Port 1720 open on Zyxel modem

[Madoc Comadrin]

My modem is ZyXEL P-660HN-T1A, ADSL2+ with the latest firmware update installed.

When scanning my public IP from the outside using Nmap I found out that I have port 1720/TCP open. According Nmap service on it is H.323/Q.931. Researching uses of this port also brings up Microsoft Netmeeting.

Behind to modem/router I don't have anything that would have port 1720 port open. So it must be the router/modem device that is listening on that port.

I have researched my modem settings and the is nothing about this port being open. No port forwarding. All remote management from the WAN disabled. Telnet is disabled for both LAN and WAN.

Originally accessing http://my_public_ip:1720 opened html page. The port also allows telnet connections from the internet.

Connected to <my ip>
Escape character is '^]'
<giving any input>
Connection closed by foreign host.

I was able to prevent browsers accessing my ip by creating custom forwarding: All connections to port 1720 are forwarded to empty ip and port 9. But after this telnet connections to my modem from the internet are still possible.

How can have that port closed on my modem?

What is purpose of this port being open by default? Could it bug or maybe some kind of back door?

[Geek-9pm]

This is not a direct answer. Rather, it shows that a number of poets are left open for some purpose.
TCP/IP port numbers required to communicate to SQL over a firewall
Here is list of ports used by bad  people.
ports known to be used by malware, etc
The list is far from complete.

Perhaps they should make a law that the good people use even number ports ant the bad people use the odd ones. That would be so nice.

[Madoc Comadrin]

There are indeed many legitimate uses for the port 1720 but that should not be the case here because I don't have anything that would use that port.

To improve my security would really like to find a way to get this port closed for good.

[Geek-9pm]

There are a number of articles on Windows firewall.
Understanding Windows Firewall settings
You can block everything. If you want.

This setting blocks all unsolicited attempts to connect to your computer. Use this setting when you need maximum protection for your computer, such as when you connect to a public network in a hotel or airport, or when a computer worm is spreading over the Internet. With this setting, you aren't notified when Windows Firewall blocks programs, and programs in the list of allowed programs are ignored.

Also, many commercial firewall programs go into rather involved rules as to what to block and whet not.

[Madoc Comadrin]

I am aware of Windows firewall but it is not relevant is this case as the are no Windows devices in this network.
Nor is any device behind the router listening on the port 1720.
(I am happy with firewall settings on devices of internal network, what worries me if the fact that anyone from the internet could telnet to my router and possibly hack it.)

So it is about the router itself, not the internal network behind it.

[Madoc Comadrin]

After communicating with Zyxel customer support it seems there is no fix for this problem. (Other that discarding this risky modem permanently.)

Certainly going to buy my next modem from some other company.

[Geek-9pm]

Glad you found the problem.
More often the issue is trying to open a port. However, there are other posts elsewhere that describe the issue your have with the Zyxel modem.
However, it might not be the fault of Zyxel.

This port could be open for a few reasons. Do you have UPnP enabled on the router portion? If so, that means any capable device/computer can punch holes from your network to the outside world. This port is also left open by default by several ISPs so they can remote into the modem/router for maintenance and customer support. Port 1720 is also used by Voice Over IP. So if you have that service from your ISP, this could be the reason it is open as well.

From Google: Port 1720
Purpose: H.323 (Microsoft NetMeeting) call setup protocol. Description: Port 1720 is used by the H.323 teleconferencing protocol (most commonly encountered in Microsoft NetMeeting) during call setup negotiation.

[Madoc Comadrin]

Glad you found the problem.
More often the issue is trying to open a port. However, there are other posts elsewhere that describe the issue your have with the Zyxel modem.
However, it might not be the fault of Zyxel.From Google: Port 1720
Purpose: H.323 (Microsoft NetMeeting) call setup protocol. Description: Port 1720 is used by the H.323 teleconferencing protocol (most commonly encountered in Microsoft NetMeeting) during call setup negotiation.

Still I know what port 1720 and still I know that it has legitimate uses.

The problem is that I don't have anything that should or would be using that port.
(And even if I had services using that port they would not magically be able to open that port to the internert)

If a modem has ports open without giving the user anything to say on the matter then it is certainly fault of the manufacturer for making such a risky device.
So the blaime if Zyxel.