Hello everyone. I made a scan as logged off and the ports of my windows 8 operating system were closed. I made a scan as logged in and the 30005/tcp port (used my backdoor JZ / LItus) was open. I have upgraded my Ubuntu to 12.04 and I made a scan of the ports as logged off and they were closed. Then I made a scan as logged in and the 30005/tcp was open (also in Ubuntu 12.04 that I had installed the same day: yesterday!).
I should also add this piece of information: I have scanned my computer with Nmap from another computer of my network and the ports were all filtered.
Now, I am wondering: can be an error of SPEEDGUIDE scan port service?
30005/tcp open??
-
walkingcougar2005
- New Member
- Posts: 1
- Joined: Mon May 14, 2012 11:46 pm
Do you have Cox for an ISP? I do and port 30005 is open on both of my home computers. You can take this with a grain of salt but in my research I read that Cox keeps this port open for firmware updates. In all my research I encountered comments by people who seemed very computer literate and none were able to close that port. Mentioned also was a suspicion that it was a Cox-approved tunnel provided to the government.
Other than that old malware, port 30005 is also sometimes associated with TR-069, a protocol for remote management of end-user devices (modems, routers, gateways, VoIP phones, set-top boxes). It has some known exploits. You may want to try turning of TR-069 in your gateway, or, if not possible just forward the port to an unused local IP address.
I have updated the port description in the security scan with some possible mitigation as well.
I have updated the port description in the security scan with some possible mitigation as well.
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits), even though my tin foil hat is regularly audited for potential supply chain tampering. I also eat whatever crayons are put in front of me.
๑۩۞۩๑
๑۩۞۩๑