Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jarcapconspiracy]

Below are the results of the security tests.  What do I do to stealth the ports and cover or stealth my private IP? 

Using PC Tools Firewall Plus & D-Link DIR-615 Wireless N 300 Router & Tenda W322P V2.0 Wireless N_PCI Adapter.  I always have Java and Shockwave Flash disabled in my browser (IE8).  I turn on Java and Shockwave Flash only when I need it and promptly turn it off when done.   

Failed the www.grc.com ShieldsUp port scan test.  Port 0 and Port 1 were "closed" but responded to the probe and therefore not "stealthed" so it considered to have failed the security test.

http://www.auditmypc.com/anonymous-proxy.asp
Failed this test - showed my Private IP - "Notice - Found your Private IP of 192.168.xxx.xxx!"

Ran both these tests bypassing the WLAN card by direct wire to router.  Exact same results or failures with the only difference was the Private IP was a slightly different address.

Ran both these tests bypassing WLAN card and bypassing router by direct wire to Motorola SURFboard SB5101 Cable Modem direct to computer.  This cable modem does not contain a router or switch.  Passed all the tests except ping test. (Ping test failure not relevant because I want an WLAN).  All ports were stealthed and Private IP covered or stealthed.

Why would port 0 & 1 & my private IP be successfully stealthed using my firewall only (no wireless router or WLAN card) and when I add a router, port 0 & 1 & my private IP are not stealthed?  What do I do to remedy this?  How can my router disable the ability of my firewall to stealth port 0 & 1 & my private IP? 

How do configure D-Link DIR-615 Wireless N 300 Router to stealth port 0 & 1 and stealth my private IP?

Background info: Desktop AMD 4400+ 64X2 4GB memory 320GB HD Acer (AM3100-U3201A) 32-bit MS Vista Home Premium SP2 -- MS auto updates on.  Comcast ISP 12mbps service.

Thanks for the help
Bob

[stevefoobar]

I'm having exactly this same issue with my DIR-601 router and it's very disappointing.  My rather old Linksys BEFSR41 router always reported all ports as stealth!  Why can't these routers?  I have put a request in to tech support but don't have a response back yet.

[Trikein]

What do you mean by "stealth" your private IP? And what exactly are you have problems with. Is it just a privacy control?

[Jasu]

http://www.auditmypc.com/anonymous-proxy.asp
Failed this test - showed my Private IP - "Notice - Found your Private IP of 192.168.xxx.xxx!"

I don't know about this. I couldn't reproduce the issue.

Failed the www.grc.com ShieldsUp port scan test.  Port 0 and Port 1 were "closed" but responded to the probe and therefore not "stealthed" so it considered to have failed the security test.

You can make ports not to answer anything (a.k.a stealth) by port forwarding them to non-existent IP of your network.

However this is not a security problem. The ports are closed so no one can connect to them. I wouldn't consider the test failed as your computers or your router could not be connected to.

When you connected directly to your modem with wire it was most PC Tools firewall that blocked (stealthed) the connection attempts. "Failing" the ping test is once again not a failure. Ping is just a diagnostic tool.

[stevefoobar]

Unfortunately, this is not true.  For some reason, this router and many others D-Link makes, will NOT allow you to forward ports 0 and 1.  I and others have tried every possible combination of settings and the ports still report as closed regardless.

It's not a question of being a critical security threat.  It is simply that all ports should report as stealth, even ports 0 and 1 and since other routers like those from Linksys act this way, as do many others, why won't D-Link change their firmware to behave this way?

It is a security risk to have ports report as closed as opposed to stealthed.  How much of a risk is a matter of opinion.

[Jasu]

My bad if the advice I gave was useless. I guess trying to set firewall filter those ports won't help either... Are you using the newest firmware?

You are right when you say that filtering (stealthing) all ports should be an option.

I just wouldn't have nightmares because of this (I run my router with all ports closed, not stealthed). There is absolutely nothing more that malicious hacker can do to a closed port than to a stealthed one. No security risk here I think.

[stevefoobar]

No apology necessary Jasu.  We're all trying to help each other.  I'm not an expert but there must be a relatively good reason why routers try to get all ports to return Stealth instead of closed, otherwise there wouldn't be a category of "Stealth" and router manufacturers wouldn't care.

Again, what is odd is that D-Link doesn't seem to care in their consumer routers.

That is what is disappointing.

[Jasu]

there must be a relatively good reason why routers try to get all ports to return Stealth instead of closed, otherwise there wouldn't be a category of "Stealth" and router manufacturers wouldn't care.

It was Steve Gibson (the guy behind the GRC.com) who started the stealthing of firewalls. Shields UP! was the tool. When the Shields UP! was published there were numerous references to Zonealarm and only couple of references to all the other firewalls. It is believed that it was done to market Zonealarm. As people started to request stealth - because of the security stealth created - all the other vendors had to implement the stealth too.

Stealth is nothing more than dropping packets instead of replying something like "go away!". Stealth is meant to hide you from hackers: No reply -> hacker can't know if you are there -> more security. But, closed is equally secure. I should be also noticed that stealthing TCP-ports is not enough. You have to stealth UDP ports too. The problem is that stealth and open look the same.

Also "no reply at all" maybe a indicate of stealthed computer. If there really is no one in scanned IP the reply the last router before the scanned host should reply with "ICMP host unreachable". If the the computer is stealthed the router will not reply. After all the router has to know the presence of stealthed host. If the router wouldn't know, there wouldn't be any connectivity.

But yes, you are right, it should be possible to stealth all ports if you can stealth some. "Half stealth" is complete nonsense.

[stevefoobar]

Jasu, what you are saying makes sense.

This is the response I got back from D-Link technical support when complaining about not being able to stealth ports 0 and 1:

Steve,
I will pass your request to the PM for the product. Thank you for the feedback.

Not too encouraging considering people seem to be complaining about this issue on this and other routers for over 2 years!

I guess I'll never buy a D-Link product again either.  I'm going back to Linksys/Cisco.