1

I recently scanned my router domain and get this result:

Screenshot of the output of nmap's Zenmap client for Windows

What I get from that report is 3 of 1000 tested ports are open. But what to do with "telnet" and "BusyBox telnetd" also "ISC BIND Hostmaster"? Does that port need to open? How to close it? My router has no port filter.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
Dian92
  • 11
  • 1
  • This is a question for your router manual. Telnet is odd to have open but port 53 is DNS, and you likely need that, but we cannot be sure unless we know a LOT more about the device and your network. – schroeder Jun 11 '17 at 07:24
  • my router is huawei E5573. this is [link](http://setuprouter.com/router/huawei/e5573/screenshots.htm) of the router screenshot interface. i am searching **how to close port 23** but not found for that kind of router. do you know **how to close that port manually** that work on any router? – Dian92 Jun 12 '17 at 06:39
  • there is no common way to do anything on routers because their UI is not standardised – schroeder Jun 12 '17 at 08:04

1 Answers1

1

In my experience, you have to treat the SERVICE and VERSION fields of those reports with a large grain of salt. Often the tool is just looking up the port number in a table; indeed port 23 is listed as the default TELNET port (see wikipedia/List_of_TCP_and_UDP_port_numbers). So your nmap scan means that something is listening on 23, and it may or may not be TELNET.

Nmap supports a mode called "version detection" in which it will actually start the opening handshake of known protocols to try to determine what protocol is listening. This can be very slow, for example if it knows about 100 different protocols and is scanning 1,000 ports, then that's 100*1,000 = 100,000 handshakes to try. So this option is off by default. You can turn it on with -sV. You can read more in the nmap man page; ctrl+f for "version detection".

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207