Community discussions

MikroTik App
 
dadzejson
newbie
Topic Author
Posts: 27
Joined: Mon Jul 09, 2018 2:40 am

Open Ports

Fri Aug 10, 2018 5:19 am

When i scanned my router with nmap i got this:

25/tcp open smtp
110/tcp open pop3-proxy Avast! anti-virus pop3 proxy (cannot connect to 10.0.0.1)
119/tcp open nntp-proxy Avast! anti-virus NNTP proxy (cannot connect to 10.0.0.1)
143/tcp open imap-proxy Avast! anti-virus IMAP proxy (cannot connect to 10.0.0.1)
465/tcp open tcpwrapped
563/tcp open tcpwrapped
587/tcp open smtp-proxy Avast! anti-virus smtp proxy (cannot connect to 10.0.0.1)
993/tcp open tcpwrapped
995/tcp open tcpwrapped
8291/tcp open winbox MikroTik WinBox

How did those ports got open on my router and how can i close them ?
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 906
Joined: Mon May 14, 2012 9:30 pm

Re: Open Ports

Fri Aug 10, 2018 5:57 am

Export your firewall and maybe we can figure it out.

/ip firewall filter export
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1754
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Open Ports

Fri Aug 10, 2018 8:16 am

Do you scan in inside LAN or on utside WAN?
And post your FW config.
 
How to use Splunk to monitor your MikroTik Router(s)

MikroTik->Splunk
 
 
dadzejson
newbie
Topic Author
Posts: 27
Joined: Mon Jul 09, 2018 2:40 am

Re: Open Ports

Fri Aug 10, 2018 3:27 pm

i scan from inside LAN...

add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=accept chain=input comment="Accept Ping" protocol=icmp
add action=accept chain=input comment="VPN Protocol" protocol=gre
add action=drop chain=input comment=SMTP dst-port="" port=25 protocol=tcp

Can applications on PCs open ports on router ?
 
proximus
Member Candidate
Member Candidate
Posts: 113
Joined: Tue Oct 04, 2011 1:46 pm

Re: Open Ports

Fri Aug 10, 2018 3:47 pm

That's not a valid scan. Avast is intercepting the nmap scan and reporting open ports, but almost all of them are not on the router .. they are local to the host.

The "proxy" ones are self evident. Another example .. tcp/563 is the Avast service itself. Google and see what the others are.
 
dadzejson
newbie
Topic Author
Posts: 27
Joined: Mon Jul 09, 2018 2:40 am

Re: Open Ports

Fri Aug 10, 2018 4:36 pm

That's not a valid scan. Avast is intercepting the nmap scan and reporting open ports, but almost all of them are not on the router .. they are local to the host.

The "proxy" ones are self evident. Another example .. tcp/563 is the Avast service itself. Google and see what the others are.

i used to scan the network from lan and in results had open just 2 ports (dns for example and mikrotik winbox)

now when i scan the network from inside (im scaning WAN interface btw not LAN) i have tons of open ports....dont have avast installed anywhere tho

and when i try to scan WAN interface from some remote PC with nmap its says that "host seems down. maybe its really up but blocking our ping probes"
 
tippenring
Member Candidate
Member Candidate
Posts: 243
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Open Ports

Fri Aug 10, 2018 5:02 pm

i used to scan the network from lan and in results had open just 2 ports (dns for example and mikrotik winbox)

now when i scan the network from inside (im scaning WAN interface btw not LAN) i have tons of open ports....dont have avast installed anywhere tho
Yes, you have Avast installed somewhere. Probably on the PC you are scanning with is my guess. Avast is responding to a lot of your SYN packets.
and when i try to scan WAN interface from some remote PC with nmap its says that "host seems down. maybe its really up but blocking our ping probes"
The IP you are pinging is not responding.
 
anav
Forum Guru
Forum Guru
Posts: 4669
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Open Ports

Fri Aug 10, 2018 6:56 pm

As was noted, if you are scanning from a PC within the LAN, the scan is filtered by whats going out to the LAN in accordance with the security apps on your PC and you are scanning your LAN and not the router.

If you want a more valid test of your router (not the litmus test but a reasonable test) go to grc.com.
Click on the Shields Up logo/url then after the next screen scroll down to " New Shields Up Test" (usually right after the Spinrite block).
Select proceed.

Try the file sharing selection first.
Then conduct the Common Ports
If you want you can also select specific ports or all ports (will take awhile).
Have fun!
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: gastonet, mhaluska, sutrus and 62 guests