Any help with this would be greatly appreciated...
Done 3 nmap scans to assess router's security (mainly WAN side). The questions that I have:
Does scan A) really imply I have all these ports open on WAN side!? (I would've tested with some online sites, but considering I am on VPN and behind another communal router - this will be tough)
What's the deal with mit-ml-dev? I seem to remember running scans before latest OpenWRT upgrade and don't remember seeing this? Any thoughts on what's this service/port doing here?
More of a curiosity question... why C) shows 139, 445 as filtered, but A) and B) has no mention of them?
(nmap was run with default params)
P.S. I myself never opened any ports on the router
A) ON ROUTER SCANNED WAN ADDRESS
Nmap scan report for [WAN ADDRESS]
Host is up (0.00025s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
83/tcp open mit-ml-dev
443/tcp open https
B) ON ROUTER SCANNED LOCALHOST ADDRESS
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00030s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
83/tcp open mit-ml-dev
443/tcp open https
C) ON LAN CLIENT SCANNED ROUTER'S LAN ADDRESS
Nmap scan report for [LAN ADDRESS]
Host is up (0.16s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
83/tcp open mit-ml-dev
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
No, you really need to scan from the outside, e.g. via cell phone, a remote server or from a friend to get a meaningful result. The router knows that you're scanning from LAN if you just use its WAN address from the inside.
By default, all ports are closed on WAN (reject), with only ping being answered.
netstat -antp was a helpful tip, thanks. It helped me realise it is just router manufacturer's admin portal that is bound to this port (in addition to 80). I will do some mucking around with settings and see if I can drop both 80 and 83 as I am connecting to the admin portal via 443 anyway. Cheers!
OpenWrt firewall rules and policies are implemented and applied based in the ingress and egress interfaces.
Scanning any local IP from the host itself is performed via the loopback interface using permissive firewall policy and overriding any zone restrictions.
Scanning any router's IP from the LAN is performed via the LAN interface which is attached to the LAN zone and has permissive firewall policy by default.