DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1 Week Ago
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 216
Default 80/tcp open http || 52869/tcp open unknown

Code:
$ nmap 172.16.197.126

Starting Nmap 7.60 ( https://nmap.org ) at 2018-10-06 20:14 IST
Nmap scan report for 172.16.197.126
Host is up (0.032s latency).
Not shown: 998 closed ports
PORT      STATE SERVICE
80/tcp    open  http
52869/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
Code:
# cat /etc/pf.conf                                                                                   
#       $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

block in all
pass out all
Why is 80 and 52869 open ?
__________________
OpenBSD 6.4
Intel(R) Core(TM) i3-6100 CPU
Ram 4GB
Intel HD Graphics
Reply With Quote
  #2   (View Single Post)  
Old 1 Week Ago
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 216
Default

Extremely sorry I just scanned my router's IP (172.16.197.126). This has nothing to do with OpenBSD.

But still I will be grateful if someone can explain why those ports are open.
__________________
OpenBSD 6.4
Intel(R) Core(TM) i3-6100 CPU
Ram 4GB
Intel HD Graphics
Reply With Quote
  #3   (View Single Post)  
Old 1 Week Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,292
Default

"Open" means a service is listening for and accepting packets for processing.

TCP port 80 is the standard port address for web servers that use the HTTP protocol. You can see this defined in your nmap output.

"Open" high numbered ports are usually transient services. An example of this form of usage is the FTP protocol, where high numbered ports come and go with each file transfer.

The port numbers used do not guarantee this is their purpose. If the address in question is your at-home router, then I would suppose port 80 is used by the device's "website" for provisioning. I cannot guess what the high numbered port is used for without establishing connection to it, which I could not do from here, as the IP address is on a private network.
Reply With Quote
  #4   (View Single Post)  
Old 1 Week Ago
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 216
Default

Thanks a lot jggimi.
__________________
OpenBSD 6.4
Intel(R) Core(TM) i3-6100 CPU
Ram 4GB
Intel HD Graphics
Reply With Quote
  #5   (View Single Post)  
Old 1 Week Ago
fvgit's Avatar
fvgit fvgit is offline
Real Name: Tempvs fvgit
Shell Scout
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("SGVyZSBiZSBkcmFnb25zC")'
Posts: 126
Default

Tcp port 52869 could be: UPnP SOAP webinterface.

There are Linux exploits using that (https://www.exploit-db.com/exploits/37169/) so you might want to make sure your router (whatever you're using) doesn't have any ports open to the world, just in case.
Reply With Quote
  #6   (View Single Post)  
Old 1 Week Ago
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 216
Default

Quote:
Originally Posted by fvgit View Post
Tcp port 52869 could be: UPnP SOAP webinterface.

There are Linux exploits using that (https://www.exploit-db.com/exploits/37169/) so you might want to make sure your router (whatever you're using) doesn't have any ports open to the world, just in case.
Yes, are correct. I just disabled upnp using my router's web interface and now its gone. Thanks.

Code:
$ nmap 172.16.197.126

Starting Nmap 7.60 ( https://nmap.org ) at 2018-10-06 22:49 IST
Nmap scan report for 172.16.197.126
Host is up (0.031s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds
__________________
OpenBSD 6.4
Intel(R) Core(TM) i3-6100 CPU
Ram 4GB
Intel HD Graphics
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ncmpcpp does not open? ucharfli OpenBSD Packages and Ports 11 26th September 2017 10:10 PM
open/net user are... clovis Off-Topic 1 14th August 2010 05:45 PM
cannot open cloning pty l2fl2f FreeBSD General 2 10th December 2008 07:30 PM
Open BSD 4.4 boot up issue jaideep_jdof OpenBSD Installation and Upgrading 7 17th November 2008 06:32 PM


All times are GMT. The time now is 05:09 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick