DVD Talk Forum

DVD Talk Forum (https://forum.dvdtalk.com/)
-   Tech Talk (https://forum.dvdtalk.com/tech-talk-10/)
-   -   Router help (WRT54G) (https://forum.dvdtalk.com/tech-talk/515939-router-help-wrt54g.html)

UAIOE 10-31-07 02:24 PM

Router help (WRT54G)
 
I've been checking Shields Up and I've still been getting a messages saying that ports are open on the router than I know I have closed with my (Linux) software firewall. Am I still at risk? Is the router keeping these ports open?

How do I close or stealth these other (unnecessary) ports on my router? I've gone through the router options and have concluded that I have no idea what I am looking for.

Any help would be greatly appreciated.

X 10-31-07 02:27 PM

I don't know that you can close ports on most routers. Usually that's done with a firewall.

My current Trendnet router does let me turn of a small list of protocols (ports) or specify a list of the only ones I want open though. But I don't remember seeing much of that in other routers.

UAIOE 10-31-07 02:39 PM

I saw there was some talk of "port forwarding" but I wonder if that is what I need to do with it.

I still get told I can be Pinged even though I've turned that off via my software firewall.

Am I being paranoid for no good reason?

X 10-31-07 02:47 PM

Port forwarding allows you to send outside requests for a particular port to a particular computer on your network. Like if you had a web server separate from your main computer.

Turning off ping response is often done in the firewall as well.

With a software firewall you're probably relatively ok. It's just that you show up to the outside world so you're more likely to have someone try to get in. If your ports are closed and you return no pings you look like nothing is there.

UAIOE 10-31-07 03:00 PM

I need to find out how to turn of ping then.

GHackmann 10-31-07 06:29 PM

There's rarely a good reason to turn off ICMP echo (aka ping) packets.

Dr Mabuse 10-31-07 07:53 PM

the first line of network security is the router...

and closing down all ports, except those absolutely necessary, is crucial for real security... the router just drops them on the floor...

then behind that you do stateful packet inspection...

turning off ping and traceroute is pretty common practice these days for real security...

the finest firewall on planet earth is a system of no IP's using a MAC forwarding bridge to do inspection... it's absolutely invisible... and this is ALWAYS the most desirable security... not being there at all... but that's not necessary for most stuff...

a normal layer 3 firewall is more than enough...

turn off all services... close all ports... then open ports only as needed to get the functionality you desire... only open ports on the router on a 'need to know' basis... 'need to use' i guess...

do packet inspection behind that...

GHackmann 10-31-07 09:59 PM


Originally Posted by Dr Mabuse
turning off ping and traceroute is pretty common practice these days for real security...

Just because something is a common practice doesn't mean it's a good idea. Killing off ICMP packets entirely does nothing in terms of actual security, except for closing one (of many) vectors for a DDoS. In exchange, you break a useful Internet protocol.

Dr Mabuse 10-31-07 10:32 PM


Originally Posted by GHackmann
Just because something is a common practice doesn't mean it's a good idea. Killing off ICMP packets entirely does nothing in terms of actual security, except for closing one (of many) vectors for a DDoS. In exchange, you break a useful Internet protocol.

i was giving accurate info to the OP...

it's a free country and you can think whatever you like...

you would have better said "Killing off ICMP packets entirely does nothing in terms of actual security that i know of, except for..."

UAIOE 11-01-07 03:25 AM

I guess what seems to be happening is that when I do that "Shields Up!" site seems to be scanning who does the internet for where I live vs. my actual router.

That doesn't explain why it still shows certain Linux ports being open, but I have those ports blocked on my firewall and router yet they still seem to show up on the scan.

Any thoughts?

GHackmann 11-01-07 11:04 AM


Originally Posted by UAIOE
I guess what seems to be happening is that when I do that "Shields Up!" site seems to be scanning who does the internet for where I live vs. my actual router.

That doesn't explain why it still shows certain Linux ports being open, but I have those ports blocked on my firewall and router yet they still seem to show up on the scan.

Any thoughts?

When in doubt, check your firewall logs. If iptables says it's dropping the packets, and if you trust iptables's reporting (which I don't see any reason not to), then something is just messed up on GRC's end.

If you're really paranoid, write a quick stub script that just listens on one of the ports in question and reports if it receives a connection.

UAIOE 11-01-07 12:04 PM

I'm a Linux noob, I don't know how to do that.

Where can I check the iptables log?

GHackmann 11-01-07 07:53 PM

It's usually /var/log/messages, but that could depend on your Linux distribution and its default syslog settings.

UAIOE 11-02-07 04:45 AM

I didn't see anything that mentioned iptables specifically, am I blind?

GHackmann 11-02-07 10:57 AM

The format of the logging messages can also depend on your iptables configuration. You may very well not be logging any packets, and you'll have to add a rule to LOG packets before you DROP them.

If you're not familiar with the iptables rule syntax, Firestarter is a decent GNOME GUI that can do much of the heavy lifting for you. Odds are your distro has a precompiled Firestarter package sitting in its repository.

UAIOE 11-02-07 02:53 PM

I used Firestarter but I switched to Guarddog recently.

Guarddog gives me more customizing ability.


All times are GMT -5. The time now is 08:51 PM.


Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.