I found a different port during the scan, it's port 49152. Is the modem or the router compromised?

309    Asked by Amitraj in Cyber Security , Asked on Feb 2, 2022

 I recently ran a port scan (just TCP) on my home router/modem (AT&T U-Verse) and found two peculiar ports that are open. Here is the scan output/results for nmap 192.168.1.254 -P0:

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-10-14 14:30 UTC

Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth ScanSYN Stealth Scan Timing: About 51.50% done; ETC: 14:31 (0:00:42 remaining)Nmap scan report for homeportal (192.168.1.254)

Host is up (0.0045s latency).Not shown: 996 closed PORT      STATE    SERVICE80/tcp    open     http 256/tcp   filtered fw1-secureremote

443/tcp   open     https 49152/tcp open     unknown The strange ports are 256(tcp) and 49152(tcp).  Doing some cursory research on Google, I found that fw1-secureremote (running on port 256) is used by VPN clients (SecuRemote).  How might I go about contacting AT&T about this?


Answered by Andrew Jenkins

I found this thread: http://ubuntuforums.org/showthread.php?t=1900623 In summary, port 49152 corresponds to nPNP port in some routers (in that thread is a D-link wbr-1310). Disabling it closed that port. About port 256, as it is related to VPN, look into the VPN settings in your router.



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com