Port 21

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Peter Sim
    Trusted Tech

    250+ Posts
    • Sep 2008
    • 440

    Port 21

    Hi all, need info and help.
    Because anti virus block port 21 for ftp, causing the scanner cannot use ,can we change to port like port 25 or other?

    Thank you ina dvance.
  • linuxxpwin
    Trusted Tech
    • May 2008
    • 205

    #2
    Re: Port 21

    Originally posted by Peter Sim
    Hi all, need info and help.
    Because anti virus block port 21 for ftp, causing the scanner cannot use ,can we change to port like port 25 or other?

    Thank you ina dvance.

    ports are assigned to certain things with a piece of hardware: port 21 is assigned to FTP
    port 25 is assigned to SMTP (Mail)
    pop3 on 110 (mail)

    and so on, what you can try is to give specific information on your firewall to allow connections from an assigned IP Addess or addresses. or maybe depending on the firewall pgm you are using you can give permission to the program wanting to use the port.

    List of TCP and UDP port numbers - Wikipedia, the free encyclopedia

    if you reassign a port make sure it does not conflict with something else, or stop another service from running

    Linuxxpwin

    Linuxxpwin

    Comment

    • TheOwl
      Service Manager

      Site Contributor
      1,000+ Posts
      • Nov 2008
      • 1733

      #3
      Re: Port 21

      Create an exception in the antivirus firewall.

      Antivirus patterns as such won't block ports, but the firewalls the are installed along side some AV software will.

      What AV are you using?

      Does the machine scan when the AV is disabled?

      Linuxxpwin is spot on the money in that certain ports are assigned to certain protocols. Port 25 that you thought about changing the FTP service to is assigned to SMTP (Outbound email or Simple Mail Transfer Protocol) and would cause issues with that PC sending email.

      Fix the problem, don't create messy work arounds.
      Please don't ask me for firmware or service manuals as refusal often offends.

      Comment

      • Peter Sim
        Trusted Tech

        250+ Posts
        • Sep 2008
        • 440

        #4
        Re: Port 21

        Thank you and sorry for the late reply.
        Need to make some correction on this issue.Is not AV problem,is the port problem.
        The IT guy from the factory say that the two port 20 and 21 got the virus issue.So yesterday they totaly close down the two port causing the scanner cannot scan.And they push back the issue to us and wanted us to reassign another port for them.
        I need help and your expertise to guide me.
        1)Can we change the port ?
        2)Ask them to assign another port number?
        3)Where we can change the port?From sharpdesk destination control?
        Thank you .

        Comment

        • ZOOTECH
          Senior member of CRS

          Site Contributor
          2,500+ Posts
          • Jul 2007
          • 3381

          #5
          Re: Port 21

          Originally posted by Peter Sim
          Thank you and sorry for the late reply.
          Need to make some correction on this issue.Is not AV problem,is the port problem.
          The IT guy from the factory say that the two port 20 and 21 got the virus issue.So yesterday they totaly close down the two port causing the scanner cannot scan.And they push back the issue to us and wanted us to reassign another port for them.
          I need help and your expertise to guide me.
          1)Can we change the port ?
          2)Ask them to assign another port number?
          3)Where we can change the port?From sharpdesk destination control?
          Thank you .
          Use port #4687 - change it in the Network Scanner Tool tab for System Options.
          "You can't trust your eyes, if your mind is out of focus" --

          Comment

          • TheOwl
            Service Manager

            Site Contributor
            1,000+ Posts
            • Nov 2008
            • 1733

            #6
            Re: Port 21

            Just let the IT guys know that by shutting down port 21 and opening another port is NOT going to solve the problem of viruses. It's kind of like drilling a hole in a bucket, saying there is water come out of that now, patching the hole up and then drilling another one right next to it.

            If they are that worries about port 21, create an exception that says traffic on port 21 can only come from this IP address and use the IP address of the copier.

            I myself am an IT person and I use FTP on its assigned port of 21 all the time. If I were to get a virus through on that port, then I would look at tightening the security around that port.
            Please don't ask me for firmware or service manuals as refusal often offends.

            Comment

            • Peter Sim
              Trusted Tech

              250+ Posts
              • Sep 2008
              • 440

              #7
              Re: Port 21

              Originally posted by TheOwl
              Just let the IT guys know that by shutting down port 21 and opening another port is NOT going to solve the problem of viruses. It's kind of like drilling a hole in a bucket, saying there is water come out of that now, patching the hole up and then drilling another one right next to it.

              If they are that worries about port 21, create an exception that says traffic on port 21 can only come from this IP address and use the IP address of the copier.

              I myself am an IT person and I use FTP on its assigned port of 21 all the time. If I were to get a virus through on that port, then I would look at tightening the security around that port.
              Thank you again for your reply,i will try to talk to the IT guy,because we have 20 unit of ar-m350/450 on the plant,and hope that he will listen to our advice.
              Other than this, can we use scan to email option on this machine?

              Comment

              • Peter Sim
                Trusted Tech

                250+ Posts
                • Sep 2008
                • 440

                #8
                Re: Port 21

                Originally posted by ZOOTECH
                Use port #4687 - change it in the Network Scanner Tool tab for System Options.
                I need to change the port to higher than #4687?

