LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-05-2009, 09:09 PM   #1
michalng
Member
 
Registered: Dec 2005
Distribution: Debian KDE / Fluxbox
Posts: 216

Rep: Reputation: 36
Why is my linksys' router pptp open


Was reading an article on nmap and tried it out and the output is

Quote:
Starting Nmap 4.68 ( http://nmap.org ) at 2009-05-06 09:01 SGT
Interesting ports on 192.168.1.1:
Not shown: 1711 filtered ports
PORT STATE SERVICE
21/tcp closed ftp
23/tcp closed telnet
80/tcp open http
1723/tcp open pptp
Understand that port 80 is open so that i can surf the net (correct?) , but why is pptp opened.

This is a concern that I should rectify or is this just a normal setting?
 
Old 05-05-2009, 09:46 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by michalng View Post
Was reading an article on nmap and tried it out and the output is

Starting Nmap 4.68 ( http://nmap.org ) at 2009-05-06 09:01 SGT
Interesting ports on 192.168.1.1:
Not shown: 1711 filtered ports
PORT STATE SERVICE
21/tcp closed ftp
23/tcp closed telnet
80/tcp open http
1723/tcp open pptp

Understand that port 80 is open so that i can surf the net (correct?) , but why is pptp opened.

This is a concern that I should rectify or is this just a normal setting?
Wait, who is using 192.168.1.1? Is that your gateway? Basically, the scan indicates that something is listening on ports 80 and 1723 of 192.168.1.1. Under usual conditions, this wouldn't have anything to do with you being allowed to surf. Do you have the ability to log into 192.168.1.1 and see what processes are listening?

You could run a command like this on that host (run it as root):
Code:
netstat -pantu | grep LISTEN | grep -E ":80|:1723"
This would show you the process names as well as all the addresses they are listening on.

EDIT: Heh, just noticed that you specified what host this is in the thread title. My bad. Well, since this is a Linksys router, port 80 is usually what the Web-based management interface listens on. As for port 1723, what VPN options do you have set?

Last edited by win32sux; 05-05-2009 at 09:54 PM.
 
Old 05-05-2009, 09:55 PM   #3
michalng
Member
 
Registered: Dec 2005
Distribution: Debian KDE / Fluxbox
Posts: 216

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by win32sux View Post
Wait, who is using 192.168.1.1? Is that your gateway? Basically, the scan indicates that something is listening on ports 80 and 1723 of 192.168.1.1. Under usual conditions, this wouldn't have anything to do with you being allowed to surf.
I should write clearer just now

192.168.1.1 is my Cisco-Linksys wireless router

Quote:
Do you have the ability to log into 192.168.1.1 and see what processes are listening?
Yes, I can login wirelessly or plug in a rj45 directly into the router.


Quote:
You could run a command like this on that host (run it as root):
Code:
netstat -pantu | grep LISTEN | grep -E ":80|:1723"
This would show you the process names as well as all the addresses they are listening on.
Since it is a router, this is still applicable?


THANKS in advance for the help
 
Old 05-06-2009, 01:39 AM   #4
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
Actually port 80 is to allow you to manage the router, port 1723 is to allow you to vpn to your network, i am worried that port 23 is open though you need to close that port and enable ssh instead if you want to login to the router.
 
Old 05-06-2009, 02:10 AM   #5
michalng
Member
 
Registered: Dec 2005
Distribution: Debian KDE / Fluxbox
Posts: 216

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by datopdog View Post
Actually port 80 is to allow you to manage the router, port 1723 is to allow you to vpn to your network, i am worried that port 23 is open though you need to close that port and enable ssh instead if you want to login to the router.
Then
- port 80 is okay.
- port 1723 can be closed.

But isn't port 21 and 23 already closed?
Or should they NOT exist in the nmap scan at all.

Am using a WRT54G Linksys Router but cannot locate that settings that let me disable telnet and ftp. Anyone got any idea?
 
Old 05-06-2009, 05:45 AM   #6
ledow
Member
 
Registered: Apr 2005
Location: UK
Distribution: Slackware 13.0
Posts: 241

Rep: Reputation: 34
If you're doing this from *inside* your LAN, then you are okay. If you are seeing this over unauthenticated wireless or remotely, that's a problem.

80 being open means that people can see the internal router configuration pages (and probably change settings etc.)
1723 being open means that people can see the PPTP service (and may or may not be able to actually log into it).

If you are on the LAN, both are fine. If you are surfing wirelessly without a password and *still* able to see both ports open, that's a problem (anyone with a wireless card might be able to play with your router settings). If you have those ports open from the *Internet*, that's a BIG problem (anyone in the world might be able to play with your router settings).

The only way to *really* tell is to connect wirelessly and re-test and/or use something like ShieldsUp from wwww.grc.com and see if those ports are open to the Internet.
 
Old 05-06-2009, 09:09 AM   #7
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by ledow View Post
If you're doing this from *inside* your LAN, then you are okay. If you are seeing this over unauthenticated wireless or remotely, that's a problem.

80 being open means that people can see the internal router configuration pages (and probably change settings etc.)
1723 being open means that people can see the PPTP service (and may or may not be able to actually log into it).

If you are on the LAN, both are fine. If you are surfing wirelessly without a password and *still* able to see both ports open, that's a problem (anyone with a wireless card might be able to play with your router settings). If you have those ports open from the *Internet*, that's a BIG problem (anyone in the world might be able to play with your router settings).

The only way to *really* tell is to connect wirelessly and re-test and/or use something like ShieldsUp from wwww.grc.com and see if those ports are open to the Internet.
I'd try to scan from the outside also. The view is usually quite different from the outside.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LinkSys WRE54G, LinkSyS Wireless G PCI (Broadcom), 802.11b Router tpreitzel Bluewhite64 6 07-16-2008 06:55 PM
connecting to pptp through linksys wrt54g wifi ubuntu Brynn Linux - Wireless Networking 5 12-01-2007 08:06 AM
router between eth0 <-> ppp0 (pptp connection) jpifer Linux - Networking 2 03-12-2006 01:57 PM
Cannot get PPTP to work on Trendnet Router davcefai Linux - Hardware 0 02-25-2006 02:55 PM
creating VPN with PPtP to connect to a router Lleb_KCir Linux - General 3 08-12-2004 12:50 AM


All times are GMT -5. The time now is 12:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration