Linksys BEFSR41 Port 80 Open

[talkincat]

I have a Linksys BEFSR41. I was running some port scans from work and decided to see what I have open. I found the ports that I have open on purpose, port 8080 which is used for remote management, but I also found that port 80 is open. The odd thing is, when looking through the logs, I get a lot of hits on port 80, but it seems to block them all. So why is it showing open? I wrote to Linksys, and I got the following response, which was not terribly helpful:

"Port 80 is used to access sites in the Internet.

However, if you want to close this port and not use it (you cannot access the sites anymore), please access your router's utility and then go to the Filters page. Under the Filtere Private Ports, please enter 80 and then click on APPLY after."

Well, that's simply not true as I understand TCP/IP. The router knows based on the packet header to let through traffic that I initiate from inside the LAN. I mean, I can get to FTP sites, but I don't have port 21 open!!!!

Also, I tried turning off remote management which did close port 8080, but not port 80. I have also tried scanning a friend's connection using the same router in a different city, and port 80 is open there, also.

Anybody have any idea why I'm seeing this?

 

[minendo]

What program were you using to run the port scans? I have the same router and the last port scan I ran did not show any openings. Perhaps you had a browser or something open on your home computer that caused it to think port 80 was open.

 

[talkincat]

 

[talkincat]

I have used several port scanning programs. I have noticed that if I have "Block WAN Request," turned on, and the port scanner can't ping the IP I get somewhat inconsistent results, I.E. it doesn't see the ports I KNOW are open, but when the scanners can ping the IP I get the same thing all the time.

As for the web browser, no, I didn't have any apps running that would have been using port 80, but it shouldn't matter, even if there were an active transfer on that port it shouldn't be open to the internet at large.

 

[talkincat]

Anybody else have any ideas?

 

[talkincat]

Bump.

 

[Utterman]

According to this web site http://www.consealfirewall.com/commonports.htm it shows that port 80 is internet traffic.

Edit: fixed errors

 

[talkincat]

Originally posted by: Utterman
According to this web site http://www.consealfirewall.com/commonports.htm it shows that port 80 is internet traffic.

Yes, port 80 is used for HTTP transfers, but the only reason a port needs to be open is for connections that are not initiated from inside the network. When I want to administer my router remotely, I need to be able to get in, therefore I need a port open (8080). But with web pages, I don't need an open port because every time I want to look at a web page I type in a URL or click a link or in some other way initiate the transfer from within the network, so the port doesn't need to be open.

I hope that makes a little sense, it's been a long day.

 

[Kadarin]

Originally posted by: talkincat
I wrote to Linksys, and I got the following response, which was not terribly helpful:

"Port 80 is used to access sites in the Internet.

However, if you want to close this port and not use it (you cannot access the sites anymore), please access your router's utility and then go to the Filters page. Under the Filtere Private Ports, please enter 80 and then click on APPLY after."

It sounds like someone at Linksys tech support completely misunderstood you. (Or does not understand ip transport protocols, or both.) If you have tested this with more than one Linksys router and found port 80 to be showing open on both, then it's most likely having to do with the way their firmware handles the remote admin (i.e. when you change remote admin to a different port, it fails to close the original port). Still, this shouldn't be cause for too much alarm unless port 80 is mapped to some internal ip, or unless the router itself responds in some way.

Contact Linksys and get the latest firmware, as this may be a known problem (in spite of what the support drone didn't know), if you haven't already. Also, you could map port 80 to some unused ip within your local network, which will create a "bit bucket" for any incoming traffic on port 80.