Close or stealth ports 22 & 23
Last response: in Wireless Networking
Hello,
I have a D Link DIR 615 rev.B with the latest firmware update. I am running Win 7 on an Acer Aspire 5536G and using Comodo Internet Security. I just used Steve Gibson's Shields Up and found that posts 22 & 23 are open. I have used full stealth mode with my software firewall, but the ports are still shown as open. What I need to know is this: How do I stealth these ports through my router? Any idea, anyone? TIA.
I have a D Link DIR 615 rev.B with the latest firmware update. I am running Win 7 on an Acer Aspire 5536G and using Comodo Internet Security. I just used Steve Gibson's Shields Up and found that posts 22 & 23 are open. I have used full stealth mode with my software firewall, but the ports are still shown as open. What I need to know is this: How do I stealth these ports through my router? Any idea, anyone? TIA.
More about : close stealth ports
eibgrad said:
If GRC is reporting those ports as open and you're behind a router, then GRC is only testing the router's firewall, not your personal software firewall. So for some reason those ports are open at the router. You need to find out why and close/stealth them there.Yes, that was my question - "How?" - I can't find anything in the router's web-based interface; I've looked on the D-Link forum and Googled the query, but can't find an answer. Maybe my search parameters aren't right?
Should I use port-forwarding to confuse probes? If so, where should I forward them? I don't anticipate using SSH or Telnet anytime soon, but wonder if the router needs them open to function. Every other port was reported either 'closed' or 'stealthed'.
It's unusual for those ports to be open by default or without you having explicitly opened them. You probably have a section called Virtual Servers on the router where various well-known protocols like SSH (port 22) and Telnet (23) are defined for port forwarding at some later date should you need them, but otherwise disabled. If they are defined and enabled, then disable them.
Why might they be open if you hadn’t opened them? It’s possible you have UPnP (Universal Plug N Play) enabled and malware has gotten into your system and opened them behind your back. UPnP allows applications you trust to manage their own ports on the router's firewall. But it represents a security risk too. If malware gets into your system, it can manipulate those same ports for its own evil purposes. I'm particularly concerned in this case since SSH and Telnet are highly prized by hackers.
So to avoid any chance you might miss something, I suggest you reset the router to factory defaults, make sure UPnP is disabled (it usually is by default, but check anyway), and run your GRC tests again. And immediately check your wired and wireless clients for malware.
To reset the router to factory defaults, hold the reset button on the back of the router for 30 secs (while powered on, of course) and release. The router will be returned to factory defaults. Realize that administrative and wireless security will be disabled. These should be re-established ASAP.
Why might they be open if you hadn’t opened them? It’s possible you have UPnP (Universal Plug N Play) enabled and malware has gotten into your system and opened them behind your back. UPnP allows applications you trust to manage their own ports on the router's firewall. But it represents a security risk too. If malware gets into your system, it can manipulate those same ports for its own evil purposes. I'm particularly concerned in this case since SSH and Telnet are highly prized by hackers.
So to avoid any chance you might miss something, I suggest you reset the router to factory defaults, make sure UPnP is disabled (it usually is by default, but check anyway), and run your GRC tests again. And immediately check your wired and wireless clients for malware.
To reset the router to factory defaults, hold the reset button on the back of the router for 30 secs (while powered on, of course) and release. The router will be returned to factory defaults. Realize that administrative and wireless security will be disabled. These should be re-established ASAP.
Related ressources
- How to stealth Port 113 in my NAT Router - Forum
- When portforwarding Ports go from closed to stealth ??? - Forum
- Tiny Firewall Pro 6.0: How do I stealth RPC Port 135 ? - Forum
- Stealth Port 113? - Forum
- Rogue Stealth - Forum
I did all of the above and those darned ports are still open. UPnP is disabled, also Remote Management. I've scanned the c**p out of my machine and nothing untoward was found. I've changed my antivirus and scanned again, just in case anything was missed - nada! Spybot and malwarebytes found nothing and I'm stumped. Thanks for trying.
Are you sure the public IP address reported by Shields Up or http://ipchicken.com is the same public IP assigned to your router's WAN IP?
