New Ports open on update

**AdamB** · 09-23-2013, 06:26 AM

I updated my untangle box over the weekend to the latest 9.x build. Before the upgrade nmap would report no open ports. Directly after the upgrade I have open ports.

25/tcp filtered smtp
53/tcp open domain
80/tcp open http
443/tcp open https
3001/tcp open nessus
3128/tcp open squid-http
9535/tcp filtered man

Does this seem typical? This is the first time I have ever upgraded and ended up with open ports.

I have a script which nmaps all my machines and diff's the output, I was a bit surprised to see this.

**dwasserman** · 09-23-2013, 11:52 AM

And what are your by pass rules and port forward rules?
You run nmap from internet to your public ip address?

**sky-knight** · 09-23-2013, 12:29 PM

If I've said it once, I've said it 1000 times.

The only port open on Untangle's External by default is TCP 443. (UDP 1194 is there too, but UDP and "open" don't really belong in the same sentence)

If you have any other ports open, they are open because you've configured them to be open.

I suggest you take a peek in the packet filter, look in the system rules section, and make sure the "Block Traffic to Local Server Processes" rule is enabled. And if it isn't, smack yourself for disabling that rule and seriously consider paving the box because it's a serious risk at this point.

**AdamB** · 09-24-2013, 07:29 AM

Originally Posted by sky-knight

If I've said it once, I've said it 1000 times.

The only port open on Untangle's External by default is TCP 443. (UDP 1194 is there too, but UDP and "open" don't really belong in the same sentence)

If you have any other ports open, they are open because you've configured them to be open.

I suggest you take a peek in the packet filter, look in the system rules section, and make sure the "Block Traffic to Local Server Processes" rule is enabled. And if it isn't, smack yourself for disabling that rule and seriously consider paving the box because it's a serious risk at this point.

Yep I have seen you say it 1000 times

, but the only thing that changed was the upgrade. I do have "Block traffic to local server processes." checked in the packet filter rules.

Port 80 is untangle, I can hit the login page, but when logging in it just states that external administration is disabled, I guess its no concern. 443 is a port forward which is expected. Port 3001 and 3128 though I have no clue why they are open, and I don't have a packet filter rule for them. I have 2 packet filter rules and that is all. I do have the DNS server on, but I would expect that only the local LAN would have access.

**pirateghost** · 09-24-2013, 07:41 AM

3128 is typically a port used for Proxy services (across many distros/setups)
not sure about 3001

Do you have proxy configured?

**jcoffin** · 09-24-2013, 07:56 AM

I'm assuming this is 9.4.2. Port 25 is never open on a default Untangle. Either the box has been modified or your nmap is of port forwards or its a bridge.

**AdamB** · 09-24-2013, 08:13 AM

Originally Posted by pirateghost

3128 is typically a port used for Proxy services (across many distros/setups)
not sure about 3001

Do you have proxy configured?

Nope, no proxies.

**AdamB** · 09-24-2013, 08:13 AM

Originally Posted by jcoffin

I'm assuming this is 9.4.2. Port 25 is never open on a default Untangle. Either the box has been modified or your nmap is of port forwards or its a bridge.

That port is showing as filtered, no worries on that one.

**sky-knight** · 09-24-2013, 08:20 AM

Or you're a bridge that's now plugged in backwards for some reason. Debian 5 SHOULDN'T do this, but it can in some crazy cases on reboot.

Or you're NMAP'ing the wrong port, and you're scanning Internal not External.

Thread: New Ports open on update

LinkBack

Thread Tools

New Ports open on update

Posting Permissions