Skip navigation
This discussion is archived

AEBS always showing ports 21, 554, and 7070 open?

2612 Views 3 Replies Latest reply: May 24, 2008 8:27 AM by aberrant RSS
aberrant Calculating status...
Currently Being Moderated
May 22, 2008 11:46 PM
Every portscan I run from behind my AEBS to hosts on the outside shows ports 21 (ftp), 554 (rtsp) and 7070 (realserver) open on the destination, even when I know these ports are closed. Is the AEBS spoofing the connects? Wireshark shows a normal 3-way handshake which is very troubling.
Macbook Pro 2.4, Mac OS X (10.5.2)
  • impulse_telecom Level 3 Level 3 (635 points)
    Currently Being Moderated
    May 24, 2008 7:46 AM (in response to aberrant)
    Hi,

    Curious... I'll have to set that up in my lab to try that. I'm guessing the AEBS is functioning in a proxy mode to make NATing FTP and Real Media easier, and the AEBS just responds before it has even checked with the remote host to see if those protocols are even running.

    It could be harmless and something you're only going see doing port scanning. On the other hand, it might be the toe hold for launching some sort of bounce attack. My approach to security is to only do the minimum necessary to achieve functionality, so the AEBS would be violating that precept.

    1. Does the AEBS do this for other hosts on the LAN side?

    2. Does the the AEBS do this when it is in bridge mode?


    Bill
    multiple types, and windows too

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.