open ports on Airport Extreme

Discussion in 'General Mac Discussion' started by rikers_mailbox, Mar 25, 2004.

  1. rikers_mailbox macrumors 6502a

    Joined:
    Sep 27, 2003
    Location:
    LA-la-land
    #1
    A Port scan of my Airport Extreme's (running airport 3.1.1) external IP address revealed the following open ports:
    Open Port: 139
    Open Port: 1025
    Open Port: 1034

    Any idea why these would be open?

    -rik
     
  2. blaster_boy macrumors 6502

    blaster_boy

    Joined:
    Jan 31, 2004
    Location:
    Belgium
    #2
    139 - netbios ! Running a windows pc or Virtual PC windows ? Dangerous !
    1025 - NFS or IIS
    1034 - no idea there...

    Is your firewall activated on your mac ? Do you have a windows server with IIS behind your airport ?
     
  3. davecuse macrumors 6502

    davecuse

    Joined:
    Feb 20, 2004
    Location:
    NYC
  4. rikers_mailbox thread starter macrumors 6502a

    Joined:
    Sep 27, 2003
    Location:
    LA-la-land
    #4
    Network Utility. It's in the utilities folder.
     
  5. rikers_mailbox thread starter macrumors 6502a

    Joined:
    Sep 27, 2003
    Location:
    LA-la-land
    #5
    hmmm, not running any windows here.

    As for these two, I did some scouring and came up with:
    http://www.networksorcery.com/enp/protocol/ip/ports01024.htm
    http://www.iana.org/assignments/port-numbers
    What the hell is network blackjack?

    Yes, I have my firewall turned on and i have only a few ports opened (22 for remote SSH, 177, 6000, 7100 for X11, 3689 for iTunes sharing). I'm not sure what IIS is.

    -rik
     
  6. Maritan macrumors regular

    Joined:
    Nov 6, 2003
    #6
  7. abhishekit macrumors 65816

    abhishekit

    Joined:
    Nov 6, 2003
    Location:
    akron , ohio
    #7
    you can close port 139 in your firewall settings,..its used for windows sharing..you may have that checked on ...
    and i also ran the port scan. :) thanks for the tip...
    open ports are
    80 i have the web sharing on
    631 ip printing on
    1033 it says its for netinfo-local
    6880,6881 I have opened them for azureus..
    6000 ....NOw i dont know why thats open , or what it does..
     
  8. rikers_mailbox thread starter macrumors 6502a

    Joined:
    Sep 27, 2003
    Location:
    LA-la-land
    #8
    it has to do with X11 and Xwindow forwarding. Do you have X11 (or some other Xfree86-like program) installed?

    -rik
     
  9. abhishekit macrumors 65816

    abhishekit

    Joined:
    Nov 6, 2003
    Location:
    akron , ohio
    #9
    yah i have..thanks
     
  10. tomf87 macrumors 65816

    tomf87

    Joined:
    Sep 10, 2003
    #10
    To see what processes on your system have what ports open, run as root:

    mac:~ root# lsof -nP | grep LIST
    netinfod 117 root 7u IPv4 0x01d2bd8c 0t0 TCP 127.0.0.1:1033 (LISTEN)
    cupsd 300 root 0u IPv4 0x01f60500 0t0 TCP 127.0.0.1:631 (LISTEN)
    httpd 310 root 16u IPv4 0x01f617ec 0t0 TCP *:80 (LISTEN)
    httpd 321 www 16u IPv4 0x01f617ec 0t0 TCP *:80 (LISTEN)
    mozilla-b 817 username 22u IPv4 0x01fca284 0t0 TCP 127.0.0.1:5180 (LISTEN)

    From above, you can see that:

    Process.....................Port it has opened
    netinfod.........................1033
    cupsd (printing)................631
    httpd (web sharing)............80
    mozilla...........................5180
     
  11. stcanard macrumors 65816

    stcanard

    Joined:
    Oct 19, 2003
    Location:
    Vancouver
    #11
    This may be a silly question, but did you peform the scan from inside your network, or from outside your network?

    The ports available to an inside address may be quite different from those available to an external address.

    For instance, a port scan of myself lists 22, 80, 111, 427, 3689, 6000 all open, but if you try to connect from outside you will find only 22, and 3689 actually respond. The others are all blocked unless I'm connecting through a loopback device (in the case of 80 & 427 I've got custom firewall rules because I want to be able to test web development internally without opening my personal web sharing to the world).

    P.S. 6000 is for X-Window. That one should only be available on loopback unless you've explicitly created a firewall rule to open it, which is why I'm wondering if the port scans are from the inside...

    [Edited for speeling]
     
  12. rikers_mailbox thread starter macrumors 6502a

    Joined:
    Sep 27, 2003
    Location:
    LA-la-land
  13. xhost_plus macrumors newbie

    Joined:
    Mar 25, 2004
    Location:
    Reno, NV
    #13
  14. rikers_mailbox thread starter macrumors 6502a

    Joined:
    Sep 27, 2003
    Location:
    LA-la-land
    #14
    ok, i'm laughing at myself. For my initial port scan, there was a typo in my IP address. That was somone else's machine. However, I re-ran port scanner on the correct IP address, and found that Port 5009 is open! Here's as to why:
    http://www.webzcan.com/Vulns/WZV11620.html

    I think Apple has already fixed this problem, but I'm still on airport software 3.1.1. Anyone with Airport Extreme running the lastest version (probably need X.3) want to check their ports and see?

    -rik
     
  15. superbovine macrumors 68030

    superbovine

    Joined:
    Nov 7, 2003
    #15
    port list. this has em all.

    http://www.iana.org/assignments/port-numbers

    the best port scanner is nmap. this one is usually bundled who most linux distro now.

    www.insecure.org it kinda a pain to get it to compile. the script isn't to mac friendly, but it works, your'll have to create and alias if you want to use it anywhere in terminal.

    some sample output:
    Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-25 20:54 CST
    Interesting ports on 192.168.1.200:
    (The 1650 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    135/tcp open msrpc
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    1025/tcp open NFS-or-IIS
    1723/tcp open pptp
    5800/tcp open vnc-http
    5900/tcp open vnc
    Device type: general purpose
    Running: Microsoft Windows 95/98/ME|NT/2K/XP
    OS details: Microsoft Windows Millennium Edition (Me), Windows 2000 Professional or Advanced Server, or Windows XP

    Nmap run completed -- 1 IP address (1 host up) scanned in 3.560 seconds

    or something like this

    Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-25 20:54 CST
    Interesting ports on 192.168.1.1:
    (The 1656 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    80/tcp open http
    Device type: WAP|broadband router
    Running: Linksys embedded
    OS details: Linksys BEFW11S4 WAP or BEFSR41 router
     

Share This Page