port 22, 53 expose on nmap

[coits]

Hi All,

I have stopped service for rpcbind and uhttps, so that it won't show on nmap.

Can someone please advise if we can prevent exposing these ports 22, 53 on the wan side? I have scan my external ip and these ports are exposed.

can we allow port 22 and 53 to be internal network only.

=========================
Host is up (0.0026s latency).
Not shown: 996 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
=========================

Thanks

[Lantis]

They aren’t exposed on WAN by default.
Are you certain you ran these tests correctly? It’s very common to see these questions and the testing methodology was flawed.

You can’t nmap wan from your own LAN. Given the latency shown this looks suspiciously like the case.

[coits]

Hi Lantis,

Yes, I have tethered on my phones wifi and confirm port 22 and 53 are not exposed on the external ip.

But,I was surprised that nmap returns port 21 as open on external IP. I have check and there is no ftp service is running on the router.

Have you or someone experience this? please let me know if this is my internet service provider running ftp service (port 21) or is this something that I will be concern about.

Thank you.

[Lantis]

Unless you made a firewall rule, nothing is open to the internet by default.

[coits]

Hi Lantis,

I did not make a new firewall rule. I have use my mobile data again and tried to connect on port 21 using my external
IP, but it won't allow me to access it.

I guess I'm good for now, just wondering why the port is showing up.

Thank you!