A friend has recently acquired a Netgear DG834 router. He informs me that the Sygate firewall test shows port 80 is open, even though he has made no configuration changes and the default incoming "block all" rule is the only one present. All I have managed to find out by Googling is a suggestion that Netgear routers normally leave ports 80 and 21 open by default. If that is the case, I would have thought I would have found people wanting to close these ports, because surely there is no need to have port 80 open unless you want to allow external access to a web server on your computer? I downloaded a PDF manual for the router, and nothing in there suggests that any ports are open by default.
Do DG834 routers normally leave port 80 open, and if so, is it possible to close it?
look up the topic of "port forwarding" in the manual. It really should be clear there which ports are forwarded. How to add/delete a "port forwarding entry". You want to delete the entry that forwards port 80 (if there is one).
Then why do many people say that it's better for all ports to be not just closed but stealthed? An open port, even without a server listening, is telling the world that there is a system there that is potentially attackable. When I try these test sites from my own system, which has an SMC router / firewall, nothing at all is detected.
I'll suggest that he tries that.
Why would you need to allow LAN access from the internet?
ok. There are a few possible tessts you can do. Thes are alternatives/contain alternatives
I've never posted this - and it's a lot, and i'm no expert on security. There are questions of security .. But these tests work for me.. I suggest waiting for other responses , incase others have a better idea. Or anything to add or improtant point to make.
Test 1 is totally safe.
Test 2 has some questions, but is slightly better. And is sort of more conclusive than test 1 . As it's possible that after test1, we are still inconclusive, and need test2. Whereas test2 can stand alone under all possibilities.
An objections to test2 might be - find a more secure server there are others that are easy and quick to set up!! and possibly an answer to a safe way to set up a server that isn't too paranoid. Is Disconnecting from the internet. Setting the firewall. Reconnecting. Too paranoid? causing too much hassle. I think it's reasonable. Not sure if blocking everything except the port scanner is over paranoid. But if it's not too much hassle, I think it's reasonable. Is it TOO unsafe if for 5min you have a server running and open to everybody.? (I never had any problems doing that. But at the same time, I don't do online banking or run a business from this computer or anything like that).
Anyhow, here we go
Test1 With this one, you needn't instal any extra servers.
1 Using (whichever host firewall) either the ZA FW. Or the Windows FW. (Only have 1 FW on - you almost certainly do anyway since 'personal firewalls' I tried turn the windows firewall off).
2 Make an exception for port 80. An Alternative to 1 and 2, is to turn the host firewall off completely. That is less safe, though should be ok if you have no servers, - no standard windows servers like 'file and printer sharing' or netbios I suppose there'll be RPC- port 135 . But your router will block all the ports anyway. So it's not *that* unsafe.
3 Go to an online port scanner like grc.com "Shields up" (Much of his information is a con. But his port scanner works).
4 scan some arbitrary ports. port 61 port 32 Does it say Stealth ? Or does it say Closed? (Don't think that one is more secure than another, that is Gibson's propaganda. But this is a useful test) noet that result. It will be teh same for port 61 and 32 or 91 or any arbitrary one.
5 Scan port 80. Does it say stealth, or does it say closed?
if 4)stealth 5)closed It means port 80 is open.
if 4)closed 5)stealth it means you did steps 1-2 wrong.
if 4)closed 5)closed It means we don't know. So do Test2 (which is an alternative to Test 1)
Test 2 A very smiple test. The only thing I question, is how to do it safely and without paranoia(perhaps you don't want to be TOO safe. It can get philosophical)..
Or in a way that is safe at a level that other posters here agree!
Like test1's Step 1,2 and alternative. Involves either makign an exception for port 80 in your firewall. Or turning your firewall off. You have a NAT Router so turning it off isn't so unsafe.
Run a server on port 80. , do a scan on port 80, if it says open then the router's port is open.
Regarding running a server.. A paranoidly insanely safe way of doing this might be to get the program(it should be some reliably secure against exploits server), disconnect from the internet, run the server, set the firewall(to only allow the ip/ips of the port scanner), then reconnect to the internet. Though you'll only have the server running for 5 minutes anyway
Some windows servers that are quick to set up , are Quick n Easy FTP. And BPFTP. And BRS WebWeaver Though they may not be that secure.against exploits. So maybe there are more appropriate ones
But in this test, i'd set up one of those, on port 80 (not port 21)
And you could set the firewall to only allow the ip of the port scanner (for gibson I think it's 4.79.x.y ). Or you could just let anybody connect. It's only up for 5 minutes or 10 seconds anyway.
do a web scan e.g. using grc, of port 80 If it says "open" then the port on your router is forwarded. (Test concludes that port 80 is open on the router) if it says closed or stealth. Then test concludes you're ok. Assuming you set up the server on port 80. But, to make sure you did that correctly, check that the server is actually running.. do netstat -aon (at the cmd prompt) and look for 0.0.0.0:80 once the server starts.
turn the server off. firewall back on, remove any exception for (incoming) port 80
yea, I'm configd that way too. It's like a burgler going around testing the locks on all the external doors/windows -- the issue is not which one is locked, but are they ALL secured.
poor choice of wording. the perimeter firewall/router should ALWAYS deny ports 135-139,445. The internal LAN systems will need these (specifically MS Windoz) for various reasons, including file/print sharing. SAMBA also uses 139/445
Because they have no clue what they are talking about?
There is no open port without a server listening. A port is open if and only if a server is listening there. Certainly there are some broken tools out there that will show a port open even if it is not.
I doubt this. I would assume the test shows all ports stealthed. Which in turn leaves no doubt that there is a system trying to hide.
This should be standard - at least on the WAN interface.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.