Why is port 1723 (PPTP) open in ER8411?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Why is port 1723 (PPTP) open in ER8411?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Why is port 1723 (PPTP) open in ER8411?
Why is port 1723 (PPTP) open in ER8411?
2023-12-20 11:45:08 - last edited 2023-12-28 04:23:33
Tags: #VPN #PPTP
Model: ER8411  
Hardware Version: V1
Firmware Version: 1.1.0

Hi,

 

Today I just randomly ran nmap scan on my ER8411 and found out port 1723 (PPTP) is open. Why this port is open when I'm not using PPTP VPN? Also, same question for port 8080.

 

  1      
  1      
#1
Options
1 Accepted Solution
Re:Why is port 1723 (PPTP) open in ER8411?-Solution
2023-12-28 04:23:25 - last edited 2023-12-28 04:23:33

Hi  @Clive_A ,

 

I have just updated ER8411 with firmware version 1.2.0, and now the nmap scan doesn't show that port 1723 is open. yes

 

➜  ~ nmap -v -Pn 172.16.10.1

Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.

Starting Nmap 7.94 ( https://nmap. org ) at 2023-12-28 09:48 IST

Initiating Parallel DNS resolution of 1 host. at 09:48

Completed Parallel DNS resolution of 1 host. at 09:48, 4.04s elapsed

Initiating Connect Scan at 09:48

Scanning _gateway (172.16.10.1) [1000 ports]

Discovered open port 80/tcp on 172.16.10.1

Discovered open port 53/tcp on 172.16.10.1

Discovered open port 443/tcp on 172.16.10.1

Completed Connect Scan at 09:48, 1.73s elapsed (1000 total ports)

Nmap scan report for _gateway (172.16.10.1)

Host is up (0.0061s latency).

Not shown: 997 closed tcp ports (conn-refused)

PORT    STATE SERVICE

53/tcp  open  domain

80/tcp  open  http

443/tcp open  https

 

Read data files from: /usr/local/bin/../share/nmap

Nmap done: 1 IP address (1 host up) scanned in 5.79 seconds

 

Recommended Solution
  0  
  0  
#12
Options
11 Reply
Re:Why is port 1723 (PPTP) open in ER8411?
2023-12-21 07:26:33

Hi @di-vin 

Thanks for posting in our business forum.

Don't see these two ports open on ER8411 1.1.1 firmware.

telnet ip port and can you use these ports?

Can you make sure it is not a false alarm?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:Why is port 1723 (PPTP) open in ER8411?
2023-12-21 09:39:37

Hi  @Clive_A 

 

> telnet ip port and can you use these ports?

 

telnet shows connected on port 1723

 

 

 

> Can you make sure it is not a false alarm?

 

Running the nmap on public IP from the local network, port 1723 was still shown as open. Only port 8080 is closed now. All other ports remain open.

 

 

➜  ~ nmap -v -Pn 122.**.**.21    
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap. org ) at 2023-12-21 09:36 IST
Initiating Parallel DNS resolution of 1 host. at 09:36
Completed Parallel DNS resolution of 1 host. at 09:36, 0.02s elapsed
Initiating Connect Scan at 09:36
Scanning 122.**.**.21 [1000 ports]
Discovered open port 53/tcp on 122.**.**.21
Discovered open port 443/tcp on 122.**.**.21
Discovered open port 80/tcp on 122.**.**.21
Discovered open port 1723/tcp on 122.**.**.21
Completed Connect Scan at 09:36, 0.12s elapsed (1000 total ports)
Nmap scan report for 122.**.**.21
Host is up (0.00044s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT     STATE SERVICE
53/tcp   open  domain
80/tcp   open  http
443/tcp  open  https
1723/tcp open  pptp
 

Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds


 

Also, I have added a Gateway ACL to block all open ports, but it's not working as expected. The Gateway ACL looks like this: 

 

DIRECTION - WAN IN  
POLICY - DENY  
PROTOCOLS - ALL  
SOURCE - IP Group:IPGroup\_Any  
DESTINATION - IP-Port Group:Gateway Open Port  

 

In the destination IP-Port Group (Gateway Open Port), I included the router local IP and all open ports, but the block is not being applied.

