<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
This is a PS to my prior reply post about configuring the router, with
the subject of Shout Outs for good Wirless-N Router for Home. I
decided to give this a new subject.<br>
<br>
Once your system is set up to connect to the internet, you want to make
sure neither your modem, nor your router is exposing open ports to the
world that you don't intend. Following is an easy to use and very
popular port scanner that you can run from Steve Gibson's website.
It's harmless, but will scan the most commonly used ports on your
public address to see if any are open. If they are, you get a red
light on your screen for each open port number. If they're closed, but
still responding and saying "I'm not here" so to speak, you get a blue
light. If they are stealthed, meaning giving no response at all to the
port scanner, you get a green light. From a point of view of optimum
security, you want all stealth, or green lights. There are any number
of Linux utilities that you can use for this purpose as well, like
ZenMap. However, if you do too many port scans from your home IP, your
ISP may think you're a cracker. Also, port scanning your own public IP
from inside your home LAN may not work. This utility is easy to use,
comes from a third party, and is outside your LAN. Note, this will
test the outermost device (closest to the internet) on your public IP.
If your modem is responding to any querys, which it shouldn't unless
someone needs remote administration capabilities, which are a security
risk, that will show up in the results. Otherwise, you will be testing
your router.<br>
<br>
Before getting into usage, here is some data on CLOSED vs STEALTH ports
from Steve's website at <a class="moz-txt-link-freetext" href="https://www.grc.com/su/portstatusinfo.htm">https://www.grc.com/su/portstatusinfo.htm</a> .<br>
<br>
quote on --><br>
<br>
<font face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif" size="-1"
color="#000070">A "Stealth" port is one that completely ignores and
simply "drops" any incoming packets without telling the sender whether
the port is "Open" or "Closed" for business. When all of your system's
ports are stealth (and assuming that your personal firewall security
system doesn't make the mistake of "counter-probing" the prober), your
system will be completely opaque and invisible to the random scans
which continually sweep through the Internet.
<br>
<br>
...<br>
<br>
</font>
<p><font face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif"
size="-1" color="#000070">"Closed" is the best you can hope for
without a stealth firewall or NAT router in place. At least the port is
not "Open" for business and accepting connections from the probes which
are continually sweeping the Internet searching for exploitable
systems.
</font></p>
<p><font face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif"
size="-1" color="#000070">Anyone scanning past your IP address will
detect your PC, but "closed" ports will quickly refuse connection
attempts. Since it's much faster for a scanner to re-scan a machine
that's known to exist, the presence of your machine might be logged for
further scrutiny at a later time — for example, when a new operating
system vulnerability is discovered and before the potential for
exploitation has been repaired.
</font></p>
<p><font face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif"
size="-1" color="#000070">For this reason it is important for you to
stay current with updates from your operating system vendor since new
potential vulnerabilities are discovered frequently.
</font></p>
<-- end quote<br>
<br>
Here's how to us the ShieldsUp! service.<br>
<br>
Go to <a class="moz-txt-link-freetext" href="http://www.grc.com/">http://www.grc.com/</a><br>
Go to the services menu and click ShieldsUp!<br>
Review the information presented. Beware of using this on your company
internet connection. The IT staff may see what looks like an attack in
their log files.<br>
When you are ready, click the proceed button.<br>
<br>
Click the "File Sharing" button. The remote system will probe your
public IP. You should get a notice saying that your Port 139 does not
exist. This is good. It means your computer is not exposing file
sharing to the world.<br>
<br>
Click the "Common Ports" button. The remote system will probe a subset
of port numbers which commonly give problems. You should get a screen
that says TruStealth Analysis Passed. All ports should report as
stealth, with green color. The only exceptions should be ports that
you are intentionally exposing to the world. If you're not running any
servers from your public IP, there should be no exceptions. The test
will fail if your router responds to a ping. This is a slight security
risk, since it will tell a passing, possibly malicious, port scanner
that your router does exist, and may attract it's attention to do
further scanning on your IP. You can usually turn off ping response in
your router's control panel. Regardless of that, the ports should
still show up as stealth. Linux systems may show up as closed, rather
than stealth, and fail this test. See my note about Ubuntu below.<br>
<br>
Next, click the "All Service Ports" button. The remote system will
probe the first 1056 port numbers at your public IP. You will see a
grid of colored dots, one for each port number, which shows it's
status. Again, they should be all green. You should see TruStealth
Analysis Passed. You can hover your mouse over any dot to see it's
port number which was tested, and you can click on the dot to see what
that port it for. After the test completes, a good deal of additional
information will be presented at the bottom of the page. It's a good
idea to read through this.<br>
<br>
Here's an important piece about WAN security.<br>
<br>
quote on --><br>
<p><font face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif"
size="2" color="#000070">However, the Internet or "WAN" (Wide Area
Network) side connection of many NAT routers and DSL gateways is not as
secure as it should be. Many routers ship with web, ftp, or Telnet
management ports wide open! And many are still configured with their
well-known default administrative passwords. Although the router may be
protecting the machines behind it, it might not be protecting itself
without your deliberate closing of remote "WAN" administration ports.
