I have one of my Raspberry Shakes in my office at work. I just got an email from our campus IT, who is concerned that it appears to have an open FTP port. Is there a way I can turn off/disable this port, and will that have any adverse effects on the functionality?
Thank you.
Hello Chris,
This is the list of all the ports that the Shake can be related to: Firewall issues? — Instructions on Setting Up Your Raspberry Shake
Could you ask the campus IT to pinpoint which port is the one they have detected? The first four are essential for the unit, so if you close them, it will not work and/or transmit data anymore (depending on which port it is).
My guess is that they are running a network security tool which looks for problematic open ports on every machine on their networks. In general, FTP is regarded as “problematic”.
R-Shake is using vsFTP, which, if correctly configured, is much more secure than more traditional FTP servers, but network security generally dislike any FTP servers, and so question any instance of an open port 21.
vsFTPd is running within a docker container, so it’s not obvious how it is configured or what is is used for?
If it’s not essential, it looks like it could be blocked using iptables:
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10100
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10099
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10098
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10097
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10096
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10095
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10094
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10093
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10092
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10091
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:10090
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:http
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:ftp
ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:18006
ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:18002
ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:18000
ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:16032
You may be interested in this similar discussion around what I found for FTP. Securing the Raspberry Shake and reducing the power consumption - #10 by BlackDiamond
It’s always safer to stop using it than to block it. It saves resources. It’s hard to use FTP these days, and it’s better to use scp.
1 Like