Networking – Scanning the public IP address with Nmap finds TCP port 1720 open, is this a security concern


When scanning my public ip address with Nmap I found out that I have open port on 1720/TCP. According Nmap service on it is H.323/Q.931. Researching uses of this port also brings up Microsoft Netmeeting.

I did the scan from outside, not from my own network.

My router/modem is ZyXEL P-660HN-T1A, ADSL2+. The modem is in routing state and devices behind it are using NAT. Devices behind the modem are Windows 7 computer that was turned off during the scan and Linux server that is listening only on 22/SSH. On the settings of the modem port forwarding active only for the SSH port. As far as I can see from the settings, there is no remote management allowed from WAN.

So why does port 1720 appear open on Nmap scan? Is this some feature of the modem or could this mean some kind of security breach?

EDIT: I did the same from my home computer to my public IP. From this point of view the port 1720 is not open. Does that tell something?

EDIT2: From the settings I found out that UPnP was enable for LAN only. I don't have any VOIP services. I am not aware of my ISP managing my device. (They did not provide the device.)

EDIT3: Telneting my public ip and port 1720 from the outside connects:

Connected to <my ip>
Escape character is '^]'
<giving any input>
Connection closed by foreign host.

EDIT4: More scanning revealed that I also had port 7547open (Allegro RomPager according to Nmap). It even provided html page accessed from the internet.

Best Answer

I managed to solve this somewhat by port forwarding both of those open ports on my local network to non-existent ip and to port 9 (Discard Protocol).

This made the port 7547 closed. But the port 1720 still allows telnet connection from the outside world.

I still wonder if these is any way to get this port closed as well.

UPDATE: After dealing with Zyxel customer support it appears that there is no fix for this. Problem is probably caused bug in the firmware.

Related Question