Why is port 1723 (PPTP) open in ER8411?
Why is port 1723 (PPTP) open in ER8411?
Hi,
Today I just randomly ran nmap scan on my ER8411 and found out port 1723 (PPTP) is open. Why this port is open when I'm not using PPTP VPN? Also, same question for port 8080.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Clive_A ,
I have just updated ER8411 with firmware version 1.2.0, and now the nmap scan doesn't show that port 1723 is open.
➜ ~ nmap -v -Pn 172.16.10.1
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap. org ) at 2023-12-28 09:48 IST
Initiating Parallel DNS resolution of 1 host. at 09:48
Completed Parallel DNS resolution of 1 host. at 09:48, 4.04s elapsed
Initiating Connect Scan at 09:48
Scanning _gateway (172.16.10.1) [1000 ports]
Discovered open port 80/tcp on 172.16.10.1
Discovered open port 53/tcp on 172.16.10.1
Discovered open port 443/tcp on 172.16.10.1
Completed Connect Scan at 09:48, 1.73s elapsed (1000 total ports)
Nmap scan report for _gateway (172.16.10.1)
Host is up (0.0061s latency).
Not shown: 997 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 5.79 seconds
- Copy Link
- Report Inappropriate Content
Hi @di-vin
Thanks for posting in our business forum.
Don't see these two ports open on ER8411 1.1.1 firmware.
telnet ip port and can you use these ports?
Can you make sure it is not a false alarm?
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
> telnet ip port and can you use these ports?
telnet shows connected on port 1723
> Can you make sure it is not a false alarm?
Running the nmap on public IP from the local network, port 1723 was still shown as open. Only port 8080 is closed now. All other ports remain open.
➜ ~ nmap -v -Pn 122.**.**.21
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap. org ) at 2023-12-21 09:36 IST
Initiating Parallel DNS resolution of 1 host. at 09:36
Completed Parallel DNS resolution of 1 host. at 09:36, 0.02s elapsed
Initiating Connect Scan at 09:36
Scanning 122.**.**.21 [1000 ports]
Discovered open port 53/tcp on 122.**.**.21
Discovered open port 443/tcp on 122.**.**.21
Discovered open port 80/tcp on 122.**.**.21
Discovered open port 1723/tcp on 122.**.**.21
Completed Connect Scan at 09:36, 0.12s elapsed (1000 total ports)
Nmap scan report for 122.**.**.21
Host is up (0.00044s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
1723/tcp open pptp
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
Also, I have added a Gateway ACL to block all open ports, but it's not working as expected. The Gateway ACL looks like this:
DIRECTION - WAN IN
POLICY - DENY
PROTOCOLS - ALL
SOURCE - IP Group:IPGroup\_Any
DESTINATION - IP-Port Group:Gateway Open Port
In the destination IP-Port Group (Gateway Open Port), I included the router local IP and all open ports, but the block is not being applied.
I also tried Gateway ACL with only open ports (without router local IP) still scan results are the same.
However, a similar Switch ACL blocks these open ports on the local network. The Switch ACL looks like this:
POLICY - DENY
PROTOCOLS - ALL
SOURCE - IP Group:IPGroup\_Any
DESTINATION - IP-Port Group:Gateway Open Port
here is the scan result when the above Switch ACL is enabled
➜ ~ nmap -v -Pn 172.16.10.1
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap. org ) at 2023-12-21 10:03 IST
Initiating Parallel DNS resolution of 1 host. at 10:03
Completed Parallel DNS resolution of 1 host. at 10:03, 4.02s elapsed
Initiating Connect Scan at 10:03
Scanning _gateway (172.16.10.1) [1000 ports]
Completed Connect Scan at 10:03, 1.32s elapsed (1000 total ports)
Nmap scan report for _gateway (172.16.10.1)
Host is up (0.00045s latency).
Not shown: 995 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp filtered domain
80/tcp filtered http
443/tcp filtered https
1723/tcp filtered pptp
8080/tcp filtered http-proxyRead data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 5.38 seconds
- Copy Link
- Report Inappropriate Content
Hi @di-vin
Thanks for posting in our business forum.
di-vin wrote
Hi @Clive_A
> telnet ip port and can you use these ports?
telnet shows connected on port 1723
> Can you make sure it is not a false alarm?
Running the nmap on public IP from the local network, port 1723 was still shown as open. Only port 8080 is closed now. All other ports remain open.
