I want to use the NAT firewall of AirPort Express.I scan APE ports when NO ports are forwarded and these ports are open by default:
Open TCP Port: 21 ftp
Open TCP Port: 53 domain
Open TCP Port: 139 netbios-ssn
Open TCP Port: 445 microsoft-ds
Open TCP Port: 548 afpovertcp
Open TCP Port: 554 rtsp
Open TCP Port: 5009 winfs
Open TCP Port: 7070 arcp
My question is why?
And there are some way to close some?
I don't use FTP and other services.
MacBook Air, Mac OS X (10.7)
By default, all inbound ports on the Apple routers are closed already, but they are not designed to be stealthy. As such, certain utilities can see them as open.
Please check out the following Chron article. It may be a bit outdated but I think it drives the point across why Apple decided not to make their base station ports stealthy.
By default, all inbound ports on the Apple routers are closed already, but they are not designed to be stealthy. As such, certain utilities can see them as open.
Please check out the following Chron article. It may be a bit outdated but I think it drives the point across why Apple decided not to make their base station ports stealthy.
Great article, but i still don't understand whether AirPort Express is good to stay before my Mac mini server.What i found is that it integrates well with Server.app and there could be made the forwarding.What Apple sais about Mini Server and wheter it's router is safe enaught to server as firewall.
If security is critical to you then you may want to consider getting a business-grade firewall or combination firewall router instead of using consumer-grade products.
Security is always important and crucial.What i'd like to know is:
If the benefit of using stealthed ports is NOT RESPONDING of the bots , pretending that there is no services at this IP, than it's a bit usless because it's not possible to stealth open ports which server use.the firewall won't answer at all setalthed ports but will answer about open ones which gives an information that there is working host.
...than it's a bit usless because it's not possible to stealth open ports which server use.
A port that is in Stealth mode is not "seen" from the WAN, not the LAN. When a server on the LAN attempts to open a port it is doing so from the LAN side. All ports on the AirPort firewall are Open from the LAN side.
NAT default open ports
