1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How is my port 80 open?

Discussion in 'Tomato Firmware' started by Menkatek, Mar 8, 2008.

  1. Menkatek

    Menkatek Network Guru Member

    Out of curiosity, I used nmap to scan my IP address from outside the LAN and noticed that my port 80 was open. On two other remote machines, I tried

    telnet <ip> 80

    and it connected successfully. However, I do not have port 80 in any port forwarding rule. Using Tomato 1.15. Appreciate any insight, thanks.

    Edit: UPnP is disabled.
     
  2. LLigetfa

    LLigetfa LI Guru Member

    Do you have remote access enabled? Where are you testing this from?
     
  3. Menkatek

    Menkatek Network Guru Member

    Hi Lligetfa.

    Remote Access is disabled. Web Admin is set to HTTPS on port 443, with Wireless Access disabled. SSH and Telnet Daemons are not checked. I use a 9-character randomly generated password for the router.

    I'm using a few remote servers to scan my IP address. When I saw port 80, I was really spooked. Still am. :frown:
     
  4. Menkatek

    Menkatek Network Guru Member

    I have done a 'netstat -a' on all the LAN computers that are running, with an open telnet session. None of them showed a connection to the remote machine. All the local computers have antivirus so it's somewhat unlikely that netstat.exe was hacked. So I think it's something in the router. :frown:
     
  5. Toxic

    Toxic Administrator Staff Member

    first of all I would reboot the router incase something has not set right when you have configured the router. what version of Tomato are you running?
     
  6. Menkatek

    Menkatek Network Guru Member

    I have power cycled the router and obtained a new IP address, but port 80 is still open. I'm using Tomato 1.15.
     
  7. Menkatek

    Menkatek Network Guru Member

    With a little forums searching, I discovered that you can dump netstat if you enable and login via telnet. Here's the output:

    Code:
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State
    tcp        0      0 *:domain                *:*                     LISTEN
    tcp        0      0 *:telnet                *:*                     LISTEN
    tcp        0      0 *:https                 *:*                     LISTEN
    tcp        0    302 192.168.1.1:telnet      192.168.1.11:3991       ESTABLISHED
    udp        0      0 *:2048                  *:*
    udp        0      0 localhost:34954         *:*
    udp        0      0 *:domain                *:*
    udp        0      0 *:bootps                *:*
    raw        0      0 *:255                   *:*                     0
    :confused:
     
  8. LLigetfa

    LLigetfa LI Guru Member

    Have you confirmed that your public IP is in fact on the WAN port of the router and that you don't have a modem doing double-NAT?
     
  9. Menkatek

    Menkatek Network Guru Member

    Yes, it seems to be the correct IP address. The WAN IP address shown on the Tomato front page matches the IP address at ipchicken.com. :sad:
     
  10. kevanj

    kevanj LI Guru Member

    Only port 80?

    Got anything in the DMZ?
     
  11. Menkatek

    Menkatek Network Guru Member

    DMZ is not enabled. :frown:

    I'm trying to find if other people on my ISP (Netvigator DSL) are having the same problem. More strangely, web-based port tests show that the port is closed. If I telnet 80 within the LAN, it also does not work. It is only outside the WAN.

    My guess is that the DSL modem keeps the port open. Perhaps the ISP uses the port for network management. Oh well. :frown:
     
  12. LLigetfa

    LLigetfa LI Guru Member

    That would have been a good tidbit to know up front. So, you're testing at layer 2 then? The IP resolves to a MAC, the MAC of the modem perhaps?

    Makes sense.
     
  13. Menkatek

    Menkatek Network Guru Member

    Sorry, I don't understand the term layer 2. Should the IP address resolve to the MAC of the modem or router? How can I check? I tried 'arp -a' but it only showed the other computers on the LAN.

    There's one more thing I can do. Tomorrow I will connect to the modem directly and use Windows XP built-in PPPoE. Let's see if I can telnet then. :unsure:
     

Share This Page