➜ ~ nmap -v -Pn 122.**.**.21
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap. org ) at 2023-12-21 09:36 IST
Initiating Parallel DNS resolution of 1 host. at 09:36
Completed Parallel DNS resolution of 1 host. at 09:36, 0.02s elapsed
Initiating Connect Scan at 09:36
Scanning 122.**.**.21 [1000 ports]
Discovered open port 53/tcp on 122.**.**.21
Discovered open port 443/tcp on 122.**.**.21
Discovered open port 80/tcp on 122.**.**.21
Discovered open port 1723/tcp on 122.**.**.21
Completed Connect Scan at 09:36, 0.12s elapsed (1000 total ports)
Nmap scan report for 122.**.**.21
Host is up (0.00044s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
1723/tcp open pptp
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.17 secondsAlso, I have added a Gateway ACL to block all open ports, but it's not working as expected. The Gateway ACL looks like this:
DIRECTION - WAN IN
POLICY - DENY
PROTOCOLS - ALL
SOURCE - IP Group:IPGroup\_Any
DESTINATION - IP-Port Group:Gateway Open Port
In the destination IP-Port Group (Gateway Open Port), I included the router local IP and all open ports, but the block is not being applied.
I also tried Gateway ACL with only open ports (without router local IP) still scan results are the same.
However, a similar Switch ACL blocks these open ports on the local network. The Switch ACL looks like this:
POLICY - DENY
PROTOCOLS - ALL
SOURCE - IP Group:IPGroup\_Any
DESTINATION - IP-Port Group:Gateway Open Port
here is the scan result when the above Switch ACL is enabled
➜ ~ nmap -v -Pn 172.16.10.1
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap. org ) at 2023-12-21 10:03 IST
Initiating Parallel DNS resolution of 1 host. at 10:03
Completed Parallel DNS resolution of 1 host. at 10:03, 4.02s elapsed
Initiating Connect Scan at 10:03
Scanning _gateway (172.16.10.1) [1000 ports]
Completed Connect Scan at 10:03, 1.32s elapsed (1000 total ports)
Nmap scan report for _gateway (172.16.10.1)
Host is up (0.00045s latency).
Not shown: 995 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp filtered domain
80/tcp filtered http
443/tcp filtered https
1723/tcp filtered pptp
8080/tcp filtered http-proxyRead data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 5.38 seconds
Do you have a NAT device inside the LAN? Draw the diagram for me.
We did a field test on an ER8411 in our lab and the PPTP port is not open. Factory default settings. Run by the same scan on nmap.
You might wanna try a reset? I will get the dev involved in this. I am inclined to believe that it is your config.
ACL is not properly set. I will not discuss this part and the stuff after. SW ACL would work indeed for LAN. But this is not the primary issue. I will only focus on why it is open.
- Copy Link
- Report Inappropriate Content
Hi @di-vin
ER8411 V1 1.1.1 beta. Pinned beta firmware on the forum.
I did it again. PPTP is not open.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A ,
I want to clarify that I am not using any NAT device in my network. Also, I am using the router in controller mode, not in standalone mode. In my understanding, resetting the router would not make any sense as it will be adopted by the same controller and the same configuration will be applied again after resetting. Can you please confirm if my understanding is correct or not?
Also, my ISP is blocking all well-known ports, the PPTP port is blocked by my ISP. I can also confirm this because today I ran the same scan on my public IP from a remote network. So, for now, I can live in peace. However, I'll check it again once v1.1.1 is publicly available.
- Copy Link
- Report Inappropriate Content
You have somthing here, I do a scan from LAN and WAN and the result is the same on pptp port.
ER8411 have pptp port closed but not ER707-M2 and ER706W
I have a newer firmware on my ER8411, have you tried this one? https://community.tp-link.com/en/business/forum/topic/636166
ER8411 1.1.1 Build 20231120 Rel.51697
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https
ER707-M2 1.1.1 Build 20230927 Rel.35167
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https
1723/tcp open pptp
2601/tcp open zebra
ER706W 1.0.2 Build 20231020 Rel.57490(4555)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
1723/tcp open pptp
2601/tcp open zebra
- Copy Link
- Report Inappropriate Content
The only difference is, that my ER8411 running firmware version 1.1.0. As I mentioned earlier I can not install beta firmware. I'll wait till public release. BTW, @Clive_A do you guys have any ETA on the v1.1.1 public release?
@MR.S why is it showing the PPTP port open on ER707-M2 and ER706W? Are you using this service or it is open by default?
- Copy Link
- Report Inappropriate Content
PPTP is old and outdated and insecure so I don't use it so this is not something I have opened.
but since it is clearly fixed on the ER8411, I hope it will also be fixed on the other router models with next update..
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @Gogan
Thanks for posting in our business forum.
Gogan wrote
Is this all the information you can get me? It's not helpful at all. You should draw a diagram to let me know what services you have. Do you have anything that might trigger the PPTP? It can range from a program on a PC or a service in your LAN.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 2132
Replies: 11
Voters 0
No one has voted for it yet.