Newly opened ports, should I be worried?

Rss

Hello,
I run the Fing premium Find Open Ports report most days on iOS and there are always 3 open, 443, 80 and 53. This morning it had changed to 80, 443, 5060 Session Initiation Protocol (SIP), and 8080 http-proxy Common HTTP proxy/second web server port. Have contacted BT for Smart Hub help for Full Fibre To House, FTTH, and tried to find out more on Stack Exchange/Wikipedia but no further forward. Also some devices (Sonos speakers) that were working fine can not be found on the network and now instead have a page asking if I have changed my settings, I have not. The only change made in the last 24 hours is upgrading iOS software to 14.4.1. 

May be unrelated but have had issues with calls made on BT’s VOIP handset, it’s like someone is intercepting calls and starting to wonder if this could be related.

Should I be worried and what action should I take please? All help greatly appreciated. Thanks!

Marc

@Rss , first thing to do is to get into your router configuration console and disable upnp. This feature allows anything on your network to request a port opening on your router. While convenient, as you can see it open you up to these types of issues. Once you disable it, reboot your router to clear everything out.

if something needs a port open, you can always open it yourself via your routers admin console or app.

Popula

Marc said:

@Rss , first thing to do is to get into your router configuration console and disable upnp. This feature allows anything on your network to request a port opening on your router. While convenient, as you can see it open you up to these types of issues. Once you disable it, reboot your router to clear everything out.

if something needs a port open, you can always open it yourself via your routers admin console or app.

THIS ^
Security 101 : NEVER leave that UPNP active! 
Best practice for the average (common) setup below. Do NOT do this if you are in separate network segments, VLAN etc. Also: if you use port-forwarding (eg for gaming, server-activities), make sure you have the particulars, so you can add them manually afterwards.

Check your router's manual to what IP-address it will default after a reset - you will need it.
To configure your router, use a CABLED connection with the PC/Laptop you will be working on. Do NOT use a tablet or other mobile device. Use your BROWSER to connect to your router with the IP address the manual is telling you to use.

Fifteen relatively simple steps to make your network safer and more stable:

1. Switch off all your devices (phones, laptops. PCs, printers. domotica, etc, then any switches and satellites you might have);
2. If you have one: Disconnect that FING box from your router;
3. Reset your router (eg. via a reset button, check your manual) and wait for it to come up again;
4. Leave UPNP active, for now;
5. Switch on all your devices (satellites and switches first if you have them, then phones, laptops. PCs, printers. domotica, etc);
6. If you have one: Connect that FING box to your router;
7. Wait 5-10 mins for your network to settle. Just be patient - have a cuppa;
8. In your router (NOT the FING box!), check the list of connected devices (LAN and WAN) and make sure you see them all;
9. Disable UPNP in your router;
10. Assign ALL your connected devices to a FIXED IP-address (be smart - group them - write it down), using their MAC addresses, that means your switches and satellites AND that FING box as well (modern routers have convenient tools for this). Takes a while, but it's worth the effort;
11. Switch all your devices OFF again;
12. Reboot your router and wait for it to settle - feed the dog/cat;
13. Switch all your devices ON again;
14. If necessary, add any port-forwarding you have been using. Make sure to use the proper IP-addresses (assigned by you in step 10, remember?) and commit the changes;
15. Have a cup of coffee/tea and enjoy the improved safety and stability. 

Your FING box will now flag and block any new device, but only if you ENABLE that option in the settings. Don’t forget that. 

My tuppence ....

Popula

You’re welcome. Feel free to ping me any time, if you feel you’re stuck. Always happy to help.

Popula

https://community.fing.com/discussion/comment/27141#Comment_27141

Try this, for absolute beginners :

https://web.stanford.edu/class/cs101/network-1-introduction.html

Or visit CISCO.COM .. a wealth of information about networking, principles and network devices.

Shooter

Rss said:

Just to let you know I did what you said and it appears to have worked, when I ran Find Open Ports earlier it’s back to the original 442, 80 and 53 being open, the others are now closed. Have disabled UPNP, it was previously on, and also changed the password from the standard out-of-the box 14 characters to 50! 

So hopefully job done for the time being - thanks again for your help, without it I would have wasted a lot of time. 

Btw can anyone recommend a good beginners course for understanding networks, I find it fascinating just incredibly confusing, where do you start to learn about this please?

I found this website to be a good start,
https://stevessmarthomeguide.com/basic-networking-course/.

Also this one for more generalized information, which you can sign up to receive new articles via email, https://askleo.com/recent-entries/

I hope these sources help! 

Rss

@Marc thanks, will try that!

Rss

Hi Popula, wow thank you so much for taking the time to post that, I will do this. Feels good to be able to take steps towards protecting myself. Very much appreciated!

Pixel

Assign ALL your connected devices to a FIXED IP-address (be smart - group them - write it down), using their MAC addresses, that means your switches and satellites AND that FING box as well (modern routers have convenient tools for this). Takes a while, but it's worth the effort;

An excellent guide, thanks, however it’s generally not recommended to use all fixed ip addresses on a home network as DHCP is designed specifically to efficiently allocate IP addresses, dynamically. There are exceptions in case of servers, printers etc., where other devices need to “know” the destination address for data retrieval/streams.

Setting static addresses on mobile devices in particular is not a good idea as when the user switches (changes to other) networks the device may not be able to connect to that IP address if it is already in use or the network uses a different subnet & hence a different IP address range.

Another “tuppence” spent 😉

Popula

https://community.fing.com/discussion/comment/27099#Comment_27099

Regarding the fixed IP-Addresses, I should have been a bit more specific.

Of course I did not mean to put a static IP on your individual devices - use the router for that, by assigning IP addresses to the MAC addresses of those devices.

That way, you will always know what’s (and who!) is on your network.

Thanks for the feedback :)

Pixel

...That way, you will always know what’s (and who!) is on your network...

you certainly will 😁

Rss

Just to let you know I did what you said and it appears to have worked, when I ran Find Open Ports earlier it’s back to the original 442, 80 and 53 being open, the others are now closed. Have disabled UPNP, it was previously on, and also changed the password from the standard out-of-the box 14 characters to 50! 

So hopefully job done for the time being - thanks again for your help, without it I would have wasted a lot of time. 

Btw can anyone recommend a good beginners course for understanding networks, I find it fascinating just incredibly confusing, where do you start to learn about this please?