router.jpg" alt="router ports" >
At certain times, opening the router’s ports is necessary, such as when using certain tools, programs, or playing video games. For this reason, on more than one occasion we have talked to you about how you can open the ports in the different routers of companies such as Movistar, O2, Vodafone, Orange, etc. However, there is a series of ports that we should not open.
By default, the ports are closed, especially when we are dealing with dynamic or private ports. However, according to a latest security report, it is recommended not to open these 14 entries to avoid cyber attacks. And it is that, through a penetration test (pentest), it is possible to launch authorized simulated cybersecurity attacks on web pages, mobile apps, networks and systems in order to find vulnerability. Well, these vulnerabilities can give when opening these 14 ports.
The 14 ports that should not be touched
Not all ports are vulnerable, but, in this case, the ones we are going to see below are. For this reason, in order to keep our network safe, we better not touch them, since the penetration tests they have carried out make it clear that its vulnerabilities are easy to exploit.
- FTP ports (20, 21)
First on the list is the FTP entry, which stands for File Transfer Protocol. The ports 20 and 21 are those TCP that are used in order to allow users to send and receive files from a server to their personal PCs. In this case, we are dealing with an insecure entry that is completely out of date. So it can be exploited through anonymous authentication, cross-site scripting, brute force passwords or directory traversal attacks.
- SSH (22)
Then, we also find the SSH (Secure Shell) entry. It is a TCP port used to ensure secure remote access to servers. Instead, they can take advantage exploits through brute force of SSH credentials or, on the other hand, using a private key to gain access to the target system.
- Telnet (23)
This TCP protocol allows users to connect to remote computers over the Internet. When opening port 23, which is currently outdated and insecure, we would be vulnerable to malware. And not only this, but we could also give way to identity theft.
- SMTP (25)
Port 23 is used by the SMTP protocol to send and receive email. Well, in this case, it can be vulnerable to unwanted mail (spam). In addition to identity theft by not being well protected against cyber attacks.
- DNS (53)
DNS is a TCP and UDP port that is used for transfers and queries respectively. Well, by opening it, hackers can take advantage of a fairly common exploit in DNS ports, which consists of a distributed denial of service attack (DDoS).
- TFTP (69)
TFTP or Trivial File Transfer Protocol is a udp port used for the purpose of sending and receiving files between a user and a server over the Internet. Therefore, by opening it, they can attack it by spreading passwords and unauthorized access.
- SMB (139, 137, 445)
This SMB port stands for Server Message Block. In this chaos, we are facing a communication protocol created by Microsoft that gives us the possibility of having shared access between files and printers through a network. This input could be exploited by the EternalBlue vulnerabilitythat is, brute force is used to get SMB login credentials, exploiting the SMB port using NTLM Capture and connecting to SMB using PSexec.
- HTTP / HTTPS (443, 80, 8080, 8443)
HTTP (Hyper Text Transfer Protocol) and HTTPS (Hyper Text Transfer Protocol Secure) are two other common inputs when browsing the Internet. In this case, they are vulnerable to SQL injectionscross-site scripts, etc.