Unknown open ports and services
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
I did a scan of my router and it shows the following ports and services. Even though only my device is connected. Anyone more knowledgeable know what these are?
PORT STATE SERVICE VERSION
22/tcp open ssh Dropbear sshd 2012.55 (protocol 2.0)
53/tcp open domain dnsmasq 2.52
80/tcp open http TP-LINK TD-W8968 http admin
1900/tcp open upnp Portable SDK for UPnP devices 1.6.19 (Linux 2.6.36; UPnP 1.0)
Is dropbear an inbuilt ssh client or is it malicious?
Yes, Dropbear is a SSH server and client that can be found on TP-Link routers. https://en.wikipedia.org/wiki/Dropbear_(software)
I assume you performed the port scan while connected to a LAN port of the router. If so, then the result of the port scan looks reasonable.
If you did a port scan while connected to the WAN port of the router, then ideally there should be no open ports, except the one's you've opened yourself on purpose. For example, on my TP-Link router it shows one open port, which is port 1194 used by OpenVPN, because I have enabled the OpenVPN server of my router.
You didn't describe your network topology and devices connected to the router.
If the port scan is from inside your network you shouldn't worry about these ports.
Judging by the information you posted your network should look like this:
ISP=>TD-W8968=>TL-WR845N
If that's the case and the port scan is from outside your network, you should look at:
1. TD-W8968 settings if its in ADSL modem router mode.
Disable UPnP:
2. TL-WR845N settings if TD-W8968 is in bridge mode:
Disable UPnP:
Initiate another port scan and check again.