We have a number of Azure Public IP Addresses which, when scanned from the internet, show open ports. This would be expected if the host / service / NIC the IP address is bound to has open ports (and networking such as FWs or NSGs allow it).
The confusing part is no interfaces (or their services / NIC ) are configured to expose ports yet the following ports are open (sometimes not all):
- 21
- 554
- 1720
- 1723
- 5060
I have tried scanning from Azure, other cloud providers, 5G and home internet with the same results.
Can anyone explain this to me?
Check if any Azure resources are configured to allow traffic on these ports in NSG associated with the resources. It is expected that when NIC associated with an Azure Public IP Address, a scan of the Ip address has open from the internet will reveal the open ports.
If still it was open, you need to modify the NSGs to block traffic on these ports.
Another possibility is that the IP addresses were previously used by other Azure resources that had open ports on these ports, and the ports are still open due to caching or other reasons.