d-link DI-604

At GRC.com, Steve Gibson mentions how to stealth and/or discard packets sent to port113, does anyone know how to do this on this particular router. Thanks for your time.

Reply to
Antioch
Loading thread data ...

I don't have specific, step-by-step instructions, but the general idea is to forward that port to a non-used IP address in the DMZ.

Reply to
dak

"Antioch" wrote in news: snipped-for-privacy@rogers.com:

You can port forward 113 to a dummy IP in the DMZ of the router to pass the test for what a stealth test is worth. You can also install a personal firewall on the computer that will allow you to pass the stealth test too I would think.

You should do that and install a free PFW solution on the computer just for kicks to see if that will allow you to pass the stealth test.

The port is *closed* is all that counts You should try some other testing sites.

Duane :)

Reply to
Duane Arnold

Reply to
Cyber Surfer

Duane,

This is true...but...if you are scanning a network, to practice your break-in skills, why sent a signal back to people looking to prove a malicious point to their buddies. This is like parking your car under a street light in the night. Why focus everybody's attention to your IP address? Why do you want to let people know you are at IP aaa.bbb.ccc.ddd?

It is best to send it to an IP address that you will never use. Or, you can get a Linksys router that is defaulted that way...

Reply to
Anonymous

"" wrote in news:%4wqd.61473$ snipped-for-privacy@fe2.columbus.rr.com:

Well, for one thing the machine is sitting behind a router although a NAT router is not 100% un-hackable. Secondly, hackers scan blocks of IP(s) looking for openings and a *closed* port is not on the list. So what that a response of *closed* and not available is being retuned. One running some Gibson test calling something stealth and the real world are two different things. If the port is *closed* it is *closed* and nothing is coming past it.

What Linksys router are you talking about that is defaulted in what way? I own a Linksys router that the only default I know about is that all the ports are closed. I use to do the port forwarding of 113 to a dummy IP in the DMZ and then I stopped doing it. Nothing ever came at port 113 or past it either. Just because the Gibson site came up with 113 was not

*stealth* doesn't mean anything. Stealth is overrated and FW solutions that are designed to not return a response are circumventing the rules from what I understand.

Duane :)

Reply to
Duane Arnold

The problem is that if a port is *closed*, it *will* send a signal back to a port scanner telling that there *is* a port there. That nothing is coming past it doesn't matter, because it discloses the *precense* of something on that IP address. If all ports and protocols are "stealth" (just dropping the packets), the black hats won't see the difference between that IP and one that's not in use, and will direct their attention elsewhere.

That said, the main good reason for making port 113 appear closed instead of dropping packets is to speed up outgoing email, which often is delayed from

5-30 seconds while the remote host waits for an ident reply.

Even better is to add a rule to the NAT firewall that when encountering an outgoing 25/tcp from X to Y, will create a short-lived rule routing incoming

113/tcp from Y to X. That way, the port will NOT answer to any hackers, but ident will work for email (if running identd), and not delay the mail sending. Similar for other fixed port protocols triggering reverse auth -- remote 6667/tcp is another good candidate. Setting up rules like the above can be done on most NAT routers. How to do it differs for different NAT routers, so I can't say how it's done on a Linksys. I've seen it being called "Special Applications" and "Triggered Rules", but again, the nomenclature might differ.
Reply to
Arthur Hagen

So what if there is a presence there? If one cannot come past the NAT router or FW that's protecting the port so what? The port is protected.

I could see this making some kind of sense if the home user's job with the machine was to send out a trillion emails.

All one has to do is port forward 113 to a dummy ip in the DMZ of the router and 113 is so called stealth. But I stopped doing it with the Linksys and don't do with the Watchguard either.

Duane :)

Reply to
Duane Arnold

When you know that the IP exists, you can concentrate on that address, and start listening to traffic to and from that IP, and do IP spoofing to camouflage your traffic as valid traffic to reach the inside. Or do a DoS attack -- just because packets get no reply doesn't mean they don't affect the recipient. If you don't know that there *is* a host on that IP, you skip it -- after all, most IP addresses are not in use at all.

If you believe that having a NAT router in front of your site makes you completely safe, you're sadly mistaken. It just means that more effort is needed -- and hopefully enough effort that it's not worth the bother, based on what you have behind it.

A 30 second wait is still annoying, and even more so when sending several emails in one go, like many of us do. And there's even services that won't let you connect at all without an ident reply.

That won't solve the problem, though -- it's just working around a workaround of the router. And it's also potentially unsafe, as you're letting unsolicited traffic into the LAN, even if nothing (currently) answers to it.

Reply to
Arthur Hagen

"Arthur Hagen" wrote in news:cofvgd$udq$ snipped-for-privacy@cauldron.broomstick.com:

I think they will do that if the traget is rich enough, like someone sitting there with Web services running or some kind of FTP site that's exposed to the public, which most home users that don't know what they are doing are attempting to do. Therefore, no one really has to go out of thier way to be doing anything to find a target.

I know all about the short comings of a NAT router and that's why I no longer use one.

I don't think many home users are concerned about some 30 second wait and most don't sit there sending enough emails at one time on a routine basis day after day that it would be a concern. I don't think they even know or care about it. That's just my humble opinion on that. Someone like you maybe, but let's face it, most don't.

It passed the worthless Gibson stealth test with the Linksys router at the time when I was into being *stealth* and I moved on - hint hint.

We can go on until the cows come home about stealth. I don't use it, don't go out of my way to esure it and don't respect it is the bottom line.

Duane :)

Reply to
Duane Arnold

Reply to
Antioch

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.