At certain times, opening the router's ports is necessary, such as when using certain tools, programs, or playing video games. For this reason, on more than one occasion we have talked to you about how you can open the ports in the different routers of companies such as Movistar, O2, Vodafone, Orange, etc. However, there are a number of ports that we should not open.
By default, the ports are closed, especially when we are dealing with dynamic or private ports. However, according to a latest security report, it is recommended not to open these 14 entries to avoid cyber attacks. And it is that, through a penetration test (pentest), it is possible to launch authorized simulated cybersecurity attacks on web pages, mobile apps, networks and systems in order to find vulnerability. Well, these vulnerabilities can occur when opening these 14 ports.
The 14 ports that should not be touched
Not all ports are vulnerable, but, in this case, the ones we are going to see below are. For this reason, in order to keep our network safe, we better not touch them, since the penetration tests they have carried out make it clear that their vulnerabilities are easy to exploit.
FTP ports (20, 21)
First on the list is the FTP entry, which stands for File Transfer Protocol. Ports 20 and 21 are those TCP ports that are used to allow users to send and receive files from a server to their personal PCs. In this case, we are dealing with an insecure entry that is completely out of date. So it can be exploited through anonymous authentication, cross-site scripting, brute force passwords or directory traversal attacks.
SSH (22)
Then, we also find the SSH (Secure Shell) entry. It is a TCP port used to ensure secure remote access to servers. Instead, exploits can be exploited by brute-forcing SSH credentials or otherwise using a private key to gain access to the target system.
Telnet (23)
This TCP protocol allows users to connect to remote computers over the Internet. By opening port 23, which is currently outdated and insecure, we would be vulnerable to malware. And not only this, but we could also give way to identity theft.
SMTP (25)
Port 23 is used by the SMTP protocol to send and receive email. Well, in this case, you may be vulnerable to spam. In addition to identity theft by not being well protected against cyber attacks.
DNS (53)
DNS is a TCP and UDP port that is used for transfers and queries respectively. Well, by opening it, hackers can take advantage of a fairly common exploit on DNS ports, which is a distributed denial of service (DDoS) attack.
TFTP (69)
TFTP or Trivial File Transfer Protocol is a UDP port used to send and receive files between a user and a server over the Internet. Therefore, by opening it, they can attack it by spreading passwords and unauthorized access.
SMB (139, 137, 445)
This SMB port stands for Server Message Block. In this chaos, we are facing a communication protocol created by Microsoft that gives us the possibility of having shared access between files and printers through a network. This entry could be exploited via the EternalBlue vulnerability, i.e. brute force is used to get SMB login credentials, exploiting the SMB port using NTLM Capture and connecting to SMB using PSexec.
HTTP / HTTPS (443, 80, 8080, 8443)
HTTP (Hyper Text Transfer Protocol) and HTTPS (Hyper Text Transfer Protocol Secure) are two other common inputs when browsing the Internet. In this case, they are vulnerable to SQL injections, cross-site scripting, etc.
