Port 53 Open According to Shodan

[ericnix]

I searched for my IP address on Shodan and was surprised to see that I had an open port (53).

Is this enabled by default for most routers? I don't have a port forward set up for it. Not sure if my router automatically opens it (UniFi Security Gateway-Pro).

 

[Nullity]

If you have a dynamic IP, Shodan could be reporting that port 53 was open when someone else had your current IP.

You could use some free online port scanner to confirm that it is open.

 

[sfx2000]

Sometimes it's the modem that has the port 53/udp port open from the WAN side - have seen this before...

 

[RMerlin]

Sometimes it's the modem that has the port 53/udp port open from the WAN side - have seen this before...

Uh... Why?

 

[System Error Message]

Actually the modem would not show because it wont have the public ip address.

Port 53 open on WAN side is bad because it means the router's DNS service is exposed to WAN and people can use your router as a DNS server or potentially feed it DNS replies which could be the wrong addresses. This is serious.

 

[sfx2000]

Uh... Why?

Not sure why, except for perhaps a misconfiguration on the carrier side of the modem - I've seen it before during scans by request for friends...

It is a bit worrisome as this is a potential security issue in many ways (everything from DDOS via DNS amplification attacks to potential information leakage depending on how things are configured).

 

[sfx2000]

Actually the modem would not show because it wont have the public ip address.

The modem can show - see my comment to RMerlin - and I've seen this more than once...

 

[ericnix]

When I used several port scanners, it didn't show anything open. Maybe Shodan is outdated with someone who had the IP before me?