Ports 25 and 80 open

[martinr]

RT-AC68U
ASUS-Merlin 378.51

I ran a port scan from the Internet side of my router only and, interestingly, I find ports 25 (SMTP) and 80 open.

[The following is the the HTTP Head results on the external connection to port 80

Server: WebProxy/1.0 Pre-Alpha
Date: Mon, 30 Mar 2015 16:51:49 GMT
Content-Length: 0
Connection: keep. ]


No other devices appear to have an open connection on port 25 and 80. And I'm fairly sure that when I ran a similar scan a few months back, the only port found was the high-number one that I use to SSH in on.

[WAN access to the router gui is Disabled (I'm not sure, even if it was enabled, it would account for port 80 open, but, anyway, it's not. I completely disabled AIProtection and rebooted in case that was the cause, but the 2 ports are still open.]

Any ideas what accounts for these ports showing up as open in the scan and is it something worth losing sleep over?

Thanks

 

[hggomes]

Are you sure you are scanning the router and not another device? How are you scanning it?

 

[RMerlin]

Those have definitely nothing to do with the router. There's nothing related to SMTP on the router, and that Webproxy make me suspect it's possibly some filtering/proxying done by your ISP.

If you telnet to port 25 from the outside, the HELO banner might give you more information as to what is sitting on port 25.

 

[martinr]

Many thanks. I was using the cellular connection on my iPhone (wifi off) and using 2 different apps: Network Toolbox and Net Analyser. So perhaps a quirk of going through the cellular network.

Anyway, I'll try a nearby public wifi later and try Merlin's suggestion.

Another opportunity to learn something new - sincere thanks.

 

[martinr]

I feel such a berk: I should have worked it out myself. A scan from public wifi showed the 2 ports closed. So it was a quirk of scanning through a cellualr connection.

Now, I'm going to explore Merlin's suggestion as an exercise. So, not a totally wasted effort on your parts.

Many thanks to you both.

Martin

 

[martinr]

Those have definitely nothing to do with the router. There's nothing related to SMTP on the router, and that Webproxy make me suspect it's possibly some filtering/proxying done by your ISP.

If you telnet to port 25 from the outside, the HELO banner might give you more information as to what is sitting on port 25.

For interest's sake, using the cellular connection, I connected to port 25 at my external IP address (......asuscomm.com) using the raw socket tool in my Network Toolbox app. Screenshot:

I thought this tells me that the quirk, whereby ports 80 and 25 appeared to be open when scanning over cellular, is something to do with my DDNS address through ASUS. So instead of scanning ......,asuscomm.com, I scanned 89.168.207.xx, the external IP address. Both ports again showed open, so perhaps not.

Anyway, it's a relief to know it was an artefact of scanning via cellular.

Thanks again.