I have a Linksys EA6400 router. Today, I have noticed in the log file some activity from multiple ip addresses on 2 ports that are open: 54409 and 16808 and I do not know what is going on there.
I did not open any ports manually and did no specific changes in the router settings.
All I am using is an external HDD that is connected to the router and can be accessed from the web via ftp.
Does anyone has any idea why are those ports open and what service uses them by default? Or how can I find that out?
The result of scanning my ip for ports:
PORT STATE SERVICE
21/tcp open ftp
16808/tcp open unknown
51000/tcp closed unknown
54409/tcp open unknown
Answer
Because your router performs Stateful Packet Inspection, there are three possible reasons to see "open" ports with traffic flows exiting the router:
- You have the device set up in a DMZ, and all unsolicited traffic is directed to it,
- You have created a port forwarding rule, that allows that port to be directed in bound to a specific system, for unsolicited traffic,
- Or the port you are seeing is not actually open, but in use by an existing connection solicited from the LAN. The port will not accept unsolicited traffic, but is accessible to TCP connection hijacking attack attempts (though these are very hard to pull off these days).
If neither condition 1 or 2 is true, then the connection was made from inside your LAN.
Because you have limited log information, and (mostly) unmanaged network equipment, the easiest way to determine the LAN client and process, for a home network, would be to simply visit each terminal and determine whether the terminal is connected to a remote server on that port.
you can do this from an elevated powershell instance, with the command:
netstat -abno | findstr
or if the remote IP is known:
netstat -abno | findstr
From there, once you have found the client connection, you can note the Process ID, which you can then look up in Process Explorer or Task Manager, to determine the executable causing the connection.
No comments:
Post a Comment