I've recently been struck with a couple of trojans, and my research indicates that I need to close Port 80 on the router listed in the subject line above. Can somebody give me a step by step on how to do that?
Thanks!
If he close port 80 as a destination port WAN-to-LAN, browsing will still work because it is the destination port LAN-to-WAN.
snipped-for-privacy@mchsi.com wrote in news:1115161185.331163.45660 @o13g2000cwo.googlegroups.com:
Port 80 on the router is closed by default. The port is open if you port forward 80 to an LAN IP/machine by setting a rule to do so for instance if you had a Web server listening on port 80 and you wanted people to make contact with the Web server exposed to the public. Other than that, if a program running on a machine makes solicitation to a remote IP on the Internet from behind the router, then the router is going to allow inbound traffic back in on the appropriate port or ports(s) to the LAN IP/machine.
In other words, if you have a Trojan running on the machine that is making contact with a remote IP, you need to find it on the machine remove it. In addition to that, if you were able to close out port 80, your browser would not work anymore.
You can use Active Ports and Process Explorer (free) and go find the exploits on the machine in question.
Ken wrote in news: snipped-for-privacy@4ax.com:
You're probably right for something with a FW. I don't know I have never tried to do it. I'll have to experiment with this. But just eyeballing the Belkin wireless NAT router at a site, it doesn't look that it can set those kind of rules.
Duane :)
On Tue, 03 May 2005 20:00:04 -0700, Ken spoketh
All incoming ports (including port 80) are closed by the vast majority of NAT routers by default (I don't know of any that doesn't). The OP doesn't indicate if he has a problem with incoming port 80 or outgoing port 80. Obviously, blocking outbound port 80 will prevent web browsing.
Lars M. Hansen
Thanks for the replies, I'm afraid I'm still a little befuddled. I've run ShieldsUp, and it says that all of my ports are stealth except port
80, so my (probably flawed) understanding is that I need to close inbound port 80.I did find several reviews of this router that state one of their complaints as "the only way to close port 80 is to redirect it to a fake IP address." I don't know how to do that-- is it perhaps done on the "Virtual Server" page? I see on that page blanks to fill in for public port, private port, and private IP. So, would I put 80 in the public and private port blanks, then a fake IP in the private IP box?
Thanks!
Okay, I tried what I mentioned above (entering a fake IP address on the Virtual Server page) and it appears to work-- ShieldsUp reports that all ports are stealth now.
The only part of the ShieldsUp test that failed was a ping test. To quote the report: "Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers."
Any hints as to how I would configure my router to fix this?
Thanks!
snipped-for-privacy@mchsi.com wrote in news:1115233025.676235.154930 @g14g2000cwa.googlegroups.com:
Your machines are setting behind a router. There are already stealthed. The notion of stealth is crap and Gibson non-sense. One didn't get the proper response back from the FW tells one that you're there.
Duane :)
snipped-for-privacy@mchsi.com wrote in news:1115220952.810356.7930 @z14g2000cwz.googlegroups.com:
I would find some other testing sites other than Gibson and run the test again without the redirect of port 80 to a dummy IP and see what the results are that come back. Sygate and Norton have testing sites and there are others besides Gibson.
Duane :)
test again without the redirect of port 80 to a dummy IP and see what the results are that come back.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.