I mean blocking, sorry. Here's what someone posted in this group recently and I thought I would take their advice. Is it not good advice?
"As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and
445 on *any* SOHO Router."
Look up port forwarding.
Stealth as per Shields Up
I went here
How is it that you blocked ports that were already closed by default and will only open to inbound traffic due to a solicitation for inbound traffic from remote site, because some application running on a machine behind the router sent outbound traffic to the site or you port forwarded the ports opening them, even if you sent them to a dummy IP?
May I ask what ports are you talking about?
Duane :)
Yes, I forwarded them to a dummy IP. Is that not how to do it? If it's not then someone please enlighten me.
These ports. This is what someelse posted here and I'm just following their advice.
"As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and
445 on *any* SOHO Router."Praxiteles Democritus wrote in news: snipped-for-privacy@4ax.com:
It's not a bad idea I do it myself on the appliance that I use, which can also stop traffic outbound on those ports, which are being used for Windows Networking in a LAN situation behind the router and the ports should not allow inbound or outbound on a router or FW appliance.
It's not a ba
That is how you do it.
Ah, OK. This just _is_ nonsense ;-)
Yours, VB.
I think, this is not meant for masquerading/NAT setups.
You can filter any packages away, which are intended for those ports. This is not harmful.
But, usually with masquerading and filtering anything away on the outside interface, which seems to be coming from inside, is enough.
I don't know any NAT device, which can be tricked to route TCP sockets to the SMB ports from outside.
Anyone else?
Yours, VB.
Go to a friend's house (or try it from work/school if you think you can get away with it) and use any connectivity tool to try to connect to your system - and while doing so, use a packet sniffer like Ethereal, sniffit, or tcpdump. Poke one of the ports you know is "stealthed", and you should see no response. Poke some random port number between 1030 and 65530 and see that you also get no response back. Then poke the port that you have forwarded to the dummy IP. You should see an ICMP Type 3 Code 1 response - but pay attention to the address that is replying. In most cases, this will be your address - the one that you wish to be stealthed. So, here we have a "Host does not exist" packet, coming from the host that doesn't exist. Yeah, nobody would _ever_ notice that.
Most people who use "stealth" don't have any understanding of what is happening at the packet level, and thus make glaring errors that show this. Stealth itself is one of those errors, as anyone who actually understood how traceroute (or windoze broken 'TRACERT') works would be able to tell.
So, by just blocking those six TCP and six UDP ports, everything is fine, and you can ignore the other 65529 ports of each type - and the other 130 odd other valid protocols, like BGP, or IPv6 (and the other 120 odd that haven't been assigned).
Old guy
Thanks.
Ok, thx. I followed that link and now I only have port 135 listening in the list of ports that should be closed. I also have port 1025 listening. What's that port used for?
Praxiteles Democritus wrote in news: snipped-for-privacy@4ax.com:
Which operating system do you have?
With Windows XP, you can find out that with:
netstat -ano
With Linux or UNIX, perhaps you can have a lsof command like:
lsof -i
Yours, VB.
XP
It just says PID 1428. What's that mean? Using a port monitor it is tied to alg.exe.
Thx, but that didn't help. It said it is network blackjack, which I don't have. Using a port monitor I see it is alg.exe which is the XP firewall.
Praxiteles Democritus wrote in news: snipped-for-privacy@4ax.com:
Some ports have a dedicated usage like port 80 HTTP traffic. The low ports numbers below 1024 have such designations and agreed upon usage that are the standards. The high ports above 1024 can be used by any program for whatever purpose that program has communication with another program. Some ports high ports kind of a dedicated usage like MS SQL Server uses port
1434 and that is the known application that uses that port , but if SQL Server is not running on the machine, then another program can use the port 1434 and do whatever it wants. It's just a standard that everyone uses when writing programs that communicate with other programs through ports. However, a programmer can write a program to use any port number for the most part as there is nothing to stop them from doing it particularly on the high ports. The ports list us just a guide line and shows an application that could be using the portAnd PID stands for Process ID the ID that is assigned by the O/S to a given process/task that's running so that it can be identified.
Duane :)
It's the process ID of the process, which opens this socket. You can find out which process this is either with the tasklist command or with the task- manager.
This is part of the Windows firewall. Let it be.
Yours, VB.
On UNIX systems, from where this standard is coming, only processes with UID 0 can open sockets with port numbers < 1024. This is for security purposes.
Unfortunately, with Windows there is no such thing[tm] ;-)
Yours, VB.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.