Open Port(s)

Hi Fing Community,


I have had a series of Fing Internet Security Alerts that I’m not sure how to explain or resolve. 


Each time these incidents occur Fing reports 128 ports are open with the Fing app claiming this has been done manually - however I have been present on the two most recent incidents and know that the security of my property was not compromised on the first. Well, not physically. 


When I conduct a further Vulnerability Test during the incidents - Fing reports ‘Internet Security Verified’ via push notification but on relaunching the app, still reports 128 ports open 'Public IP xxx.xxx.xxx.xxx' is firewalled'. 


After some time of leaving the router OFF following restart a new IP address is assigned and Fing reports all ports closed. 


Router:

ZyXEL N300 4G LTE 

Network: Vodafone


Incidents:

19th Feb - 128 ports open (xxx.xxx.xxx.xx) 

Unable to remotely shut down router - Internet IP Changed (xxx.xx.xxx.xx) the following day and ports closed

24th March - 128 ports open (xxx.xxx.xxx.xxx)

Shut down router and restarted an hour later - on restart Internet IP Changed (xxx.xx.xxx.xxx) and ports closed

31st March - 128 ports open (xxx.xxx.xxx.xxx)

Shut down router restarted and hour later and on restart Internet IP Changed (xxx.xxx.xxx.xxx) 128 ports remain open


Open ports include: SHH Secure Shell, Cisco perf port, Simple Mail Transfer, Post Office V.3, IMB NetView DM/6000, SAP Oss, an array of TCP ports from 21 to 65462


I’m hoping the community can shed some light on this. 

Many thanks,


SB.

Answers

  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Hi @southbank, welcome to the community and thanks for asking your question.
    Depending on your firewall/router, it looks like you have UPnP enabled, at least I surmise as such without knowing the topology of your network.  The listed ports show nothing of major concern to me, especially if you are monitoring a company network with the Fingbox.  A suggestion on the remaining various "21-65462" is to use a port reporting tool to ensure that those ports are legit.
    Another means to ensure that only the ports that you need open are indeed open, would be to disable UPnP and manually add port forwarding entries into your firewall as the need fits.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain