Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Router help (WRT54G)

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Router help (WRT54G)

Old 10-31-07, 02:24 PM
  #1  
DVD Talk Limited Edition
Thread Starter
 
UAIOE's Avatar
 
Join Date: Jan 2002
Location: LV-426
Posts: 6,598
Likes: 0
Received 0 Likes on 0 Posts
Router help (WRT54G)

I've been checking Shields Up and I've still been getting a messages saying that ports are open on the router than I know I have closed with my (Linux) software firewall. Am I still at risk? Is the router keeping these ports open?

How do I close or stealth these other (unnecessary) ports on my router? I've gone through the router options and have concluded that I have no idea what I am looking for.

Any help would be greatly appreciated.
Old 10-31-07, 02:27 PM
  #2  
X
Administrator
 
X's Avatar
 
Join Date: Oct 1987
Location: AA-
Posts: 10,764
Likes: 0
Received 4 Likes on 3 Posts
I don't know that you can close ports on most routers. Usually that's done with a firewall.

My current Trendnet router does let me turn of a small list of protocols (ports) or specify a list of the only ones I want open though. But I don't remember seeing much of that in other routers.
Old 10-31-07, 02:39 PM
  #3  
DVD Talk Limited Edition
Thread Starter
 
UAIOE's Avatar
 
Join Date: Jan 2002
Location: LV-426
Posts: 6,598
Likes: 0
Received 0 Likes on 0 Posts
I saw there was some talk of "port forwarding" but I wonder if that is what I need to do with it.

I still get told I can be Pinged even though I've turned that off via my software firewall.

Am I being paranoid for no good reason?
Old 10-31-07, 02:47 PM
  #4  
X
Administrator
 
X's Avatar
 
Join Date: Oct 1987
Location: AA-
Posts: 10,764
Likes: 0
Received 4 Likes on 3 Posts
Port forwarding allows you to send outside requests for a particular port to a particular computer on your network. Like if you had a web server separate from your main computer.

Turning off ping response is often done in the firewall as well.

With a software firewall you're probably relatively ok. It's just that you show up to the outside world so you're more likely to have someone try to get in. If your ports are closed and you return no pings you look like nothing is there.
Old 10-31-07, 03:00 PM
  #5  
DVD Talk Limited Edition
Thread Starter
 
UAIOE's Avatar
 
Join Date: Jan 2002
Location: LV-426
Posts: 6,598
Likes: 0
Received 0 Likes on 0 Posts
I need to find out how to turn of ping then.
Old 10-31-07, 06:29 PM
  #6  
Senior Member
 
Join Date: Apr 2002
Posts: 628
Likes: 0
Received 0 Likes on 0 Posts
There's rarely a good reason to turn off ICMP echo (aka ping) packets.
Old 10-31-07, 07:53 PM
  #7  
DVD Talk Legend
 
Dr Mabuse's Avatar
 
Join Date: Jun 2007
Location: 75 clicks above the Do Lung bridge...
Posts: 18,950
Likes: 0
Received 0 Likes on 0 Posts
the first line of network security is the router...

and closing down all ports, except those absolutely necessary, is crucial for real security... the router just drops them on the floor...

then behind that you do stateful packet inspection...

turning off ping and traceroute is pretty common practice these days for real security...

the finest firewall on planet earth is a system of no IP's using a MAC forwarding bridge to do inspection... it's absolutely invisible... and this is ALWAYS the most desirable security... not being there at all... but that's not necessary for most stuff...

a normal layer 3 firewall is more than enough...

turn off all services... close all ports... then open ports only as needed to get the functionality you desire... only open ports on the router on a 'need to know' basis... 'need to use' i guess...

do packet inspection behind that...

Last edited by Dr Mabuse; 10-31-07 at 10:29 PM.
Old 10-31-07, 09:59 PM
  #8  
Senior Member
 
Join Date: Apr 2002
Posts: 628
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by Dr Mabuse
turning off ping and traceroute is pretty common practice these days for real security...
Just because something is a common practice doesn't mean it's a good idea. Killing off ICMP packets entirely does nothing in terms of actual security, except for closing one (of many) vectors for a DDoS. In exchange, you break a useful Internet protocol.