                Comment

                • ZOOTECH
                  Senior member of CRS

                  Site Contributor
                  2,500+ Posts
                  • Jul 2007
                  • 3381

                  #9
                  Re: Port 21

                  Originally posted by Peter Sim
                  I need to change the port to higher than #4687?
                  Just follow Owls recommendation above.
                  "You can't trust your eyes, if your mind is out of focus" --

                  Comment

                  • linuxxpwin
                    Trusted Tech
                    • May 2008
                    • 205

                    #10
                    Re: Port 21

                    As an IT Professional I have to agree with my colleagues above about the port settings, using a different port will not solve the problem as the initial problem is still there and would now allow any other ports to get infected, best practice would be to direct particular addresses to be received by the ports only.

                    example port 25 being smtp port can be set to only receive emails from a certain IP Address or addresses only say anti spam software.

                    as with my other colleagues I would say assign only specific traffic from certain addresses only.

                    Linuxxpwin

                    Comment

                    • Hansoon
                      Field Supervisor

                      Site Contributor
                      2,500+ Posts
                      • Sep 2007
                      • 3314

                      #11
                      Re: Port 21

                      example port 25 being smtp port can be set to only receive emails from a certain IP Address
                      Sorry for the stupid asking from a copier tech trying to understand IT: Where to find those settings?



                      Hans
                      " Sent from my Intel 80286 using MS-DOS 2.0 "

                      Comment

                      • TheOwl
                        Service Manager

                        Site Contributor
                        1,000+ Posts
                        • Nov 2008
                        • 1733

                        #12
                        Re: Port 21

                        Hansoon,

                        It completely depends on the software as how you would go about making an exception. Normally if I don't know the the software, a quick Google search normally fixes my issue. Say you are you using SEP (Symantec Endpoint Protection), I would search for:

                        Firewall exception Symantec Endpoint Protection vX

                        For SMTP, there are also other things that can contribute to to filtering out traffic on port 25 such as the email server like Exchange 2007 and 2010 does straight out of the box. With those versions of Exchange, everything has to be authenticated and secured with TLS unless you say other wise. It won't even accept email from outside domains coming in until you tell it as well.
                        Please don't ask me for firmware or service manuals as refusal often offends.

                        Comment

                        • Hansoon
                          Field Supervisor

                          Site Contributor
                          2,500+ Posts
                          • Sep 2007
                          • 3314

                          #13
                          Re: Port 21

                          Thanks Owl.

                          Hans
                          " Sent from my Intel 80286 using MS-DOS 2.0 "

                          Comment

                          • linuxxpwin
                            Trusted Tech
                            • May 2008
                            • 205

                            #14
                            Re: Port 21

                            ok, does your network carries a firewall router, in which your entire network connect through? including your network copier/printers. rule exception and tightening is done mostly at those locations, if you are using print servers to control your machines.if so then direct your firewall to the server server to printer/s or ask your network administrator for assistance in configuration.

                            it is pretty easy once you have the info needed.

                            you can tell your firewall only to receive connections on port 21 or maybe you need a better virus pgm, in my case I have a print server build from Linux where all printing from the windows network passes through on assigned ports only and to receive from internal TCPIP ports and not from every where.

                            All traffic flows from network to windows server then to Linux print server with Spam filter then once verified is send to printer.

                            This sounds like a lot of work. But remember this is my setup.

                            Look at yours and see what you can change..

                            Linuxxpwin

                            Comment

                            • Ceechtay
                              Trusted Tech

                              Site Contributor
                              100+ Posts
                              • Sep 2011
                              • 157

                              #15
                              Re: Port 21

                              Originally posted by Peter Sim
                              Thank you and sorry for the late reply.
                              Need to make some correction on this issue.Is not AV problem,is the port problem.
                              The IT guy from the factory say that the two port 20 and 21 got the virus issue.So yesterday they totaly close down the two port causing the scanner cannot scan.And they push back the issue to us and wanted us to reassign another port for them.
                              I need help and your expertise to guide me.
                              1)Can we change the port ?
                              2)Ask them to assign another port number?
                              3)Where we can change the port?From sharpdesk destination control?
                              Thank you .
                              It may help to know what model copier that you are using and what method are you using to transmit scans.

                              From your initial post, it would appear that you are doing "scan to FTP" destinations, but in this quoted message, it appears you may be using SharpDesk (which is basically FTP also). If you are using SharpDesk, the default is port 4687, which can be changed on the System Options tab when you open up the Network Scanner Tool. You can also verify that any updated profiles have the new port by looking at the destinations in the Address Book on the copier's webpage.

                              If you are using FTP destinations (instead of Desktop destinations, which are for Sharpdesk), you cannot specify the port (as far as I know). It uses port 21 by default. If this is the case, then you would need their IT staff to open up those ports in the firewall for only the IP addresses of the copiers.

                              If you are using Sharpdesk, the problem could be that even though you are using the default port (4687), their IT staff stopped all FTP traffic on all ports. If that is the case, you could have them open up FTP traffic for port 4687 to enable Sharpdesk to work.

                              Good luck!

                              Comment

                              Working...