nmap results show open/filtered UDP ports on main WAN connection

Viktor Jaep

Very Senior Member
Hi All... I would like to know if this looks normal to you? I ran an nmap against UDP ports hanging off my main WAN connection IP, and got these results...

Code:
67/udp   open|filtered dhcps
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
3702/udp open|filtered ws-discovery
5353/udp open|filtered zeroconf

Could you please check your end to see what you get, for those who keep tabs on their firewalls? Does it make sense to close these, or would that cause networking on this level to grind to a halt? I'm semi-comfortable that they are open|filtered... as that means they are not responding, but still indicate that they are open according to the nmap documentation.

I was also surprised when doing an nmap against my TCP ports on my main WAN connection, that one port was open unbeknownst to me:

Code:
8200/tcp open  trivnet1

It turned out that under the main router UI -> USB Application -> Media Server -> Enable UPnP Media Server was enabled... After disabling that, tcp port 8200 was closed.
 

ColinTaylor

Part of the Furniture
Perfectly normal if you're testing from your LAN side. None of those are exposed to the internet.
 

Viktor Jaep

Very Senior Member
Perfectly normal if you're testing from your LAN side. None of those are exposed to the internet.
You're correct... I just ran an nmap from outside my network, and no UDP ports are showing as open. Thanks for the validation!
 

SomeWhereOverTheRainBow

Part of the Furniture
Hi All... I would like to know if this looks normal to you? I ran an nmap against UDP ports hanging off my main WAN connection IP, and got these results...

Code:
67/udp   open|filtered dhcps
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
3702/udp open|filtered ws-discovery
5353/udp open|filtered zeroconf

Could you please check your end to see what you get, for those who keep tabs on their firewalls? Does it make sense to close these, or would that cause networking on this level to grind to a halt? I'm semi-comfortable that they are open|filtered... as that means they are not responding, but still indicate that they are open according to the nmap documentation.

I was also surprised when doing an nmap against my TCP ports on my main WAN connection, that one port was open unbeknownst to me:

Code:
8200/tcp open  trivnet1

It turned out that under the main router UI -> USB Application -> Media Server -> Enable UPnP Media Server was enabled... After disabling that, tcp port 8200 was closed.
Here is what mine looks like.

Code:
Not shown: 994 closed ports
PORT     STATE         SERVICE
67/udp   open|filtered dhcps
123/udp  open|filtered ntp
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
161/udp  open|filtered snmp
5353/udp open|filtered zeroconf
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top