</font></p>
<p><font face="Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif"
size="2" color="#000070">ShieldsUP! automatically tests your NAT
router's WAN-side security because the router's WAN IP is the single
public IP that connects your internal private network to the public
Internet. When a test is initiated by any system behind a NAT router,
we are testing the public-side security of the router itself and not
the security of the individual machines which are located behind and
protected by the router.
</font></p>
<-- end quote<br>
<br>
So, if you find any open ports that YOU are not specifically desiring
to have open, you need to investigate how to close them. As the above
text indicates, it may be your cable / dsl modem that is the culprit,
exposing its own management interface to the world. This is an
invitation for it to be hacked, even though it may be intended for use
by your ISP. If the modem is not misbehaving, then your router may be
exposing open ports you didn't intend. You should take steps to close
or stealth those through the router's control panel. If that cannot be
done, there are a couple of options.<br>
<br>
A) Forward the offending port to a non existent IP address on your
network. For example, some routers refuse to stealth port 113. I have
the DHCP server on my LAN set to distribute IP addresses to LAN clients
of 192.168.83.2 - 192.168.83.200. Therefore, IP addresses ending in
201 - 254 should never exist on my LAN. I had a router that would not
stealth port 113. I used the port forwarding function to forward TCP
and UDP packets coming in on port 113 to address 192.168.83.250. Since
there is no computer at this address, this has the effect of stealthing
the port.<br>
<br>
B) I currently own a wireless router that absolutely refuses to allow
me stealth one particular port that is reporting as closed. If I try
to forward it to a nonexistent address, it refuses and says the port is
in use. However, I cannot find any place in the control panel where
this is set. In this case, I placed another wired router between the
wireless router and the cable modem. That last router is acting as the
firewall to my whole network, and now I have all the ports facing the
internet stealthed like I want them.<br>
<br>
If you need to probe a port other than the common ones, or the first
1056, you can use the "User Specified Custom Port Probe" button on the
ShieldsUp! page. Then, you can enter the port number, or range of
numbers you wish to probe, up to 64 ports total.<br>
<br>
Finally, a note about how the UBUNTU Firewall deals with incoming port
scans. I am running the firewall in Ubuntu, configured by the
Firestarter application. I have it configured to drop unsolicited
packets silently, block ICMP, and block broadcasts. If I connect the
PC directly to my cable modem, and run the ShieldsUp! port scan, I find
that almost all the ports are closed, rather than stealth. Also, I
find that the system is responding to pings. This is very annoying,
since I wish for the machine to be totally stealthed. If anyone knows
how to fix this, I'd love to know.<br>
<br>
However, when I'm behind my firewall, my machine is totally invisible
to anyone I'm not specifically contacting, or anyone in the
communications path from me to the remote machine. That's the way I
like it.<br>
<br>
Sincerely,<br>
<br>
Ron<br>
<br>
On 02/09/2011 10:01 PM, Ron Frazier wrote:
<blockquote cite="mid:4D53551F.7060008@c3energy.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Hi Chris,<br>
<br>
I gave a router recommendation in a prior post. I wanted to add this.
Make sure you set the router's security features properly to protect
yourself from outside attack. The settings are as follows.<br>
</blockquote>
<br>
<snip><br>
<br>
<blockquote cite="mid:4D53551F.7060008@c3energy.com" type="cite"><br>
On 02/09/2011 03:12 PM, C Hendry wrote:
<blockquote cite="mid:525199.52103.qm@web180709.mail.sp1.yahoo.com"
type="cite">
<style type="text/css"><!-- DIV {margin:0px;} --></style>
<div
style="font-family: times new roman,new york,times,serif; font-size: 12pt;">
<div>Need to replace downed 2wire Wireless router.<br>
<br>
Looking at amazon and Fry's, lots to choose from any good
recommendations?<br>
<br>
Thanks in advance.<br>
<br>
Chris<br>
</div>
</div>
</blockquote>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
(PS - If you email me and don't get a quick response, you might want to
call on the phone. I get about 300 emails per day from alternate energy
mailing lists and such. I don't always see new messages very quickly.)
Ron Frazier
770-205-9422 (O) Leave a message.
linuxdude AT c3energy.com
</pre>
</body>
</html>