Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[claykin]

Lycan

I am not trying to start a war here, however your statement about the DIR-825 B1 only being a NAT device are incorrect.  If you look in the router config screen ADVANCED > FIREWALL SETTINGS you will see an option for SPI firewall.

Furthermore, the fact that the B1 stealths other ports, aside from 0 and 1 indicates the DLink engineers made an attempt to follow good security practices.  I don't think anyone will argue the point that nearly all NAT/SPI products will stealth ports if the firewall is properly enabled and no ports intentionally left open.

Rather than argue the point why doesn't DLink follow what is normal course of action for similar type products?

And, finally, the Linksys WRT400 and the Netgear WNDR3700 both use the same Atheros design (7161 and 9002x series chipset).  Both of those products stealth ports 0 and 1.  So, this really has nothing at all to do with Ubicom and the their design, rather it has every bit to do with an error in coding the firmware for the B1.

Do us all a favor and stealth the ports!

[Lycan]

Claykin,
Simply becuase a device calls SPI a firewall doesn't mean it is. It's still a NAT device and the addition of SPI is there to increase the level of security. That doesn't make it a true firewall, it's still a NAt router.

As for the other vendors and their implementation of Atheros' code, I can't comment. However calling the non-stealthed port a security issue is inciting panic where none is needed.

Claiming that a router that reports stealthed ports is more secure then one that claims closed ports is the same as statign that someone that is running their wireless network with SSID broadcast off is more secure then someone who has it on.

Please stop calling it a security hole and call it what it really is, a feature request. That being said I've tested this and have forwarded the request based on current deployment of other D-Link routers.

Take a look here.
http://www.dslreports.com/forum/remark,3490473

[nickCR]

Hey Guys,

I've been watching the other threads. Let me comment from an outsiders point of view.

I can understand how DLink consumers may feel that after paying more than most routers they expect to get what everyone else has and more. Not only that but once we consumers read something on the net we sometimes get all caught up on it hence thinking stealth ports are a huge issue.

From DLinks point of view (Lycan) I can understand your reply. Techs / Engineers are usually a little bit crude in their replies. Sometimes this comes off as rude but in fact it's just them replying to the problem with facts and technical reasoning. The reason for this is usually because they understand things inside and out.

I think Lycan providing the link to the article was a good move on your part. Being a support manager for a very long time I may suggest that you take into consideration what I just wrote above and possibly be more specific about your reasons in future the first time to avoid any unwanted mis-understandings.

I believe it's quite obvious that the DIR-825 is a machine that really has quite a few problems on it. I have had mine for a couple months now and I would have returned it already if I didn't live in Costa Rica and had bought it in Canada.

I went through everything from internet drops to what seems incompatibility with my xbox 360 and a wrt54g (v2) with DD-WRT in "Client Bridge" mode.

Lycan I really think you guys need to get someone to spend some quality time with us on the forum specifically about this router. It needs a lot of attention. I have had tons of routers in my life and this is the first one every to give me greif.

Remember Lycan we don't buy DLink machines thinking that we will have to fiddle with it, then come to the forums and finally find out that it doesn't do what we wanted or it doesn't do it right or whatever. We would have bought a Linksys for that

Regards,

Nick

[Lycan]

Nick,
We are aware of the current "flaws" with the 825 and the other routers. The issue thats being addressed is the incorrect labeling and possible panic thats caused by posting the words "security flaw/hole/whatever"

I have no problem making the feature request and have stated as much. In fact I even edited my original post for those that felt I was being harsh or insensitive, but I can not continue to allow people that are misinformed about the situation to cry wolf as doing so would be irresponsible on my part.

We are aware of the port issue. We do not see it as a security hole but as a inconsistency in our products as a whole and will be addressed as such.

I appreciate your outside point of view and will take it in to consideration for future postings.

Thank you

-Lycan.

[claykin]

Lycan

Thanks for responding so quickly.

That thread on DSLREPORTS is over 7 years old.  Lots has changed since June, 2002 including the way firewalls are implemented.  If you recall, back in 2002 even Microsoft didn't think Windows XP needed a firewall.  Were they right?

Comparing SSID broadcast to port stealthing is not a valid analogy.  No matter whether SSID broadcast is on or off, the router reports its alive.  Broadcast off just means that its name is not advertised (unless you run one of many tools available that reveal SSID's).

When a port reports as closed, the scanner on the other end knows that something exists on that IP.  Now, it gives them reason to go further to try to make a connection.  When ports report as stealth, the other end receives no reply and assumes nothing is there.

Thank you for submitting this as a request.  Any idea when we should expect to see a new firmware revision to address some of the known issues of this router?

P.S. Lycan did you notice I modified the thread title?

[cc999]

Claykin,

   Your one paragraph says it all in a nutshell:

"When a port reports as closed, the scanner on the other end knows that something exists on that IP.  Now, it gives them reason to go further to try to make a connection.  When ports report as stealth, the other end receives no reply and assumes nothing is there."

   Thats my concern. And as Lycan has already acknowledged all the other Dlink routers have
stealth results so lets be consistent in the product line. Quoting a 7 year old thread does not help in explaining anything. This is 2009 and times are different.

Charlie C

[lizzi555]

That thread on DSLREPORTS is over 7 years old.  Lots has changed since June, 2002 including the way firewalls are implemented.

It is still valid, a stealthed port means no answer at all and this is obviously a hint for the attacker.
He knows there is a filtered port.
A closed port returns its state and the attacker knows - no chance on that port.

Do yourself a favour and read some lines more in this thread on DSLREPORTS
7 years old is not the same as wrong 

I would call this a cosmetic issue - not security relevant.
Thats why I'm looking forward to my 825. Hope it arrives this week.

[cc999]

lizzi with all due respect your statement makes no sense. Stealth means that the attacher does NOT even know there is an IP present. Closed means he DOES know. Period.

Charlie

[Lycan]

Charlie,
A stealth-ed port is also more susceptible to DOS attacks. Also guys just cause it's seven years old doesn't change the functionality of stealth-ed  and non-stealthed ports. The fact is it's NOT a security hole, no matter HOW much you want it to be.

If you guys are looking to improve your security you could disable the "Always on" function of your router. That way NOTHING will come in until the modem has been activated by traffic leaving the LAN.

All said and done the end result is we will fix it, however I will not allow you to continue to post it as security hole/breach/flaw. If you do, I will be forced to BAN you and I don't want to do that. Consider yourselves warned.

-Lycan.