Some Open Services pose different vulnerabilities and risks than others. Read on to learn more about these risks and how to avoid them.
Open DNS Resolver, NTP Modes 6 & 7, SNMP, Chargen, QOTD, NetBIOS, SSDP and LDAP Services
These Open Services are accessible to anyone on the internet and are responding to queries.
THE RISK: The vulnerabilities of these Open Services can be exploited by a remote user to use your internet connection to anonymously attack other devices or sites and servers across the internet
Open Cisco Smart Install Service
The Open Cisco Smart Install Service is running and accessible to anyone on the internet.
THE RISK: This service doesn’t require authentication and could allow a remote user to obtain a copy of your device’s configuration file and upload an altered version or malicious software.
Open SMB Service
The Open SERVER Message Block (SMB) Service is running on port 445/TCP and is accessible to anyone on the internet.
THE RISK: The SMB protocol is not protected and can be accessed openly by anyone to obtain stored files and sensitive information, resulting in vulnerability to brute force attacks, multiple exploits and/or the disclosure of confidential information.
Open VNC Service
The Open Virtual Network Computing (VNC) Service is a graphical desktop sharing system running on port 5900/TCP and is accessible to anyone on the internet.
THE RISK: VNC doesn’t utilize encryption and, if configured improperly, can potentially disclose sensitive information or unknowingly provide remote access to your system.
Open mDNS Service
In computer networking, the multicast Domain Name System (mDNS) protocol resolves hostnames to IP addresses within small networks that do not include a local name server.
THE RISK: Devices using mDNS could potentially respond to malicious queries outside a local network and inadvertently facilitate a large-scale Denial of Service attack.
Open Elasticsearch Service
The Open Elasticsearch Service is running and accessible to anyone on the internet.
THE RISK: Elasticsearch doesn’t support authentication, so remote users could potentially access Elasticsearch and gain control of the service, putting your information at risk of being disclosed.
Open MS-SQL Server Resolution Service
The Open MS-SQL Server Resolution Service is running and accessible to anyone on the internet.
THE RISK: If this service is accessible via your network, you’re at risk of having your network information exposed. The service itself can be used in UDP amplification attacks.
Open Telnet Service
The Open Telnet Service is running on port 23/TCP and is accessible to anyone on the internet.
THE RISK: Due to a lack of encryption, Telnet traffic can be intercepted. Open Telnet ports can also be exploited by malware, potentially resulting in initiating Denial of Service attacks, the extracting or destroying of information and more.
Open Apple Remote Desktop Service
The Open Apple Remote Desktop Service is running on port 3283/UDP and is accessible to anyone on the internet.
THE RISK: This service’s vulnerabilities could be exploited by external users to be used in attacks or to leak information about the system it’s running on.
Open FTP Service
The Open File Transfer Protocol (FTP) Service is running on port 21/TCP and is accessible to anyone on the internet.
THE RISK: This service provides no encryption (unless you’re using FTPS), so sensitive information or system credentials could potentially be exposed. Devices using the service are also at risk of being used in UDP amplification attacks.
What do I do if my service is open to the internet and is responding to queries?
If you use an open service and your device is behaving strangely or showing signs of an exploitable vulnerability, try the following:
- If you have the expertise, disable the Open Service or restrict access to only trusted IP addresses on your device.
- If you’re unable to complete the above, or if you’ve completed the above but your device is still acting strangely, bring it to a third-party computer repair technician to solve the problem.