[Dshield] netgear rp114 & port 110 open

Josh Tolley josh at raintreeinc.com
Tue Feb 17 05:35:53 GMT 2004

I'm not too widely experienced in the home router field, but I wouldn't 
be surprised if it your router just kinda felt like responding on that 
port just for kicks. I had one that wouldn't forward ports unless it had 
a static address on the WAN side - I couldn't ever figure out what made 
the ability to forward SYNs dependent on a static WAN IP, but that's 
what the manual said.

Could it possibly be a cable modem deal? Some/all cable modems are 
supposed to listen on some ports for things like TFTP traffic to allow 
configuration. They're only supposed to be addressable LAN-side, though, 
and have different schemes for figuring out what their address is.

My best bet would be that what you're seeing really isn't your router. 
Although it emails you logs, is it possible that your IP changed from 
the time the log was mailed until you did the scan?

Josh Tolley

warpmedia wrote:
> inline:
> At 05:38 PM 2/14/2004, Josh Tolley wrote:
>> warpmedia wrote:
>>> While connected from a clients site, I decided to run a port scan of 
>>> my home system's IP and found port 110 open.

>>> The system is protected by an RP114 with a custom set of rules that 
>>> are supposed to be block all attempts to connect.


> No forwarding, in fact I was under the impression that my rules blocked 
> all protocols destined for ports <1024 as I run no servers or port 
> forwards into my LAN.


>>> Is there a way I can grab remote MAC & see if it's my RP114?

>>> I know the IP is correct as I have the daily logs sent to me and that 
>>> is the IP from last nights log.

> Joshua MacCraw
> warpmedia at comcast.net
> http://mywebpages.comcast.net/jmaccraw
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list