Today I just randomly ran nmap scan on my ER8411 (firmware version 1.1.0) and found out port 1723 (PPTP) is open. I’m not using PPTP VPN. Is this port open for others as well?
I’m only able to see it open in the local network because my ISP blocks well-known ports (and I think port 1723 is blocked as well by ISP). So, when I try to run the same scan from a remote machine on my public IP then it doesn’t show any open port.
I also posted this question on the Omada community. Let’s see if someone from TP-Link answers there. Additionally, someone previously asked to block port 1723.
Try port scanning the routers public address given to it by the ISP from local. The port scan won’t hit the ISP modem but will hit the public side of the NAT.
After running nmap on public IP from the local network, port 1723 was still shown as open. Only port 8080 is closed now. All other ports remain open.
➜ ~ nmap -v -Pn 122.**.**.21
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-21 09:36 IST
Initiating Parallel DNS resolution of 1 host. at 09:36
Completed Parallel DNS resolution of 1 host. at 09:36, 0.02s elapsed
Initiating Connect Scan at 09:36
Scanning 122.**.**.21 [1000 ports]
Discovered open port 53/tcp on 122.**.**.21
Discovered open port 443/tcp on 122.**.**.21
Discovered open port 80/tcp on 122.**.**.21
Discovered open port 1723/tcp on 122.**.**.21
Completed Connect Scan at 09:36, 0.12s elapsed (1000 total ports)
Nmap scan report for 122.**.**.21
Host is up (0.00044s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
1723/tcp open pptp
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
Also, I have added a Gateway ACL to block all open ports, but it’s not working as expected. The Gateway ACL looks like this:
DIRECTION - WAN IN
POLICY - DENY
PROTOCOLS - ALL
SOURCE - IP Group:IPGroup\_Any
DESTINATION - IP-Port Group:Gateway Open Port
In the destinayion IP-Port Group (Gateway Open Port), I included the router local IP and all open ports, but the block is not being applied.
I also tried Gateway ACL with only open ports (without router local IP) still scan results are the same.
However, a similar Switch ACL blocks these open ports on the local network. The Switch ACL looks like this:
POLICY - DENY
PROTOCOLS - ALL
SOURCE - IP Group:IPGroup\_Any
DESTINATION - IP-Port Group:Gateway Open Port
here is the scan result when the above Switch ACL is enabled
➜ ~ nmap -v -Pn 172.16.10.1
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-21 10:03 IST
Initiating Parallel DNS resolution of 1 host. at 10:03
Completed Parallel DNS resolution of 1 host. at 10:03, 4.02s elapsed
Initiating Connect Scan at 10:03
Scanning _gateway (172.16.10.1) [1000 ports]
Completed Connect Scan at 10:03, 1.32s elapsed (1000 total ports)
Nmap scan report for _gateway (172.16.10.1)
Host is up (0.00045s latency).
Not shown: 995 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp filtered domain
80/tcp filtered http
443/tcp filtered https
1723/tcp filtered pptp
8080/tcp filtered http-proxy
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 5.38 seconds
