List of Tablo Network Ports

I can’t seem to find a definitive list of network ports used by the Tablo and their purpose. Does a list already exist?

My scan of the Tablo produces…

  • 23 = Telnet
  • 80 = HTTP
  • 443 = HTTPS
  • 5201 = Iperf3
  • 8885 = ?
  • 8887 = ?
  • 9443 = ?
  • 18080 = ?

Can anyone tell me what all the ports are used for? Are there other ports?

This information would be helpful for troubleshooting.

You might have to contact Tablo Support directly via a Support Ticket for this.

23 = Telnet - stock telnet serce

  • 80 = HTTP - HTTP lighthttpd/1.4.41
  • 443 = HTTPS - Not dug at this much but also lighthttp server
    5201 = Iperf3 server
  • 8885 = http (not a complete server) used by my.tablotv.com to download lists etc
  • 8887 = WAMP web socket access to api
  • 9443 = Mirror of 443
  • 18080 = pvr access via /pvr/ This port does allow directory listing and traversal.

UDP port 8881 is the discovery port.

1 Like

LOL
Response from port 8885 is:
Hello, World!

1 Like

Should we be concerned in this day and age that the Tablo has a telnet connection? Why does it not use SSH?

Is there an option to turn off HTTP port, in favor of HTTPS?

Unless you are John Podesta or Hillary Clinton, I wouldn’t be too concerned about Putin hacking into your tablo and watching 50 year old episodes of Bat Man.

I’m more worried about the real threat of botnets or other malware.

Consumers have bought millions of Roku’s, Apple TV’s, Fire Tv’s, routers, power link adapters, etc. Many times they try to save a few dollars by purchasing products designed, programmed, and manufactured by Chinese companies. Some of which may be partially owned by the communist party or military. With all of these millions of devices it’s hard to believe script kiddies are targeting a product with such a small customer base. The electronics in the modern car or thermostat would be a better target.

Same on 8887 and just a GET / ( no HTTP/x.x needed) gives the same response.

Too bad you would be wrong. Script kiddies don’t target anything specific. They go against anything they can find. Origin and popularity of the product are not relevant. If they find it in a network scan, they throw their scripts at it and see what sticks.

That said, I’m not worried about port 23 because I explicitly block it on my home firewall both in and out. You would have to be hacking from inside my network to get at that port. At that point I have bigger problems than you messing with my PVR.

I agree. But having been in IT since forever, one strange thing is that the number of attacks has actually decreased. It used to be that the time from new IP to first attack was hours, then it went down to minutes… and now it’s back up to a longer period of time again. Perhaps it’s not as “interesting” as it once was? Just an observation.

8887 is the port used by the Tablo web interface (it’s http, so you can run a sniffer and see what it’s doing).

18080 exists for 3rd party apps (used by the Plex app I’m told). Also used by my own script to pull down video files for offline storage. try http://your_tablo_ip:18080/pvr/ with a web browser.

There a number of sites that consistently probe ports. CERT knows of these. One being a Chinese “university”. The number and sophistication of attacks on commercial sites in the U.S. use to increase at the holiday season, especially Christmas, because a lot of workers are on holiday and out of town. In India at various important holidays.

Or they have continued to increase but now we are unable to detect them. :anguished:

Scary thought and I’d like to say “Ahem, no!” But with all the vendors building ring zero things and other backdoors into our systems, I guess you never know anymore.

While the TCP header may be purposely constructed with spoofed and illegal field combinations, it would be pretty hard for a packet to transverse it’s way through all the various routers without one. So they are probably visible.

A more simple and fun thing to do is violate the TCP/IP protocol.

interesting my EtherPeek scan is catching port 21140 on live tv. gonna review my capture in full if I have time this week