Last edited by GHackmann; 10-31-07 at 10:03 PM.
Old 10-31-07, 10:32 PM
  #9  
DVD Talk Legend
 
Dr Mabuse's Avatar
 
Join Date: Jun 2007
Location: 75 clicks above the Do Lung bridge...
Posts: 18,950
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by GHackmann
Just because something is a common practice doesn't mean it's a good idea. Killing off ICMP packets entirely does nothing in terms of actual security, except for closing one (of many) vectors for a DDoS. In exchange, you break a useful Internet protocol.
i was giving accurate info to the OP...

it's a free country and you can think whatever you like...

you would have better said "Killing off ICMP packets entirely does nothing in terms of actual security that i know of, except for..."
Old 11-01-07, 03:25 AM
  #10  
DVD Talk Limited Edition
Thread Starter
 
UAIOE's Avatar
 
Join Date: Jan 2002
Location: LV-426
Posts: 6,598
Likes: 0
Received 0 Likes on 0 Posts
I guess what seems to be happening is that when I do that "Shields Up!" site seems to be scanning who does the internet for where I live vs. my actual router.

That doesn't explain why it still shows certain Linux ports being open, but I have those ports blocked on my firewall and router yet they still seem to show up on the scan.

Any thoughts?
Old 11-01-07, 11:04 AM
  #11  
Senior Member
 
Join Date: Apr 2002
Posts: 628
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by UAIOE
I guess what seems to be happening is that when I do that "Shields Up!" site seems to be scanning who does the internet for where I live vs. my actual router.

That doesn't explain why it still shows certain Linux ports being open, but I have those ports blocked on my firewall and router yet they still seem to show up on the scan.

Any thoughts?
When in doubt, check your firewall logs. If iptables says it's dropping the packets, and if you trust iptables's reporting (which I don't see any reason not to), then something is just messed up on GRC's end.

If you're really paranoid, write a quick stub script that just listens on one of the ports in question and reports if it receives a connection.
Old 11-01-07, 12:04 PM
  #12  
DVD Talk Limited Edition
Thread Starter
 
UAIOE's Avatar
 
Join Date: Jan 2002
Location: LV-426
Posts: 6,598
Likes: 0
Received 0 Likes on 0 Posts
I'm a Linux noob, I don't know how to do that.

Where can I check the iptables log?
Old 11-01-07, 07:53 PM
  #13  
Senior Member
 
Join Date: Apr 2002
Posts: 628
Likes: 0
Received 0 Likes on 0 Posts
It's usually /var/log/messages, but that could depend on your Linux distribution and its default syslog settings.
Old 11-02-07, 04:45 AM
  #14  
DVD Talk Limited Edition
Thread Starter
 
UAIOE's Avatar
 
Join Date: Jan 2002
Location: LV-426
Posts: 6,598
Likes: 0
Received 0 Likes on 0 Posts
I didn't see anything that mentioned iptables specifically, am I blind?
Old 11-02-07, 10:57 AM
  #15  
Senior Member
 
Join Date: Apr 2002
Posts: 628
Likes: 0
Received 0 Likes on 0 Posts
The format of the logging messages can also depend on your iptables configuration. You may very well not be logging any packets, and you'll have to add a rule to LOG packets before you DROP them.

If you're not familiar with the iptables rule syntax, Firestarter is a decent GNOME GUI that can do much of the heavy lifting for you. Odds are your distro has a precompiled Firestarter package sitting in its repository.
Old 11-02-07, 02:53 PM
  #16  
DVD Talk Limited Edition
Thread Starter
 
UAIOE's Avatar
 
Join Date: Jan 2002
Location: LV-426
Posts: 6,598
Likes: 0
Received 0 Likes on 0 Posts
I used Firestarter but I switched to Guarddog recently.

Guarddog gives me more customizing ability.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.