Security lapse?

Merck

Newbie
[OP]
Aug 19, 2005
3
0
I recently got the firmware version updated on my DSL 502T router (Firmware Version : V2.00B01T01.ML.20050530). I noticed that some of the ports are open, namely 21,22,23, and 80. Can anyone tell me whether these open ports on the router can be misused by any person with malicious intent? Is this normal because I didn't have this kind of stuff with my old firmware version?
 

akash

Regulars
Regulars
Jul 18, 2005
873
0
dude as far i know port 80 is for http so that u can surf webn 21 is for ftp so that u can d/l at full speed from some leagal siteno idea bot 22 n 23keep updating ur anti virus , anti spyware n ur windows n firewall n scan ur pc regularlyu wont get any harmfull shit on ur pc
 

Sushubh

Administrator
Oct 29, 2004
413,742
12,756
Gurugram
errm. he meant u SHOULD NOT get infected if u are a bit more careful. never use WILL when u are talking about safety on the internet.
 


Merck

Newbie
[OP]
Aug 19, 2005
3
0
Guys...my knowledge of computer networks is quite limited, but i do know the thumb rule: "Open ports r not a good thing!". Ideally client nodes (our PCs) on a network (Internet) should have all the standard ports such as HTTP:80, TELNET:23, SMTP:25, etc...working in stealth mode.
And Akash port 80 is not for client PCs to access websites. Programs such as web browsers running on ur PC do not run from port 80. Its the server software that runs on port 80 which ur browser conects to when u surf the web.
I dunno how far this is possible but the fact that if ur router's port 80 is open u could actually screw-up someone else's router configuration (and possibly crash his router software!!) simply by typing the router's Internet IP address in ur browser...that is ofcourse if the fellow at the other end has not changed his router password from the default "admin" to something else.
Coming to think of it...it might even be possible to access the LAN clients connected on the router by some kind of a hacking technique such as IP spoofing....
Guys I'm not really worried abt viruses n shitty adware or spywares, but the possibility that ur PC can be turned into a zombie for various malicious activity for which u cud land up in trouble.
A possible scenario: A freak hacks into ur PC thru ur router's inviting open ports n from there launches DOS(Denial Of Service) attack or DDOS(Distributed DOS) attack or simply hacks into someone else's computer thereby making ur PC a zombie. And all this while 'our' attacker is blissfully anonymous bcoz it is ur IP address that is being used in the illegal activity.
This is not just some scenario cooked up in my head. Stuff like this has happened. FYI the US military top secret network was broken into using a similar technique. I don't think even a firewall running on ur PC would be able to protect u from an IP spoofing attack and btw Windows firewall can't be really be counted as a firewall!!
If you wanna check out which all ports are open on ur router u cud run the Shields Up test on the website: www.grc.com
It'll give u a detailed info abt the ports of ur router.
 

adwait

Newbie
Regulars
Jul 8, 2005
99
0
Hey,Port 80 is for HTTP. That is for the webadmin of the router, ie: the page that opens up with 192.168.1.1 in your browser. This page is password protected and hence not a problem.21 is for FTP (The port seems to be open for no reason, because you cannot connect to it using an FTP client, so apparently, the router uses that port for osomething other than ftp)22 is for SSH. This can again be used to administering the router remotely, using commandline. Again not a security risk, because it is password protected and also SSH is among the most secure protocols, and widely used in Linux/ Unix world. If you use Windows, you probably haven't heard of it........but nevertheless, rest assured, its not a problem.23 is for telnet. This is also used for administering the router remotely, using command line. This is also password protected, but not very safe because telnet sends the password without encryption over the network.......so SSH is preferred to telnet. However, again, just having the port open will not make any difference.In case you are really very worried about open ports, you can close the ports by switching of remote management, through the console at 192.168.1.1
 

akash

Regulars
Regulars
Jul 18, 2005
873
0
Thanks dude i guess my knowledge of computer networks is quite 'more' limitedI donot think typing 192.196.1.1 in ie will open someon'e else router setting page.cause i have already tried this frm my frnds pc he has pacenet.ie showed page not found.
 


adwait

Newbie
Regulars
Jul 8, 2005
99
0
No, that's because, 192.168.1.1 is an ip address in the private LAN range. That means, that address is reserved for a private, LAN IP, so no computer on the net can have that IP address. That address can refer to a computer/gateway/router on your LAN>

In case of MTNL, the router and your computer form a LAN. 192.168.1.1 is the router, and 192.168.1.3 (or 192.168.1.2) is your PC.

So when you type that address in your friends PC, the computer searched for that IP address on his LAN, and didnt find such an address and hence returned a 404 error.

If you want to access the router configuration page of your PC, through the internet, you need to know your own IP address. If you type that IP address in the address bar in your browser, from anywhere, it will show you your router config page. To find your ip address, you can use www.whatismyipaddress.com.