A Port scan of my Airport Extreme's (running airport 3.1.1) external IP address revealed the following open ports:
Open Port: 139
Open Port: 1025
Open Port: 1034

Any idea why these would be open?

-rik

A Port scan of my Airport Extreme's (running airport 3.1.1) external IP address revealed the following open ports:
Open Port: 139
Open Port: 1025
Open Port: 1034

Any idea why these would be open?

-rik

139 - netbios ! Running a windows pc or Virtual PC windows ? Dangerous !
1025 - NFS or IIS
1034 - no idea there...

Is your firewall activated on your mac ? Do you have a windows server with IIS behind your airport ?

What did you use for your port scan?

What did you use for your port scan?

Network Utility. It's in the utilities folder.

139 - netbios ! Running a windows pc or Virtual PC windows ? Dangerous !
hmmm, not running any windows here.

1025 - NFS or IIS
1034 - no idea there...

As for these two, I did some scouring and came up with:
http://www.networksorcery.com/enp/protocol/ip/ports01024.htm
http://www.iana.org/assignments/port-numbers
What the hell is network blackjack?

Is your firewall activated on your mac ? Do you have a windows server with IIS behind your airport ?

Yes, I have my firewall turned on and i have only a few ports opened (22 for remote SSH, 177, 6000, 7100 for X11, 3689 for iTunes sharing). I'm not sure what IIS is.

-rik

I'm not sure what IIS is.

-rik

Internet Information Services (http://www.microsoft.com/windowsserver2003/iis/default.mspx)

you can close port 139 in your firewall settings,..its used for windows sharing..you may have that checked on ...
and i also ran the port scan. :) thanks for the tip...
open ports are
80 i have the web sharing on
631 ip printing on
1033 it says its for netinfo-local
6880,6881 I have opened them for azureus..
6000 ....NOw i dont know why thats open , or what it does..

6000 ....NOw i dont know why thats open , or what it does..

it has to do with X11 and Xwindow forwarding. Do you have X11 (or some other Xfree86-like program) installed?

-rik

it has to do with X11 and Xwindow forwarding. Do you have X11 (or some other Xfree86-like program) installed?

-rik
yah i have..thanks

To see what processes on your system have what ports open, run as root:

mac:~ root# lsof -nP | grep LIST
netinfod 117 root 7u IPv4 0x01d2bd8c 0t0 TCP 127.0.0.1:1033 (LISTEN)
cupsd 300 root 0u IPv4 0x01f60500 0t0 TCP 127.0.0.1:631 (LISTEN)
httpd 310 root 16u IPv4 0x01f617ec 0t0 TCP *:80 (LISTEN)
httpd 321 www 16u IPv4 0x01f617ec 0t0 TCP *:80 (LISTEN)
mozilla-b 817 username 22u IPv4 0x01fca284 0t0 TCP 127.0.0.1:5180 (LISTEN)

From above, you can see that:

Process.....................Port it has opened
netinfod.........................1033
cupsd (printing)................631
httpd (web sharing)............80
mozilla...........................5180

This may be a silly question, but did you peform the scan from inside your network, or from outside your network?

The ports available to an inside address may be quite different from those available to an external address.

For instance, a port scan of myself lists 22, 80, 111, 427, 3689, 6000 all open, but if you try to connect from outside you will find only 22, and 3689 actually respond. The others are all blocked unless I'm connecting through a loopback device (in the case of 80 & 427 I've got custom firewall rules because I want to be able to test web development internally without opening my personal web sharing to the world).

P.S. 6000 is for X-Window. That one should only be available on loopback unless you've explicitly created a firewall rule to open it, which is why I'm wondering if the port scans are from the inside...

[Edited for speeling]

here is a good web-based, third party port scanner

http://security.symantec.com/default.asp?langid=ie&venid=sym&plfid=00&pkj=BYMDRHYTINMHDKDCWLL

that should "externally" scan your ports

-rik

here is a good web-based, third party port scanner

http://security.symantec.com/default.asp?langid=ie&venid=sym&plfid=00&pkj=BYMDRHYTINMHDKDCWLL

that should "externally" scan your ports

-rik

I use nmap for port scanning. http://www.insecure.org/ It does OS detection, stealth scanning and more.

ok, i'm laughing at myself. For my initial port scan, there was a typo in my IP address. That was somone else's machine. However, I re-ran port scanner on the correct IP address, and found that Port 5009 is open! Here's as to why:
http://www.webzcan.com/Vulns/WZV11620.html

I think Apple has already fixed this problem, but I'm still on airport software 3.1.1. Anyone with Airport Extreme running the lastest version (probably need X.3) want to check their ports and see?

-rik

port list. this has em all.

http://www.iana.org/assignments/port-numbers

the best port scanner is nmap. this one is usually bundled who most linux distro now.

www.insecure.org it kinda a pain to get it to compile. the script isn't to mac friendly, but it works, your'll have to create and alias if you want to use it anywhere in terminal.

some sample output:
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-25 20:54 CST
Interesting ports on 192.168.1.200:
(The 1650 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1723/tcp open pptp
5800/tcp open vnc-http
5900/tcp open vnc
Device type: general purpose
Running: Microsoft Windows 95/98/ME|NT/2K/XP
OS details: Microsoft Windows Millennium Edition (Me), Windows 2000 Professional or Advanced Server, or Windows XP

Nmap run completed -- 1 IP address (1 host up) scanned in 3.560 seconds

or something like this

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-25 20:54 CST
Interesting ports on 192.168.1.1:
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
80/tcp open http
Device type: WAP|broadband router
Running: Linksys embedded
OS details: Linksys BEFW11S4 WAP or BEFSR41 router