[Dshield] netgear rp114 & port 110 open
josh at raintreeinc.com
Tue Feb 17 05:35:53 GMT 2004
I'm not too widely experienced in the home router field, but I wouldn't
be surprised if it your router just kinda felt like responding on that
port just for kicks. I had one that wouldn't forward ports unless it had
a static address on the WAN side - I couldn't ever figure out what made
the ability to forward SYNs dependent on a static WAN IP, but that's
what the manual said.
Could it possibly be a cable modem deal? Some/all cable modems are
supposed to listen on some ports for things like TFTP traffic to allow
configuration. They're only supposed to be addressable LAN-side, though,
and have different schemes for figuring out what their address is.
My best bet would be that what you're seeing really isn't your router.
Although it emails you logs, is it possible that your IP changed from
the time the log was mailed until you did the scan?
> At 05:38 PM 2/14/2004, Josh Tolley wrote:
>> warpmedia wrote:
>>> While connected from a clients site, I decided to run a port scan of
>>> my home system's IP and found port 110 open.
>>> The system is protected by an RP114 with a custom set of rules that
>>> are supposed to be block all attempts to connect.
> No forwarding, in fact I was under the impression that my rules blocked
> all protocols destined for ports <1024 as I run no servers or port
> forwards into my LAN.
>>> Is there a way I can grab remote MAC & see if it's my RP114?
>>> I know the IP is correct as I have the daily logs sent to me and that
>>> is the IP from last nights log.
> Joshua MacCraw
> warpmedia at comcast.net
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list