dslreports logo
spacer Home Reviews Speed Test Tools News Forums Info About Join  
 
    All Forums Hot Topics Gallery
spc
ForumsUS ISPs non-cable

AT&T U-verseRe: 2Wire 3801HGV - ports open (even when I didn't open it)

 uniqs
83
Share
« Trying to make a host show up in Home Network DevicesMotorola VIP-1216 not working »
This is a sub-selection from 2Wire 3801HGV - ports open (even when I didn't open it)

dahan
join:2000-10-25
Leander, TX

dahan to lanwarrior

Member

2012-Dec-4 12:39 pm

to lanwarrior

Re: 2Wire 3801HGV - ports open (even when I didn't open it)

Maybe your office is running a transparent proxy that intercepts connections to those common ports. Have you tried accessing them the way they're supposed to be accessed to see what happens? E.g., try to ftp to your IP address, or open http://your.ip.address in a web browser, etc... if the ports really are open, you'll be able to connect, and maybe get some more info that way.

If the connections are actually going to your office proxy server, rather than to your U-Verse box, you don't need to worry about it.

BTW, 110 is POP3, and 143 is IMAP.
actions · 2012-Dec-4 12:39 pm ·
lanwarrior
join:2007-08-09
Los Angeles, CA

lanwarrior

Member

2012-Dec-4 5:05 pm

Crap, I was typing a response and Chrome crashed... Had to re-type.

Anyways, I have tried running the scan using 2 different mobile hotspots from Clear and T-Mobile and in both cases, NMAP shows the same ports open.

Is there a syntax I can use to check if the open ports really have open services? I.e. if I telnet to port 25, run some syntax to see if this is truly an SMTP service.

If there is a tool that can do that (I used to use Nessus, but they're no longer open source), let me know.

PS: I am now using the ASUS router as an "internal" firewall, so if it is determined that the 2WIRE modem/router that have the open ports, at least my internal network is still secured by the ASUS router. I am not sure if there is a performance issue for having a router connecting to another router...
actions · 2012-Dec-4 5:05 pm ·

mackey
Premium Member
join:2007-08-20

mackey

Premium Member

2012-Dec-4 7:15 pm

said by lanwarrior:

Is there a syntax I can use to check if the open ports really have open services? I.e. if I telnet to port 25, run some syntax to see if this is truly an SMTP service.

Yes.

Port 25: ehlo test.example
If there's a mail server there it will respond with something like:
telnet gmail-smtp-in.l.google.com 25
Trying 74.125.25.26...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP zw4si4576639pbc.64
ehlo test.example
250-mx.google.com at your service, [76.171.149.106]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
quit
221 2.0.0 closing connection zw4si4576639pbc.64
Connection closed by foreign host.
Both "ehlo test.example" and "quit" were typed by me.

For ports 80 and 8080: GET / HTTP/1.0 (and then hit 'Enter' twice)
telnet google.com 80
Trying 74.125.224.197...
Connected to google.com.
Escape character is '^]'.
GET / HTTP/1.0
 
HTTP/1.0 200 OK
Date: Wed, 05 Dec 2012 00:14:15 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=4683a86bd76be483:FF=0:TM=1354666455:LM=1354666455:S=TEj_dOEgqeCVVkI6; expires=Fri, 05-Dec-2014 00:14:15 GMT; path=/; domain=.google.com
Set-Cookie: NID=66=RsydMO-p4v_qBH_jrcbz9sM84wyPxivLSjgUvWL2NHPsj-qT2PIXBdpiXCpX88-NxsG_wdY4ZhSotKdVjGaOH0RMEMfyvKxEXrE_Tfa5oavkjvgtood6CK0pbv0-lhkq; expires=Thu, 06-Jun-2013 00:14:15 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
 
<!doctype html><html itemscope="itemscope" itemtype="http://schema.org/WebPage"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp" name="robots"><meta itemprop="image" content="/images/google_favicon_128.png"><title>Google</title><script>(function(){
window.google={kEI:"15G-UNfWM4WFiAL3pIGQCQ",getEI:function(a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||google.kEI},https:function(){return"https:"==window.location.protocol},kEXPI:"25657,39523,39976,40363,4000116,4000473,4000566,4000945,4000955,4001372,4001456,4001569,4001855,4001933,4001959,4001966,4002000,4002036,4002048,4002161,4002240,4002348,4002359,4002378,4002391,4002436,4002460,4002466,4002510,4002562,4002710,4002733,4002756,4002789,4002883",kCSI:{e:"25657,39523,39976,40363,4000116,4000473,4000566,4000945,4000955,4001372,4001456,4001569,4001855,4001933,4001959,4001966,4002000,4002036,4002048,4002161,4002240,4002348,4002359,4002378,4002391,4002436,4002460,
...

/M
actions · 2012-Dec-4 7:15 pm ·
ipman
join:2010-08-31
San Jose, CA

ipman

Member

2012-Dec-17 8:04 pm

Only if you know the type of service it is running.

I found that TCP port 3476 is open on my 3600. Clearly, it is waiting for some data after connect. I just hope it is not a backdoor to access my LAN. Luckily, I have another router behind it to protect from this madness. But if someone hacked the 3600 and change its DNS, I am screwed. Maybe it is time to use a public DNS like 8.8.8.8.

Port 25 will result in immediate disconnect.
actions · 2012-Dec-17 8:04 pm ·
ForumsUS ISPs non-cableAT&T U-verse
« Trying to make a host show up in Home Network DevicesMotorola VIP-1216 not working »
This is a sub-selection from 2Wire 3801HGV - ports open (even when I didn't open it)