Hello i have a Speedtouch 530 modem/router. i use WinXP(Gentoo too Smiley
when i namp from console i get this:
D:\nmap>nmap -sT -sV -O -P0 dslcustomer-225-52.vivodi.gr
PORT STATE SERVICE VERSION
21/tcp open ftp Alcatel Speedtouch aDSL router ftpd
23/tcp open telnet SpeedTouch DSL router admin interface
137/tcp closed netbios-ns
138/tcp closed netbios-dgm
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds
1723/tcp open pptp?
Too many fingerprints match this host to give specific OS details
Well i port scan my friend computer which he uses the same isp and same exact router i dotn see the same results:
D:\nmap>nmap -sT -sV -O -P0 dslcustomer-222-75.vivodi.gr
(The 1659 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE VERSION
137/tcp closed netbios-ns
138/tcp closed netbios-dgm
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds
Too many fingerprints match this host to give specific OS details
Nmap finished: 1 IP address (1 host up) scanned in 281.141 seconds
a) why to me it reports i have 21, 23 and 1723 port open? i didnt open them btw. ISP did this?
Is this because my ISP wants to remote managing me?
For example to upload his own firmware?
Why 3 ports and whats he is doing with every 3 of them?
b) Why doesnt report the smae from my friends pc when i nmap him?
Is this because iam issuing the command behind my router, but if so whats the problem with that?
c) why the netbios ports are displayed if they are closed? other ports as closed as well but nmap doesnt display them. why for netbios it does?
d) I am also running an http server Apache v2.0.55 (win32) and a smpt server and have 4899 port open but it doesnt show up why?
e) Is nmap a really good port scanner or there is soemthign better?
Thank you.
Nmap questions concerning my router
I would suggest removing the hostnames from your post. It's best practice not to disclose that type of thing.
NMap is as good of port scanner as you'll find. There are 3 basic states a port will be in on a firewall/router. The port will either be open, closed, or filtered. Filtered being the most secure. Open means there is a service listening on that port number, Closed means the service is running on the device or behind the device but it is not listening. Filtered means you get no response, so you don't know if it's existing or not.
You obviously have an FTP and Telnet service running on your router, most likely for remote management and upgrades. You'll need to contact your ISP to see if those services can be turned down. The PPTP port could be used as a control tunnel by your ISP for a secure connection. As far as I know this is not a common practice in the US although it may be in Germany.
As far as why you don't see your HTTP and SMTP server on the scan is because you are probably initiating a connection scan on the actual router itself (the -sT switch indicates this type of scan) instead of on the actual device running the HTTP service and SMTP service. They probably have different IPs and you would need to scan them directly to enumerate their services.
NMap is as good of port scanner as you'll find. There are 3 basic states a port will be in on a firewall/router. The port will either be open, closed, or filtered. Filtered being the most secure. Open means there is a service listening on that port number, Closed means the service is running on the device or behind the device but it is not listening. Filtered means you get no response, so you don't know if it's existing or not.
You obviously have an FTP and Telnet service running on your router, most likely for remote management and upgrades. You'll need to contact your ISP to see if those services can be turned down. The PPTP port could be used as a control tunnel by your ISP for a secure connection. As far as I know this is not a common practice in the US although it may be in Germany.
As far as why you don't see your HTTP and SMTP server on the scan is because you are probably initiating a connection scan on the actual router itself (the -sT switch indicates this type of scan) instead of on the actual device running the HTTP service and SMTP service. They probably have different IPs and you would need to scan them directly to enumerate their services.