D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-825 => Topic started by: cc999 on August 26, 2009, 04:53:31 AM
-
If you goto Shields up at https://www.grc.com/x/ne.dll?bh0bkyd2 it shows Ports 0 and 1 Closed but not stealth, This is first time I have seen this. DIR 655 always had stealth on all ports. Any Ideas???
Charlie C
-
I have been searching the internet for a fix, a trick I used to stealth port 113 on a Buffalo router was to port forward 113 to an invalid IP address and it then became stealth. That trick does not work here.
Dlink moderators this is a huge issue that must be fixed immediatly!
I am very surprised more people are not commenting in this thread.
Charlie C
-
My 825 is setup as an AP so I don't have this issue. Ridiculous that Dlink doesn't do even the most elementary of tests before they release firmware!
-
Here is how I am now stealth on all ports:
Took my DIR 825 and ran cat 5 from modem port to my DIR 655 in one of the 4
ports. The DIR is then connected to my cable modem. Ran test again ALL stealth.
WHY beacuse the DIR-655 is blocking all the ports!
DLINK techs this is a MAJOR ISSUE and muste be fixed! Please reply.......
Charlie C
-
CC,
You might want to recheck your security settings (be sure to check your PC, not just the router).
I'm using an 825 (a) and the site you reference says I'm locked down pretty tight. An "all ports" check comes up completely green (stealth). A check for shared info reports as follows:
________________________________________
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
_______________________________
The report is good despite my having a port open for my Slingbox and folders shared between computers on my home network. Bottom line, I doubt it's the router, probably just your settings.
Cheers
-
Gadget, you need to go back to ShieldsUp and run not just the first scan, but the second and third scans as well.
Tests:
1) File Sharing (which is what you ran)
2) Common Ports
3) All Service Ports
You will see that the DIR-825 does not stealth ports 0 and 1. HUGE security issue that everyone should be concerned about.
-
Thats correct RUN the SERVICE PORTS FULL SCAN. You will have 0 and 1 closed NOT stealth.
The DIR 655 is completly stealth so I have to run my 825 thru the 655 for the security.
THIS MUST BE ADDRESSED. LYCAN please reply........
Charlie C
-
Just setup the 825 Rev B1 and then updated the f/w to 2.02NA. Just ran the All Service Ports test myself and see the same issue.
-
Same issue here for me. Port 0 - 1 are closed, note stealth.
Using DIR-825 HW: B1 with Firmware 2.01EU (Build15) from the German Dlink FTP-server.
-
Does everyone agree with me that this is a very serious issue! Lycan please tell us this will be
resolved. Its a shame I have to go thru the DIR-655 to get the security that the DIR 825 should be
giving us out of the box.
Charlie C
-
Claykin,
Done, just sent Steve an email at the link you provided. Where the heck are the Techs????
Charlie
-
They read the forums, but don't often reply. Sad!!
-
I'm curious to know you rate this as such a high security issue...though on your computer what is running (services) on Port 0 and 1 to make it such a high security priority??
-Clint.B
-
Port 0 is probably a non issue, unless the router handles requests to this port incorrectly. Port 1 is a TCP Multiplexer port used by some flavors of UNIX. While it should not be a direct threat to PC users, one never knows if an exploit is created to take advantage of this port and when inside the LAN then create havoc otherwise.
All ports should be stealth on a network with no pinholes.
-
There are programs out there that are designed to scan blocks of IP addresses and at each IP address it will scan all ports from 0 through 65535. If all of your ports are stealthed (including 0 and 1) these special programs won't even know or see that you are there. If it detects anything at any IP address, even if the ports are closed, the hacker will still see that something exists at that address. Then it is up to the hacker to take some kind of action. Atleast, this is the way I see it.
The #1 reason (for me) to have a ROUTER is security. If I didn't care about security I would have bought a switch or hooked my pc straight up to the modem.
A good router will stealth all ports <PERIOD>
-
Rev A1 1.11NA
GRC Port Authority Report created on UTC: 2009-08-28 at 05:17:03
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received
-
Clint go here:
https://www.grc.com/port_1.htm
Charlie
-
Just a few things here...
Firstly, there is no security issue here, even if the ports aren't dropping packets (stealth) your systems arn't going to be listening on these ports and thus no security issue. Additionally, unless otherwise configured, you're going to be running NAT, and you would have to forward such port for it to even reach anywhere outside the wan interface of the 825, and the 825 itself is not listening on these ports.
Second, "Shields Up"/GRC run by Steve Gibson is considered a laughing stock of the security community.
Third, the dir-825 is NOT A FIREWALL, sure it does some firewalling, inherent NAT securities, even stateful tagging as well. All good, but its not a dedicated security device, if you're concerned about security, get an ASA or run iptables.
For fun, I ran these 'security checks' through my dir-825 (running 1.12NA) and I can't even replicate your 'issue':
0 <nil> Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!