 

I also tried Gateway ACL with only open ports (without router local IP) still scan results are the same.

 

However, a similar Switch ACL blocks these open ports on the local network. The Switch ACL looks like this:

 

POLICY - DENY  
PROTOCOLS - ALL  
SOURCE - IP Group:IPGroup\_Any  
DESTINATION - IP-Port Group:Gateway Open Port  

 

here is the scan result when the above Switch ACL is enabled

 

➜  ~ nmap -v -Pn 172.16.10.1   
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap. org ) at 2023-12-21 10:03 IST
Initiating Parallel DNS resolution of 1 host. at 10:03
Completed Parallel DNS resolution of 1 host. at 10:03, 4.02s elapsed
Initiating Connect Scan at 10:03
Scanning _gateway (172.16.10.1) [1000 ports]
Completed Connect Scan at 10:03, 1.32s elapsed (1000 total ports)
Nmap scan report for _gateway (172.16.10.1)
Host is up (0.00045s latency).
Not shown: 995 closed tcp ports (conn-refused)
PORT     STATE    SERVICE
53/tcp   filtered domain
80/tcp   filtered http
443/tcp  filtered https
1723/tcp filtered pptp
8080/tcp filtered http-proxy

Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 5.38 seconds

  0  
  0  
#3
Options
Re:Why is port 1723 (PPTP) open in ER8411?
2023-12-22 02:59:54

Hi @di-vin 

Thanks for posting in our business forum.

di-vin wrote

Hi  @Clive_A 

 

> telnet ip port and can you use these ports?

 

telnet shows connected on port 1723

 

 

 

> Can you make sure it is not a false alarm?

 

Running the nmap on public IP from the local network, port 1723 was still shown as open. Only port 8080 is closed now. All other ports remain open.

 

 

➜  ~ nmap -v -Pn 122.**.**.21    
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap. org ) at 2023-12-21 09:36 IST
Initiating Parallel DNS resolution of 1 host. at 09:36
Completed Parallel DNS resolution of 1 host. at 09:36, 0.02s elapsed
Initiating Connect Scan at 09:36
Scanning 122.**.**.21 [1000 ports]
Discovered open port 53/tcp on 122.**.**.21
Discovered open port 443/tcp on 122.**.**.21
Discovered open port 80/tcp on 122.**.**.21
Discovered open port 1723/tcp on 122.**.**.21
Completed Connect Scan at 09:36, 0.12s elapsed (1000 total ports)
Nmap scan report for 122.**.**.21
Host is up (0.00044s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT     STATE SERVICE
53/tcp   open  domain
80/tcp   open  http
443/tcp  open  https
1723/tcp open  pptp
 

Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds


 

Also, I have added a Gateway ACL to block all open ports, but it's not working as expected. The Gateway ACL looks like this: 

 

DIRECTION - WAN IN  
POLICY - DENY  
PROTOCOLS - ALL  
SOURCE - IP Group:IPGroup\_Any  
DESTINATION - IP-Port Group:Gateway Open Port  

 

In the destination IP-Port Group (Gateway Open Port), I included the router local IP and all open ports, but the block is not being applied.

 

I also tried Gateway ACL with only open ports (without router local IP) still scan results are the same.

 

However, a similar Switch ACL blocks these open ports on the local network. The Switch ACL looks like this:

 

POLICY - DENY  
PROTOCOLS - ALL  
SOURCE - IP Group:IPGroup\_Any  
DESTINATION - IP-Port Group:Gateway Open Port  

 

here is the scan result when the above Switch ACL is enabled

 

➜  ~ nmap -v -Pn 172.16.10.1   
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap. org ) at 2023-12-21 10:03 IST
Initiating Parallel DNS resolution of 1 host. at 10:03
Completed Parallel DNS resolution of 1 host. at 10:03, 4.02s elapsed
Initiating Connect Scan at 10:03
Scanning _gateway (172.16.10.1) [1000 ports]
Completed Connect Scan at 10:03, 1.32s elapsed (1000 total ports)
Nmap scan report for _gateway (172.16.10.1)
Host is up (0.00045s latency).
Not shown: 995 closed tcp ports (conn-refused)
PORT     STATE    SERVICE
53/tcp   filtered domain
80/tcp   filtered http
443/tcp  filtered https
1723/tcp filtered pptp
8080/tcp filtered http-proxy

Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 5.38 seconds

Do you have a NAT device inside the LAN? Draw the diagram for me.

