Open TCP Ports

[Rhisiart]

Is it normal to have two or three ports open on an individual computer (by testing via PORTSCAN)?.

N.B. Using a NetGear router and enabling Mac's Firewall.

[fryke]

Well, it depends on what services you're using. Which ports are open? Mine shows 631 (Internet Printing Protocol, CUPS?), 1033 (netinfod, only localhost can access it). So nothing to worry. Several internet applications can need one or the other port to be open. If you have, say, an FTP server running on your Mac, you'll want port 21 to listen to FTP-clients, maybe.

Also: From where did you "portscan" your Mac? On your local host? The _interesting_ thing, of course, would be to see whether there's ports open looking at your network from the _outside_.

[Rhisiart]

Quote:

Originally Posted by fryke

Well, it depends on what services you're using. Which ports are open? Mine shows 631 (Internet Printing Protocol, CUPS?), 1033 (netinfod, only localhost can access it). So nothing to worry. Several internet applications can need one or the other port to be open. If you have, say, an FTP server running on your Mac, you'll want port 21 to listen to FTP-clients, maybe.

21 FTP
23 telnet
80 http
8701 (?)

Quote:

Originally Posted by fryke

Also: From where did you "portscan" your Mac? On your local host? The _interesting_ thing, of course, would be to see whether there's ports open looking at your network from the _outside_.

Portscanned from my own Mac. Could try portscanning from my father's PC next time I visit him.

[ElDiabloConCaca]

Ports 21 (FTP) and 80 (HTTP) will be on if you've enabled FTP Sharing and Personal Web Sharing in the "Sharing" pane of the System Preferences. Perfectly normal if those services are "on".

Port 23 (Telnet) should be open if you manually opened it by editing the configuration file. As far as I know, you cannot enable Telnet via Mac OS X's GUI, so you would have had to either use a 3rd-party utility or manually enable Telnet access.

I have no idea what port 8701 is for.

[Rhisiart]

Quote:

Originally Posted by ElDiabloConCaca

Ports 21 (FTP) and 80 (HTTP) will be on if you've enabled FTP Sharing and Personal Web Sharing in the "Sharing" pane of the System Preferences. Perfectly normal if those services are "on".

FTP or Personal Web Sharing are not enabled and never have been.

Quote:

Originally Posted by ElDiabloConCaca

Port 23 (Telnet) should be open if you manually opened it by editing the configuration file. As far as I know, you cannot enable Telnet via Mac OS X's GUI, so you would have had to either use a 3rd-party utility or manually enable Telnet access.

I have not manually opened Telnet by editing the configuration file (wouldn't know how anyway). I am not aware of installing any 3rd party utility to enable Telnet access, unless I have somehow done this unwittingly.

Quote:

Originally Posted by ElDiabloConCaca

I have no idea what port 8701 is for.

Fair enough. And thanks.

Quote:

Originally Posted by fryke

From where did you "portscan" your Mac? On your local host? The _interesting_ thing, of course, would be to see whether there's ports open looking at your network from the _outside_.

According to a port scan conducted from another computer this evening, ports 21 (FTP), 23 (Telnet) and 80 (HTTP) on my Mac are all completely secure.

Yes, it does seem to make a difference. I wonder why?

[ElDiabloConCaca]

Quote:

Originally Posted by rhisiart

Yes, it does seem to make a difference. I wonder why?

If you're behind a router, then any portscanning will only report what ports are open on the router itself, not any computers connected to it (unless a computer is in the router's DMZ or ports are being forwarded to a specific computer).

If you scan from inside your network (a computer on the same subnet/router as you), then your computer may then report these ports as being open.

I just tried portscanning localhost with and without sharing enabled. If I turn on services, their respective ports show up in a portscan. If I turn them off, they don't report as being open (as expected).

Have you tried turning on then turning off those respective services? Have you installed any Apache (like upgraded to Apache2) or FTP software recently (or ever)?

[Rhisiart]

Quote:

Originally Posted by ElDiabloConCaca

If you're behind a router, then any portscanning will only report what ports are open on the router itself, not any computers connected to it...

Yes, I understand what you are saying.

Quote:

Originally Posted by ElDiabloConCaca

Have you tried turning on then turning off those respective services?

Yes. Tested with them off and tested with them on. Results the same.

Interestingly, when I portscanned my router, 21 (ftp), 23 (telnet) and 80 (http) ports were all secure. However, port 3306 (mysql) appeared open.

Quote:

Originally Posted by ElDiabloConCaca

Have you installed any Apache (like upgraded to Apache2) or FTP software recently (or ever)?

I recently installed Fetch and CyberDuck (the latter just to try out).

I also installed (again just to try out) an Apache programme, WebServerXKit, which I uninstalled a few days ago.