# What are these open ports on my router?

## humbletech99

Hi,

   I've got a Netgear ADSL router with linux inside, sitting at home. I've just portscanned it from work to find the following ports open:

```
1864    Paradym 31 Port

4443    Pharos

5190    America-Online

5566    [Unknown]
```

There are a couple others open that I've omitted from the list because I opened them myself, but these four above are not set and don't appear in the netgear's administration interface as being opened/forwarded.

I remember seeing port 5190 open before but I didn't know what it meant, I think other people have also seen this, but I've just sweeped ports 1-65535 and found these other three.

What the FSCK is going on?

----------

## tost

Do you use Iptables ?

```
/sbin/iptables -P INPUT -j DROP 
```

And no incoming ports are open any longer  :Wink: 

5190 is MSN (filetransfer) but this is everything i know...

tost

----------

## humbletech99

no, the box is doesn't have a linux shell to do this, the netgear has a web interface only.

As far as I can tell, these ports have nowhere to go because I also port scan and netstat my own machines behind the firewall and there is nothing listening on these ports unless they are being forwared to different numbers which I don't think the netgear can do because I tried this already for something else and it only forwards port for port to a given hostname...

----------

## tost

As I said you can configure a firewall (iptables) on your Linux Box (not the router)

www.netfilter.org

tost

----------

## Rüpel

does your router allow local reconfiguration through UPnP? if so, local clients can open ports from inside.

does that netgear-router support UPnP at all?

----------

## humbletech99

it does but I'm not sure if it's on or off, I'll switch it off when I get home... I wasn't sure what pnp was on it...

but this would still need a host to also support this and open the port if you are right, and neither of my machines have open matching ports.... I scanned them both last night...

----------

## Rüpel

yeah, well, erm, netgear, ...   :Rolling Eyes: 

----------

## humbletech99

huh?

----------

## madchaz

If you have a UPnP complient client for bittorrent (like azerus) it'll connect to the router and open the ports, then automaticaly forward them to itself. Did you leave anything like that open on your home comp?

----------

## humbletech99

no, i don't use bittorrent because it's too damn hard to find the torrents I want and sometimes getting seeds is difficult. nor do i use azeurus.

I do use DC++ but I've set and opened my own ports for that and I know what they are. I can't think of any other networked application that should running that could do this....

I'm not sure if pnp is currently enabled or not, but as soon as I get home tonight I'll check and disable it if neccessary.

----------

## Rüpel

 *humbletech99 wrote:*   

> huh?

 

well, let's say i'm not working for netgear   :Wink: 

have a look at that:

http://forum1.netgear.com/support/viewtopic.php?t=767

there's no solution behind that link, but it seems you're not alone and it seems it's not your fault.

*edit*

did you try to update the firmware of your router?

----------

## humbletech99

very disappointing of netgear, they're supposed to be reputable company, not so reputable when this gets around...

I much preferred my old linksys, it actually had ssl web administration, no clear text passwords!

----------

## PaulBredbury

Firmware bug, supposedly.

----------

## humbletech99

ha! what a rediculous excuse. Netgear, one of the biggest companies out there in the networking world, and they have such a stupid and obvious bug in a firmware. I think not... 

Especially not when a simple port scan reveals the problem...

This could have been found by a beta tester within an hour...

cheeky sods didn't even have to do all the work for it, they just used linux and put on web interface with the word "Netgear" on it.

I'll be going home tonight to add rules to block these four ports. Not a big operation but one I feel you shouldn't have to do if you have a quality product.

I've actually wondered what vulnerabilities these netgear toys actually have. I recon a decent cracker would eat them like candy...

Maybe I should go through the trouble of setting up my own hardening linux adsl router...

What do you guys use for your home connections?

----------

## humbletech99

Oh dear....

I've added Firewall rules to block the ports that were open but after applying this and repeated scanning I can confirm that they are still there!

How the heck am I gonna close these stupid ports??????????!!!!!!!!!!!!!

Netgear, u suck.

----------

