Bionic711 DD-WRT Novice
Joined: 03 Jun 2011 Posts: 11
|
Posted: Sun Feb 26, 2012 23:59 Post subject: Ports 5060, 5500, and 5900 open by default? |
|
I'v recently ran an iptables --list to check my standing firewall configuration.
Code: |
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT tcp -- anywhere anywhere tcp dpt:5900
ACCEPT tcp -- anywhere anywhere tcp dpt:5500 |
That is quite disturbing to me.
Obviously, port 5060 is SIP, and 5900 is VNC. After further investigation 5500 is a VNC port for a program called Hotline. I have never personally opened any of these ports on my router. I obivously have other ports open like 443 because that's what the secure webserver remote management should use.
My questions is, are there any services that may be using these ports that I am unaware of on the machine? As stated above, certain ports like 443 should be open.
I don't use VNC anywhere in my house, I use a VPN for remote access on it's official port. Have never used a SIP protocol (to my knowledge at least, phone lines go directly through the modem by-passing the router, VoIP anyway) and these are in the INPUT sections of my IPtables.
Secondly what is the proper syntax to close these ports.
Would a command such as:
Code: | iptables INPUT --dport xxxx -j DENY |
be the proper syntax to close these?
I have UPnP turned on but it's my understanding in DD-WRT those would be in the forwarding section, not under the input.
Any ideas why these strange ports may be open on an input and proper closing of them? I'm no linux guru. 3rd year IT Security Student at USF. Lots to learn still about *nix OS systems but I have a good understanding of how everything works.
Thanks in advance everyone! |
|