Results 1 to 9 of 9
  1. #1
    Master Untangler
    Join Date
    Mar 2011
    Location
    Auburn, NY
    Posts
    437

    Default New Ports open on update

    I updated my untangle box over the weekend to the latest 9.x build. Before the upgrade nmap would report no open ports. Directly after the upgrade I have open ports.

    25/tcp filtered smtp
    53/tcp open domain
    80/tcp open http
    443/tcp open https
    3001/tcp open nessus
    3128/tcp open squid-http
    9535/tcp filtered man

    Does this seem typical? This is the first time I have ever upgraded and ended up with open ports.

    I have a script which nmaps all my machines and diff's the output, I was a bit surprised to see this.

  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,371

    Default

    And what are your by pass rules and port forward rules?
    You run nmap from internet to your public ip address?
    The world is divided into 10 kinds of people, who know binary and those not

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    If I've said it once, I've said it 1000 times.

    The only port open on Untangle's External by default is TCP 443. (UDP 1194 is there too, but UDP and "open" don't really belong in the same sentence)

    If you have any other ports open, they are open because you've configured them to be open.

    I suggest you take a peek in the packet filter, look in the system rules section, and make sure the "Block Traffic to Local Server Processes" rule is enabled. And if it isn't, smack yourself for disabling that rule and seriously consider paving the box because it's a serious risk at this point.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Master Untangler
    Join Date
    Mar 2011
    Location
    Auburn, NY
    Posts
    437

    Default

    Quote Originally Posted by sky-knight View Post
    If I've said it once, I've said it 1000 times.

    The only port open on Untangle's External by default is TCP 443. (UDP 1194 is there too, but UDP and "open" don't really belong in the same sentence)

    If you have any other ports open, they are open because you've configured them to be open.

    I suggest you take a peek in the packet filter, look in the system rules section, and make sure the "Block Traffic to Local Server Processes" rule is enabled. And if it isn't, smack yourself for disabling that rule and seriously consider paving the box because it's a serious risk at this point.
    Yep I have seen you say it 1000 times , but the only thing that changed was the upgrade. I do have "Block traffic to local server processes." checked in the packet filter rules.

    Port 80 is untangle, I can hit the login page, but when logging in it just states that external administration is disabled, I guess its no concern. 443 is a port forward which is expected. Port 3001 and 3128 though I have no clue why they are open, and I don't have a packet filter rule for them. I have 2 packet filter rules and that is all. I do have the DNS server on, but I would expect that only the local LAN would have access.

  5. #5
    Master Untangler
    Join Date
    Oct 2008
    Posts
    913

    Default

    3128 is typically a port used for Proxy services (across many distros/setups)
    not sure about 3001

    Do you have proxy configured?

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,687

    Default

    I'm assuming this is 9.4.2. Port 25 is never open on a default Untangle. Either the box has been modified or your nmap is of port forwards or its a bridge.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Master Untangler
    Join Date
    Mar 2011
    Location
    Auburn, NY
    Posts
    437

    Default

    Quote Originally Posted by pirateghost View Post
    3128 is typically a port used for Proxy services (across many distros/setups)
    not sure about 3001

    Do you have proxy configured?
    Nope, no proxies.

  8. #8
    Master Untangler
    Join Date
    Mar 2011
    Location
    Auburn, NY
    Posts
    437

    Default

    Quote Originally Posted by jcoffin View Post
    I'm assuming this is 9.4.2. Port 25 is never open on a default Untangle. Either the box has been modified or your nmap is of port forwards or its a bridge.
    That port is showing as filtered, no worries on that one.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    Or you're a bridge that's now plugged in backwards for some reason. Debian 5 SHOULDN'T do this, but it can in some crazy cases on reboot.

    Or you're NMAP'ing the wrong port, and you're scanning Internal not External.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2