Open ports Apple Airport router

Hi there community,

I use an AirPort Time Capsule 802.11ac as router with a fibre optic 100/10 connection. My fingbox shows 6 open ports (I am not sure if it safe to write down which ports are open). Is there anything to worry or is this normal for this router to function?

Thanks to advice

Regards Erwin

Comments

  • VioletChepilVioletChepil London, UKMember Posts: 2,474 admin
    @FingFan2012 @GadgetVirtuoso @Pooh @MDavide @kltaylor @Romulus anything to add? I definitely think it's more a complex topic than I'm able to offer full advice on, so I've asked help from a few of the experts on here. 
    I believe some services will also open ports on the router while in use. 
    There are some required opened ports by Fingbox as well. 

    Make sure to allow Fingbox to reach any IP address on the following TCP ports: 80, 443, 4443, 5671.

    In addition, the ports needed for the Internet Speed Test, provided by M-Lab include 3001, 3002, 3003.




    Community Manager at Fing

    VioletChepil
  • PoohPooh Member, Beta Tester Posts: 675 ✭✭✭✭✭
    Without any details it's hard to reply. The OP doesn't list any specifics as to if they're running anything inside their network that requires port forwarding.

    As a rule there should be any open ports to the outside listed unless you've purposely set them, or are at least aware.

    What port numbers does it list, @ErnieBernie? At a guess they may be UPNP type ports.
    People say nothing is impossible, but I do nothing every day.
    VioletChepil
  • ErnieBernieErnieBernie Member Posts: 6

    Thanks for the replies 

    Above a list with the open ports. I have not set anything myself so this must be either done by the Airport router or the Fingbox
    VioletChepil
  • HronosHronos Member, Beta Tester Posts: 283 ✭✭✭✭
    @ErnieBernie Hi!,
    You received this alert doing a review of ports manually or the Fingbox have alert you by it self?
    Are those ports open in the router? (you can have open ports on any device on your network)
    I am asking to be sure, because some of those ports are more likely to be open ports on a Windows machine... (unless your router have some services enabled, like file server).
    The question here should be identify if those ports are open for outside your local network (accessible from internet, pointing to your "public" IP).  If they are not, then maybe there is no problem.

    Question to Fing Support could be:  Now than I know there are open ports in my network, accessible internal or external (witch ever the case), and I accept the risk involved on it:  How can I do to just don't get the alert Fingbox send? (to reduce the notification spam one use to get).
    Keep looking up!
    VioletChepil
  • ErnieBernieErnieBernie Member Posts: 6

    I did a manual search in Fingbox. Indeed an important detail is that we have 2 iMacs and 2 Windows PC's in the network. One of the pc's is mainly used for gaming online.

    Fingbox alerts for open ports after manual search but it doesn't give any suggestions on how to deal with open ports or when it's dangerous. Therefore with this community being online I saw my chance to find out.

    VioletChepil
  • RomulusRomulus Member, Beta Tester Posts: 34 ✭✭✭
    @ErnieBernie That looks like a screen grab of the "Find open ports" screen for a single device on your internal network, apparently a windows PC. That doesn't look like the way the Fingbox reports open ports it's found (on the outside).

    To see those in the app you go to "Network" at the bottom of the screen and in the "Protection" section click on "Vulnerability Test". You should see any open ports there.

    VioletChepil
  • MDavideMDavide Member Posts: 47 ✭✭✭

    I have a Time Capsule as router in my home network. I got alerts just a couple of times for upnp services of my surveillance cameras.

    I checked if I needed them... The answer was no and I killed the service :-)

    I am not sure whether the TC lets you customise such kind of settings, I'll check.

    Davide
    VioletChepil
  • ErnieBernieErnieBernie Member Posts: 6

    You are absolutely right. Thanks for guiding me. I did the Vulnerability Test now and got the following 3 open ports. All ok you think?


    VioletChepil
  • MDavideMDavide Member Posts: 47 ✭✭✭

    Ok you have port forwarding enabled.

    I don't.

    Do you need it?

    Davide
    VioletChepil
  • PoohPooh Member, Beta Tester Posts: 675 ✭✭✭✭✭
    @ErnieBernie - unless you're acutely aware of needing those open I'd shut them down instantly. Those are some dangerous ports to leave open if they resolve to a particular host - especially an unpatch Windows PC.
    People say nothing is impossible, but I do nothing every day.
    HronosMDavideVioletChepil
  • ErnieBernieErnieBernie Member Posts: 6

    Ok great. I guess I don't need them. I have never opened anything. How do I close them? Could you please guide me through this on how to do this in my Apple TM.

    VioletChepil
  • MDavideMDavide Member Posts: 47 ✭✭✭
    edited September 11

    @ErnieBernie searching around there are tons of guides.

    This is the first I found which looks quite complete (@VioletChepil I hope I am not violating community's rules):

    https://www.appleroutersetup.com/how-to-setup-port-forwarding-on-apple-router/

    Note that port forwarding/UPnP could also be be managed by your modem "above" the TC if the NAT is managed by the modem and not by the TC. The first thing you should check is if the TC is set up in DHCP or DHCP+NAT mode, then if it is the case, follow the guide above.

    Otherwise you should go into the modem's setup.

    Cheers,

    Davide
    PoohVioletChepil
  • FingFan2012FingFan2012 Member, Beta Tester Posts: 2

    Those ports are perfectly acceptable being open on your Time Capsule. Most are required for it to do what it does. Some are specific for your windows computers to access it as a windows share others are for your Apple devices to access and configure the device. It looks like you are on the same internal network as the Time Capsule here.

    The real danger is if these ports are open through your router using port forwarding where you run the risk of anyone on the internet poking around your time capsule data.

    Check with your Router Manufacturer’s website or manual to take a look and verify these ports are blocked inbound from outside of your network.

    VioletChepil
  • GadgetVirtuosoGadgetVirtuoso Member Posts: 18 ✭✭
    This is normal operation for the TimeCapsule as these open ports are open on the LAN side of your device not externally. If you open Airport Utility, select edit on the TimeCapsule or Airport Basestation, then go to Network. The ports listed under port settings are the ports that are open on the WAN side of the device. Unless you've added an entry here you likely don't have any listed.

    Additionally as a security precaution it is recommended to turn off UPNP. When you turn off this feature you may find that you will need to add ports. The reason UPNP is dangerous is that its too easy for a compromised device to simply trigger a need for an open port thereby compromising your network even further.
    FingFan2012VioletChepilMDavide
  • ErnieBernieErnieBernie Member Posts: 6
    Thank you all for your comments. Since I have no access to the Fiber Optic modem I will concentrate on the TM router. With help of the TM guides I'm sure I will get further. Thanks again
    VioletChepil
Sign In or Register to comment.