is up (0.0012s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
1723/tcp open pptp <<<

Can you prompt me how can I do this properly?
I have already tried to disable it on "/webfig/#IP:Firewall.Service_Ports" - no luck:

[admin@gw] /ip firewall> service-port print
Flags: X - disabled, I - invalid #
NAME PORTS
0 ftp 21
1 tftp 69
2 irc 6667
3 h323
4 sip 5060 5061
5 X pptp

I haven't any pptp servers configured:

[admin@gw] > /interface pptp-server print
Flags: X - disabled, D - dynamic, R - running

NAME USER MTU CLIENT-ADDRESS UPTIME ENCODING

======
My FW hasn't explicit rules to keep it open.
I have even tried to add such FW rule(have tried both variant with/without explicit "in-interface" specifying):

[admin@gw] > /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic

CHAIN ACTION BYTES PACKETS

4 ;;; Block 1723/tcp pptp
chain=input action=drop protocol=tcp dst-port=1723

Actually it do nothing, nmap still marked it as opened, also I am having ability to connect 1723 via telnet:

[$]> telnet gw.lab.org 1723
Trying XXX.XXX.XXX.XXX...
Connected to gw.lab.org
Escape character is '^]'.
xmvxmvkxvkxvkxvkmvxckmvxckxcvkxkcvmkxcv

however there is some statistic changes while I am connecting via telnet:

[admin@gw] > /ip firewall filter print stats
Flags: X - disabled, I - invalid, D - dynamic

CHAIN ACTION BYTES PACKETS

4 ;;; Block 1723/tcp pptp
input drop 468 9

I am fully confused about this issue.
Please advise.

TIA