Azure Public IPs open ports across tenancy

Question

We have a number of Azure Public IP Addresses which, when scanned from the internet, show open ports. This would be expected if the host / service / NIC the IP address is bound to has open ports (and networking such as FWs or NSGs allow it).

The confusing part is no interfaces (or their services / NIC ) are configured to expose ports yet the following ports are open (sometimes not all):

• 21
• 554
• 1720
• 1723
• 5060

I have tried scanning from Azure, other cloud providers, 5G and home internet with the same results.

Can anyone explain this to me?

Answer 1

As per MsDoc Azure uses the public IP assigned to the IP configuration of the instance's NIC for all outbound flows. The instance has all ephemeral ports available. It doesn't matter whether the VM is load balanced or not. This scenario takes precedence over the others.

Check if any Azure resources are configured to allow traffic on these ports in NSG associated with the resources. It is expected that when NIC associated with an Azure Public IP Address, a scan of the Ip address has open from the internet will reveal the open ports.

If still it was open, you need to modify the NSGs to block traffic on these ports.

Another possibility is that the IP addresses were previously used by other Azure resources that had open ports on these ports, and the ports are still open due to caching or other reasons.