chascent
join:2005-01-17
182501 |  Port 0 and 1 Shows Closed not stealth Please helo
Is this a reason for concern, all ports show stealth except Port 0 and 1. How do I stealth these on my Dlink router????
Chrlie C |
|
TearAbite
join:2001-07-25
Rancho Cucamonga, CA
1 edit | i dont think i would lose any sleep over it. I would stress more over ensuring that my OS is secure. |
|
Dude111
An Awesome Dude
Premium
join:2003-08-04
USA | reply to chascent
Cant you make ALL PORTS stealth with your firewall??
I even have port 113 stealthed!!
Good luck bud! |
|
SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA | reply to chascent
A closed port is equally secure than a stealthed port.
What dlink router model do you have?
Why did you post this in the wireless security forum? What router interface (WAN, LAN, Wireless) did you test and how? |
|
jbibe
Premium,MVM
join:2001-02-22
| reply to chascent
I assume that you are referring to scan of the WAN port, that the scan shows all ports "stealth", except port 0 and port 1, and that port 0 and port 1 show closed.
As stated by SYNACK, closed is as secure as "stealth".
If showing closed is still a problem for you, try forwarding the two ports to the IP address on your LAN that is not being used by an existing computer. |
|
chascent
join:2005-01-17
182501 | For some reason it does not work. I tried this on a buffallo router that was showing 113 closed not stealth and it worked.
Any idea why on DIR-825 it will not work?
Charlie C |
|
Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
1 edit | reply to chascent
quote:
As stated by SYNACK, closed is as secure as "stealth".
I think a CLOSED port can be detected by a port probe AS A CLOSED PORT... A "Stealthed" port is not detected AT ALL.. (Which is safer) |
|
SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA
 ·Comcast Formerly ..
Host:
Networking
Virtual Private Ne..
Netgear
ZyXEL
| said by Dude111  :...(Which is safer) That's an old myth.  |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| said by SYNACK :said by Dude111 :...(Which is safer) That's an old myth. It is? How so?  |
|
SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA
·Comcast Formerly ..
Host:
Networking
Virtual Private Ne..
Netgear
ZyXEL
1 edit | Stealth has exactly one advantage:
It allows relatively clueless users to easily verify with online tools that the firewall software is actually enabled and running.
Here's an old discussion that might shed some light on your questions.
A very misguided effort for stealth (as suggested elsewhere) is the idea of forwarding a port to a nonexistent or stealthed machine or on the LAN. Since each probe will create a temporary entry in the NAT table of the router while the router tries to ARP or contact the nonexistent machine, it can lead to resource starvation on the router. This creates a vulnerability, because flooding that port can overload the router, knocking the entire LAN offline. What do you think is a more graceful handling of a stray packet arriving on the WAN side: (1) Having the router return a RST for a "closed" response, then going back to regular work? (2) triggering a flurry of local LAN and router activity, but resulting in a stealth response to the outside viewer? Though so!  |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| said by SYNACK :Stealth has exactly one advantage: It allows relatively clueless users to easily verify with online tools that the firewall software is actually enabled and running. Here's an old discussion that might shed some light on your questions.A very misguided effort for stealth (as suggested elsewhere) is the idea of forwarding a port to a nonexistent or stealthed machine or on the LAN. Since each probe will create a temporary entry in the NAT table of the router while the router tries to ARP or contact the nonexistent machine, it can lead to resource starvation on the router. This creates a vulnerability, because flooding that port can overload the router, knocking the entire LAN offline. What do you think is a more graceful handling of a stray packet arriving on the WAN side: (1) Having the router return a RST for a "closed" response, then going back to regular work? (2) triggering a flurry of local LAN and router activity, but resulting in a stealth response to the outside viewer? Though so! Interesting. So would having one or a few ports be any differences? I only have one port opened for SSH.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA
·Comcast Formerly ..
Host:
Networking
Virtual Private Ne..
Netgear
ZyXEL
| said by antdude : Interesting. So would having one or a few ports be any differences? I only have one port opened for SSH. As long as you forward to a real server you're fine. |
|
jbibe
Premium,MVM
join:2001-02-22
4 edits | reply to SYNACK
said by SYNACK :A very misguided effort for stealth (as suggested elsewhere) is the idea of forwarding a port to a nonexistent or stealthed machine or on the LAN. Since each probe will create a temporary entry in the NAT table of the router while the router tries to ARP or contact the nonexistent machine, it can lead to resource starvation on the router. This creates a vulnerability, because flooding that port can overload the router, knocking the entire LAN offline. Whether or not a person should use the technique depends on how important "stealth" is to the individual, and the probability of a particular port being scanned or flooded during normal operation. In the case of port 0 and port 1, I cannot remember if I have every seen a log entry showing a scan of these ports. It seems to me that the probability of the ports being scanned is essentially zero. Therefore, the probability of exceeding the limit of the NAT is very, very small.
Personally, I don't believe that having port 0 and port 1 show closed during a scan test is important -- the device is secure. |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| reply to SYNACK
said by SYNACK :said by antdude : Interesting. So would having one or a few ports be any differences? I only have one port opened for SSH. As long as you forward to a real server you're fine. Yeah, I do. I also use DenyHosts to block brute force attacks.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
chascent
join:2005-01-17
182501 | Can you run this thru the router?? |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| said by chascent :Can you run this thru the router?? Run what? DenyHosts? No. Linux/UNIX thing. |
|
