High Ports 8080 and 8443 Open – Just Double-Checking

Are you running a web server locally on the computer?

Why would you not want to run etrecheck to gather and post information that would help us diagnose your issue. We do not have access to your computer and the information you have provided is not sufficient to solve your perceived problem. The information collected and posted by etrecheck does not contain nor share sensitive or private information.

So, if those ports being "open" is of concern to you, then you will need to configure the router properly. It's possible they were open to provide a way to access the router's control panel under certain circumstances (e.g., if you have a dynamic DNS service). This can be a risk - but of course it also depends on whether you are using the router's default password, or have set your own (and its entropic strength).

Best of luck with your configuring.

Ports can be opened and apps started when accessed, and other ports can have apps already using the ports. (There’s a list of what gets automatically started stored in /etc/services.)

Please download and run (free) EtreCheck, and when the run completes share the report to the clipboard. Then open a new reply here, and press the additional-text button that looks like a printed page to get a text input box big enough to paste the hardware and software configuration report here, and paste and post that report here.

Ran a network scan with which tool, using what settings, and from where (local network, outside your network firewall)? Some of them make assumptions about post status based on flags coming back on packets in response to their scans that don't always mean what they think those flags mean - especially if the OS is being assumed because the tool can't fingerprint it.

BobTheFisherman wrote:

Are you running a web server locally on the computer?

Why would you not want to run etrecheck to gather and post information that would help us diagnose your issue. We do not have access to your computer and the information you have provided is not sufficient to solve your perceived problem. The information collected and posted by etrecheck does not contain nor share sensitive or private information.

Maybe the OP has had a problem with etrecheck - perhaps he/she could clarify?

Is your computer actually connected directly to your ISP's cable or fibre modem in an "advanced DMZ"? because if not, you are sitting behind a router (either the ISP Modem's router function, or your own router if the ISPis bridged). Those "open ports" would be on the router which receives traffic to your WAN IP, not your computer which is sitting behind Network Address Translation on a private address.

DavosCat wrote:

g_wolfman wrote:

Ran a network scan with which tool, using what settings, and from where (local network, outside your network firewall)? Some of them make assumptions about post status based on flags coming back on packets in response to their scans that don't always mean what they think those flags mean - especially if the OS is being assumed because the tool can't fingerprint it.

Thank you for your reply. The tool used was Linux NMAP. I asked a long-standing friend, located more than 200 miles away, to check that all is well here and then let me know. This is what he's said in response to your posting:-

"I really don't have the time for a full run down analysis for random posters in groups I'm not involved with mate... it was a basic quick scan on the fly before I'd even woken up and finished my coffee... I did two scans, one from my local machine and one using a vps via ssh for the very reasons stated by your poster... and I didn't even finish the probes before our conversation moved on!"

I am NOT running a web server (if "BobTheFisherman" is reading here!)

So to summarize the Mac snd network configuration details known so far, you “recently ran a local network scan” from 200 miles using an as-yet-unknown nmap commands and unknown results performed by somebody else, are apparently either directly connected to a publicly-routable IP address or have a VPN server running somewhere or have port-forwarding open to the Mac, and have at least two anti-malware apps running on the Mac.

Depending on the nmap commands used and Mac and gateway / firewall / router/ NAT box configuration details (if there is such a gateway box installed here), nmap may not be reporting accurately. I’m not entirely certain the Mac was scanned, and not the gateway box, for instance. Or that the gateway box was not otherwise injecting itself, as some do.

And while this is and remains entirely your choice, you are unwilling to post Mac configuration details, meaning we are left to guess and ask questions about that, and about the local network setup. Which is inefficient, at best.

And more generally, it seems your friend is apparently either not familiar with macOS support, or is not in a position to assist with macOS support. That as you could potentially provide the configuration report or related details to them, or open up ssh access.

TL;DR: This question is shaping up to be a bit of a project itself.

And why is that?