We did a field test on an ER8411 in our lab and the PPTP port is not open. Factory default settings. Run by the same scan on nmap.

 

You might wanna try a reset? I will get the dev involved in this. I am inclined to believe that it is your config.

 

ACL is not properly set. I will not discuss this part and the stuff after. SW ACL would work indeed for LAN. But this is not the primary issue. I will only focus on why it is open.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:Why is port 1723 (PPTP) open in ER8411?
2023-12-22 07:13:50 - last edited 2023-12-22 07:14:49

Hi @di-vin

ER8411 V1 1.1.1 beta. Pinned beta firmware on the forum.

 

I did it again. PPTP is not open.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#5
Options
Re:Why is port 1723 (PPTP) open in ER8411?
2023-12-22 09:37:28

Hi  @Clive_A ,

 

I want to clarify that I am not using any NAT device in my network. Also, I am using the router in controller mode, not in standalone mode. In my understanding, resetting the router would not make any sense as it will be adopted by the same controller and the same configuration will be applied again after resetting. Can you please confirm if my understanding is correct or not?

 

​Also, my ISP is blocking all well-known ports, the PPTP port is blocked by my ISP. I can also confirm this because today I ran the same scan on my public IP from a remote network. So, for now, I can live in peace. However, I'll check it again once v1.1.1 is publicly available.

  0  
  0  
#6
Options
Re:Why is port 1723 (PPTP) open in ER8411?
2023-12-22 12:10:19 - last edited 2023-12-22 12:11:58

  @di-vin 

 

You have somthing here, I do a scan from LAN and WAN and the result is the same on pptp port.
ER8411 have pptp port closed but not ER707-M2 and ER706W

I have a newer firmware on my ER8411, have you tried this one?  https://community.tp-link.com/en/business/forum/topic/636166

 

 

 

ER8411 1.1.1 Build 20231120 Rel.51697
PORT    STATE SERVICE
22/tcp  open  ssh
53/tcp  open  domain
80/tcp  open  http
443/tcp open  https

 


ER707-M2 1.1.1 Build 20230927 Rel.35167
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
443/tcp  open  https
1723/tcp open  pptp
2601/tcp open  zebra

 

 

ER706W 1.0.2 Build 20231020 Rel.57490(4555)
PORT     STATE SERVICE
53/tcp   open  domain
80/tcp   open  http
443/tcp  open  https
1723/tcp open  pptp
2601/tcp open  zebra
 

 

  0  
  0  
#7
Options
Re:Why is port 1723 (PPTP) open in ER8411?
2023-12-22 12:21:30

Hi  @MR.S @Clive_A 

 

The only difference is, that my ER8411 running firmware version 1.1.0. As I mentioned earlier I can not install beta firmware. I'll wait till public release. BTW, @Clive_A do you guys have any ETA on the v1.1.1 public release?

 

@MR.S why is it showing the PPTP port open on ER707-M2 and ER706W? Are you using this service or it is open by default?

  0  
  0  
#8
Options
Re:Why is port 1723 (PPTP) open in ER8411?
2023-12-22 12:41:58

  @di-vin 

 

 

PPTP is old and outdated and insecure so I don't use it so this is not something I have opened.

but since it is clearly fixed on the ER8411, I hope it will also be fixed on the other router models with next update..

 

 

  0  
  0  
#9
Options
Re:Why is port 1723 (PPTP) open in ER8411?
2023-12-23 01:09:42

  @di-vin

  @Clive_A 

 

I have to add :

ER7206 v1.0

1.4.0

 

  0  
  0  
#10
Options
Re:Why is port 1723 (PPTP) open in ER8411?
2023-12-25 09:14:12

Hi @Gogan 

Thanks for posting in our business forum.

Gogan wrote

  @di-vin

  @Clive_A 

 

I have to add :

ER7206 v1.0

1.4.0

 

Is this all the information you can get me? It's not helpful at all. You should draw a diagram to let me know what services you have. Do you have anything that might trigger the PPTP? It can range from a program on a PC or a service in your LAN.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#11
Options