Digi wr router listening on random high tcp ports by default

I have just installed a digi wr11 router using the default configuration and found that on the internal interface on the device is listening on 26 different ports. Seems strange to me that this is default beheiviour, I would only expect to see the device listening on ports that are required for management e.g. 22 and 443.

I haven’t had a look at the config yet but if anyone can tell me an easy way to dissable them from listening that would be appreciated.

Below is the list of listening ports:

Port: 22, eventTime: 12.0 ms, services: ssh The Secure Shell (SSH) Protocol
Port: 80, eventTime: 40.0 ms, services: http World Wide Web HTTP, www World Wide Web HTTP, www-http World Wide Web HTTP
Port: 443, eventTime: 10.0 ms, services: https http protocol over TLS/SSL
Port: 12000, eventTime: 15.0 ms, services: entextxid IBM Enterprise Extender SNA XID Exchange
Port: 12001, eventTime: 24.0 ms, services: entextnetwk IBM Enterprise Extender SNA COS Network Priority
Port: 12002, eventTime: 2.0 ms, services: entexthigh IBM Enterprise Extender SNA COS High Priority
Port: 12003, eventTime: 9.0 ms, services: entextmed IBM Enterprise Extender SNA COS Medium Priority
Port: 12004, eventTime: 2.0 ms, services: entextlow IBM Enterprise Extender SNA COS Low Priority
Port: 12005, eventTime: 3.0 ms, services: dbisamserver1 DBISAM Database Server - Regular
Port: 12006, eventTime: 2.0 ms, services: dbisamserver2 DBISAM Database Server - Admin
Port: 12007, eventTime: 6.0 ms, services: accuracer Accuracer Database System Server
Port: 12008, eventTime: 2.0 ms, services: accuracer-dbms Accuracer Database System Admin
Port: 12009, eventTime: 3.0 ms, services: Reserved
Port: 8022, eventTime: 6.0 ms, services: oa-system oa-system
Port: 8080, eventTime: 14.0 ms, services: http-alt HTTP Alternate (see port 80)
Port: 4000, eventTime: 2.0 ms, services: terabase Terabase
Port: 4001, eventTime: 24.0 ms, services: newoak NewOak
Port: 4002, eventTime: 2.0 ms, services: pxc-spvr-ft pxc-spvr-ft
Port: 4003, eventTime: 4.0 ms, services: pxc-splr-ft pxc-splr-ft
Port: 4004, eventTime: 3.0 ms, services: pxc-roid pxc-roid
Port: 4005, eventTime: 2.0 ms, services: pxc-pin pxc-pin
Port: 4006, eventTime: 2.0 ms, services: pxc-spvr pxc-spvr
Port: 4007, eventTime: 8.0 ms, services: pxc-splr pxc-splr
Port: 4008, eventTime: 4.0 ms, services: netcheque NetCheque accounting
Port: 4009, eventTime: 3.0 ms, services: chimera-hwm Chimera HWM
Port: 8443, eventTime: 8.0 ms, services: pcsync-https PCsync HTTPS
Scanned: 65000, found: 26, eventTime: 335916 ms

There is one way to stop all inbound connections
switch on the firewall on PPP interface

after you have reviewed the firewall rules.

this would be the preferred method as you have more control over what is entering the router from the wan interface