D-link admins/techs/reps aren't going to comment on every over paranoid freakout spewed onto the forums any more than your ISP cares about who's probing your wan IP. There are FAR to many other and REAL security issues out there to manage.
-
I can't replicate the issues either, using GRC. My 825 shows stealth on ports 0 and 1
-
Then it must be the firmware. I have the rev B1 with 2.02NA. Does anyone with this firmware have ports 0 and 1 stealth? I believe its a firmware issue even more reason to get fixed immediately.
Charlie C
-
B1 here also, with 2.02NA. Ports 0 and 1 not stealthed. Looks like a non-issue on the A1 version.
Confirmed my PC listening on these ports. This router does have a firewall, not like a huge business server with ASA, but good for a home network and has proven effective for small network security.
-
B1 here also, with 2.02NA. Ports 0 and 1 not stealthed. Looks like a non-issue on the A1 version.
Confirmed my PC listening on these ports. This router does have a firewall, not like a huge business server with ASA, but good for a home network and has proven effective for small network security.
How did you verify your pc was listening on these ports? Unless you enabled them, or you have a virus, there is no way it could be.
As for B1, there is still no threat, only a cosmetic issue.
-Unless you are port forwarding, or 1to1 mapping the IP to your machine, no connections will reach your systems on these ports.
-no Microsoft OS uses these ports for anything
-tcp/udp port 0 is reserved (ie. not used), there are some attacks involving port 0 that attempt to cause buffer overruns, or dos. a little googleing showed a trojan pinging from port 1024 to port 0, which I assume is simply searching for copy's of itself, but the port is closed and the 825 will simply drop the packet, as would your computer (unless you were already infected with such a virus and it enabled the port to listen.)
-tcp/udp port 1 is resurved for tcpmux - http://en.wikipedia.org/wiki/TCPMUX - a unix service designed to combine ports, not used very often and is considered a security risk if enabled (yeah, you have to turn it on).
-I have never nmap'd (scan) a linux box to date that listed 0, and/or 1 as anything other than closed/filtered, nobody uses this really.
-'stealth' only means a port is being listened on, but only for trusted hosts/sources (and what would look like as open for such host/source).
So in a standard config the device showing these ports as 'closed' is in fact the dir-825 (not forwarded anywhere). The 825 is not listening on these ports so they are indeed closed. So, you see, there is no security threat, you can not connect to a closed port. Yes the 825 B1 should not return that the port is closed and instead simply drop the request, maybe dlink will correct this cosmetic issue in the next code update, but there is no harm in letting it sit a full dev cycle as other issues are addressed.
-
BOF,
Why doest the trick to forward that prot to a fake ip address work? I used this trick
on a Buffalo router that had port 113 showing as closed. I forwarded 113 to an ip address
not in my router config and then it showed stealth. Any ideas on a work around to show stealth?
I now have my 825 plugged into my 655 and all ports are stealth but I really do not want this configuration.
Any help would be appreciated.
Charlie C
-
Gadget, you need to go back to ShieldsUp and run not just the first scan, but the second and third scans as well.
Tests:
1) File Sharing (which is what you ran)
2) Common Ports
3) All Service Ports
You will see that the DIR-825 does not stealth ports 0 and 1. HUGE security issue that everyone should be concerned about.
CC,
I thought I'd explained. I did run all the tests. I posted the results of test 1 in the earlier message. Here's the result from test 2 (common ports):
Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000
0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
and for test 3 (all service ports)
GRC Port Authority Report created on UTC: 2009-08-30 at 02:35:59
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
This is through an 825, no special filters or other workarounds. In the future if you post about an issue with your router, be sure you mention which model and what firmware you're running. You had A model people jumping through (non existent) hoops looking for an issue that may only exist with the B model.
Cheers
-
Gadget
Do you have harware B1 or A?????? seems B1 has the issue...
Charlie C
-
Gadget has the A1 Version...read Gadget's first post.
CC, since this is your post...change the title to say "B1 Security Issue"
-
bump
-
Oh, I'm quite sure Dlink knows about this by now. The problem I have is that they choose not to engage, in a useful way, most posts to these forums. Aside from the occasional reply from one of the moderators, Dlink is MIA and pretty much leaves it up to users to help.
I'd really like to see them improve this!
-
Bump, Bump
-
The DIR-825_A is a Ubicom product. By default Ubicom stealth's ports when no traffic is being sent. The 825_b is not a Ubicom platform and does not follow their "stealth" procedure. As BOFslime points out Shields Up is a "joke". As for the users that believe that they're not protected unless their ports return as stealth-ed, then the 825_b is NOT the router for you. We suggest that you purchase a true firewall and not a SOHO NAT device.
I'm locking this thread.
Please see http://forums.dlink.com/index.php?topic=8180.new#new