From my router's interface:
DHCP Client
QoS Engine : Active
Cable Status : Connected
Network Status : Established
Connection Up Time : 5 Days, 6:00:52
MAC Address : 00:1C:F0:F0:39:FF
Authentication & Security :
IP Address : 192.168.88.5
Subnet Mask : 255.255.255.0
Default Gateway : 192.168.88.1
Primary DNS Server : 124.157.64.4
Secondary DNS Server : 124.157.64.5
From Shield's Up:
Your computer at IP:
124.157.108.126 Same on ipchicken.
DHCP Client
QoS Engine : Active
Cable Status : Connected
Network Status : Established
Connection Up Time : 5 Days, 6:00:52
MAC Address : 00:1C:F0:F0:39:FF
Authentication & Security :
IP Address : 192.168.88.5
Subnet Mask : 255.255.255.0
Default Gateway : 192.168.88.1
Primary DNS Server : 124.157.64.4
Secondary DNS Server : 124.157.64.5
From Shield's Up:
Your computer at IP:
124.157.108.126 Same on ipchicken.
Well wait a second. The public IP reported @ ipchicken.com is 124.157.108.126. But you haven't proven to me the WAN IP is also 124.157.108.126 by the information that precedes it. That shows an IP address of 192.168.88.5, which is a *local* IP address. Are you sure 192.168.88.5 is the WAN IP of your router, or is that perhaps the IP configuration of your PC/client? Because if it's the former, there's your problem.
NOTE: Your router’s WAN IP information should be visible under Status->Device Info (pg. 43 of the manual).
NOTE: Your router’s WAN IP information should be visible under Status->Device Info (pg. 43 of the manual).
This is an actual screenshot from my router's web interface: http://tinyurl.com/yfc37do As you can see, that was what I cut and pasted before. I have a wireless Internet link, through a PoE adapter and a receiver on the roof, which has a built-in firewall. Maybe this is the explanation and I'm sorry, I should have mentioned that before. ![:??:]( ":??:")
Duh!
Thanks for all your input.
Duh!Thanks for all your input.
Best solution
Noozild said:
This is an actual screenshot from my router's web interface: http://tinyurl.com/yfc37do As you can see, that was what I cut and pasted before. I have a wireless Internet link, through a PoE adapter and a receiver on the roof, which has a built-in firewall. Maybe this is the explanation and I'm sorry, I should have mentioned that before. Duh!Thanks for all your input.
Well, there’s the problem. You're not connected directly to the public IP space! Instead, you're connected to another local network upstream (192.168.88.x) and being assigned the IP address 192.168.88.5 by the wireless ISP, who in turn is connected to some ISP. Somewhere up that chain of ISPs lies a router w/ the public IP (124.157.108.126). And that's the router Shields Up is testing, NOT your personal router. Shield Up only knows about and tests the router directly connected to the public IP space. That’s just one of the limitations of an ISP who places you behind his own private network (e.g., 192.168.x.x).
So in all likelihood, your router is probably completed closed and stealthy. What’s not is the router directly exposed to the public IP space. Ironically, this is NOT a good thing if you need remote access, into gaming, etc., since you typically need various ports OPEN, so now that ISP is an impediment to those activities since you don’t control his router’s firewall.
Related ressources:
- ForumStealth test with router and without router
- ForumPort 113 is closed
- ForumClosing all web ports
- ForumClose Port 113 - Observation
- ForumPort 113 Stealthing and Belkin 4- port DSL router
- ForumClosed Ports
- ForumI REALLY need some help opening a tcp port ... please take a gander >>
- ForumForwarded ports
- ForumLite OC'ing & Crysis ready w/ 22 " LCD
- ForumWhere should I buy my new pc?
- Forum(3) 3D Monitors in EYEFINITY is it possible?
- ForumI need help unlocking my boost moble zte n86009.11 model
- Forum[Solved] WIRELESS ROUTERS, ADAPTERS, CARDS, & ACCESS POINTS
- ForumWUSB600N odd malfunction & Linksys is AWOL
- ForumHow to link my Ethernet & WLAN adapters?
- More resources
Read discussions in other Wireless Networking categories
!
