Unknown open ports and services

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Unknown open ports and services

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Unknown open ports and services
Unknown open ports and services
2021-09-03 08:51:48
Model: TL-WR845N  
Hardware Version:
Firmware Version:

I did a scan of my router and it shows the following ports and services. Even though only my device is connected. Anyone more knowledgeable know what these are?

 

PORT     STATE SERVICE VERSION
22/tcp   open  ssh     Dropbear sshd 2012.55 (protocol 2.0)
53/tcp   open  domain  dnsmasq 2.52
80/tcp   open  http    TP-LINK TD-W8968 http admin
1900/tcp open  upnp    Portable SDK for UPnP devices 1.6.19 (Linux 2.6.36; UPnP 1.0)

 

Is dropbear an inbuilt ssh client or is it malicious?

  0      
  0      
#1
Options
2 Reply
Re:Unknown open ports and services
2021-09-03 12:07:12 - last edited 2021-09-03 12:15:12

@Fisherman 

 

Yes, Dropbear is a SSH server and client that can be found on TP-Link routers.  https://en.wikipedia.org/wiki/Dropbear_(software)

 

I assume you performed the port scan while connected to a LAN port of the router. If so, then the result of the port scan looks reasonable.

 

If you did a port scan while connected to the WAN port of the router, then ideally there should be no open ports, except the one's you've opened yourself on purpose. For example, on my TP-Link router it shows one open port, which is port 1194 used by OpenVPN, because I have enabled the OpenVPN server of my router.

 

 

 

  0  
  0  
#2
Options
Re:Unknown open ports and services
2021-09-03 13:25:44 - last edited 2021-09-03 14:08:22

@Fisherman 

 

You didn't describe your network topology and devices connected to the router.

If the port scan is from inside your network you shouldn't worry about these ports.

Judging by the information you posted your network should look like this:

 

ISP=>TD-W8968=>TL-WR845N

 

If that's the case and the port scan is from outside your network, you should look at:

 

1. TD-W8968 settings if its in ADSL modem router mode.

 

Disable UPnP:

 

 

2. TL-WR845N settings if TD-W8968 is in bridge mode:

 

Disable UPnP:

 

 

Initiate another port scan and check again.

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
  0  
  0  
#3
Options

Information

Helpful: 0

Views: 1336

Replies: 2

Related Articles