I just did a portscan on my parents router from the outside with nmap. (outside means I ssh'ed to my server and nmap'ed back to the routers external ip from that server)
~ $ sudo nmap -Pn xx.xx.xx.xxx
Starting Nmap 5.51 ( http://nmap.org ) at 2012-04-14 15:11 CEST
Nmap scan report for foo.bar.blabla.xx (xx.xx.xx.xxx)
Host is up (0.017s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
81/tcp open hosts2-ns
113/tcp closed auth
1723/tcp open pptp
pptp and auth are intended and known ports, but I have no idea what hosts2-ns is. I googled for it, but all I found was further detail on its name (hosts to nameserver) which was pretty obvious and that tt was also used as alternative port for http (80). And some other site told that port 81 is a favourite port for some malware.
So what is the practical use for hosts2-ns or which application on the router is it needed for? There is no port forwarding active on that port. (edit: wrong actually)
The router is a Draytek Vigor2200E-plus. It is used for some LAN-LAN stuff and VPN.
Edit:
When I try to connect to it with a browser xx.xx.xx.xxx:81 I get asked for a username and password (no html, just a window opening), but the username and password used to access the router does not work. Service scan nmap -Pn xx.xx.xx.xxx -sV showed David WebBox httpd 12.00a.0773. I know that program, it is some mail software my fathers business uses. But I wonder how it managed to open the port, UPnP is not active.
Best Answer
nmap is telling you that port 81 is open, not what service is running on port 81. hosts2-ns is simply the name nmap has it referenced as (possibly from the /etc/services file on the machine you are running nmap from).
The real question is why is it open, and what is behind it. There are a few options:
Your first point of investigation is the router itself, given that nmap is saying the port is open, something must have responded to its probe.