SG Broadband Community

Hello everyone. I made a scan as logged off and the ports of my windows 8 operating system were closed. I made a scan as logged in and the 30005/tcp port (used my backdoor JZ / LItus) was open. I have upgraded my Ubuntu to 12.04 and I made a scan of the ports as logged off and they were closed. Then I made a scan as logged in and the 30005/tcp was open (also in Ubuntu 12.04 that I had installed the same day: yesterday!).

I should also add this piece of information: I have scanned my computer with Nmap from another computer of my network and the ports were all filtered.

Now, I am wondering: can be an error of SPEEDGUIDE scan port service?

Do you have Cox for an ISP? I do and port 30005 is open on both of my home computers. You can take this with a grain of salt but in my research I read that Cox keeps this port open for firmware updates. In all my research I encountered comments by people who seemed very computer literate and none were able to close that port. Mentioned also was a suspicion that it was a Cox-approved tunnel provided to the government.

Other than that old malware, port 30005 is also sometimes associated with TR-069, a protocol for remote management of end-user devices (modems, routers, gateways, VoIP phones, set-top boxes). It has some known exploits. You may want to try turning of TR-069 in your gateway, or, if not possible just forward the port to an unused local IP address.

I have updated the port description in the security scan with some possible mitigation as well.