After a long time of worrying about my network being secure and finally understanding the basic job of the ports I would see open. I recently noticed port 2103 Zephyr-clt and port 2105 eklogin open on my daughters computer. I asked her if she was "Instant Messaging" as that seemed like what the ports were for, but she said no. It was near midnight but I did not think she would fib about it? She did just add a printer that day. Can anyone tell me why these would suddenly appear open?
4
-
When you say it seemed like the ports were used for "Instant Messaging", did you infer this from research in to what the ports were used for?– UnencodedCommented Apr 23, 2016 at 16:35
-
Yes Sam, That's what it looked like from researching ........– Chucky DuPontCommented Apr 23, 2016 at 16:42
-
Yes Sam3000, that is what it looked like after researching it........– Chucky DuPontCommented Apr 23, 2016 at 16:44
-
You're very welcome, if you're able to vote on my answer or mark it as the answer at any point too that would be much appreciated!– UnencodedCommented Apr 23, 2016 at 17:27
Add a comment
|
3 Answers
The most common use for those ports is Microsoft Message Queuing or MSMQ, described below. At first sight it may appear to be for instant messaging, but is in fact a more fundamental component of some programs that communicate within local networks - such as printers, although I cannot be certain that this is the reason the port is open in your case.
In simple terms, it acts as a digital notice board - you pin a message to it and it remains there until the recipient removes it - the important point being that the recipient does not have to be present and waiting for the message when it is sent. In digital terms, this is similar to sending a document to a printer when it is offline - using MSMQ the message to print the document would wait until the printer is online, instead of scrapping the message.
N.B This is means the printer could be the reason, but there may also be other causes. Either way, it is a low security risk issue, as I understand that is a primary concern. Assuming you have a router between you computers and the internet (and Antivirus programs), system firewalls are almost not needed these days.
What is MSMQ?
From Microsoft:
Microsoft Message Queuing (MSMQ) technology enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline. MSMQ provides guaranteed message delivery, efficient routing, security, and priority-based messaging. It can be used to implement solutions for both asynchronous and synchronous messaging scenarios.
answered Apr 23, 2016 at 16:57
After a fresh install of a Windows system appliance from a system image of a globally used high-security product, I run nmap and below are the results:
root@kix:~# nmap -sT 192.168.10.2
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-21 19:37 +08
Nmap scan report for 192.168.10.2
Host is up (0.0012s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE
1801/tcp open msmq
2103/tcp open zephyr-clt
2105/tcp open eklogin
2107/tcp open msmq-mgmt
49155/tcp open unknown
This is fresh install from the appliance's image. So it seems, the above listening TCP ports are Windows basic subsystem components.
I found this port open on my laptop(running Win10) and pretty sure it first appeared after I installed ICQ Instant Messenger. Hope this helps. :)
I should note that you don't have to be actively using the Messenger. Just having the program open and running in the background(this is how these programs are able to accept messages sent to you at any time) is what creates the open port. Just saying this in relation to you asking your daughter if she had been instant messaging at that time. Which in fact she probably wasn't.
