Which ports are open on the router by default?

Discussion in 'Cisco/Linksys Wireless Routers' started by dsrlb, Jun 21, 2005.

  1. dsrlb

    dsrlb Network Guru Member

    I have a linksys befsr41 router, and am having some issues with virii on one of the systems on my network.

    1) By default, which ports are left open on the router if you don't specifically block them?

    2) Are there any "must block" ports that are left open on the router by default?

    3) I am repeatedly getting BAT.FTPDownload virus warning on one of my machines. I've reformatted it, and with nothing but Win XP, I'm still getting it. Is there a port open that someone is exploiting across RoadRunner through my router?

    4) I seem to be getting a lot of incoming traffic on 1026 and 1027, are these common exploit ports?

    None of my other machines are getting this virus. If I look at my log in the router, the only outgoing traffic is HTTP and POP3. I also run the CA EZ Trust Anti-Virus and Firewall software on all machines on my network.


  2. 4Access

    4Access Network Guru Member

    I doubt it is getting in through your router. I have a BEFSR41 running firmware 1.46.02 dated Aug 03 2004 and no ports are left open by default.

    What file does it say is infected with this virus? My guess is it's either a false positive or detecting a file located in your Temporary Internet files in which case you are probably picking it up from some website you surf to.
  3. dsrlb

    dsrlb Network Guru Member

    It's picking up a c.bat file. I've upgraded my firmware, and by default ports 21 and 8080 are open by default. I had to manually block with filters. There are definitely ports open by default.

    Is there a good, free, port scanning utility out there?
  4. dsrlb

    dsrlb Network Guru Member

    My bad, those open ports may have happened when I upgraded the firmware. So far, so good.
  5. 4Access

    4Access Network Guru Member

    What's the full path to c.bat? What folder is it in on the hard drive? Also why don't you right click on the file, choose edit (which will display the contents of the file in notepad or your default text editor) and then copy & paste the contents of the file here so we can take a look?

    GRC.com Scroll most of the way down and choose ShieldsUP! under the Hot Spots section. Click the proceed button and you will be taken to a page where you can do a number of scans of your system. The All Service Ports is a good one but you can also manually enter specific ports to scan as well.
  6. dsrlb

    dsrlb Network Guru Member

    Thanks 4Access. I never get to see the file, the AntiVirus software picks it up and deletes it. I did find the ShieldsUp scan after I upgraded the firmware, and my system passed all of the tests. I'll be interested now to see if it stops that from happening.

    I'm also seeing a lot of increased incoming traffic on 1026 and 1027. Is that someone probing my system?
  7. 4Access

    4Access Network Guru Member

    Have you tried looking in the Antivirus' log files? It should record exactly where the file was before it was deleted.

    Regarding those incoming connections, are they TCP or UDP? Also, you wouldn't happen to use ExoSee would you?

    Dave's Port List
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice