@CrimsonLiar wrote:
Have you tried a port scan on everything else on your network? What do you believe it's possible to do with these open ports on the router (and other devices)?
Yes, it's good security practice to check all major infrastructure components of your network to find any potential vulnerabilities, hidden features and to verify any settings you have made.
As to what's possible, a positive use case for MQTT would be to allow presence detection i.e. the router sends a MQTT message whenever a device is (diss)-connected with WiFi; if linked with other smart devices, home automation could switch on/off lights, heating or just enable you to create smarter automations knowing if devices such as mobile phones were 'home' or 'away'.
@Cynric wrote:
Have you looked into what is open on the WAN side?
After you stopped PnP did any of these ports close? If not did you restart the router and look again. PnP may have requested these posts and therefore the devices connected to the LAN should also be inspected.
Yes, the WAN side ports scanned were all closed. Switching off UPnP as expected closed port 5000 on the router, all others remain open. NMAP is a powerfull tool which shows that there is a service/server waiting on each of the ports listed above. Nginx is a popular Linux web server but can be used for other purposes, such as a reverse proxy.
Each of the open ports can be viewed as "Your router is waiting for some information to be sent, specifically to that port", this could be good, bad or indifferent, depending on their intended purpose.
