trying to stealth port 113

I went to GRC shields up and ran a scan and it said that port 113 was
closed. How do I stealth it? I would like to close these ports that i am not
using. But isnt stealthing better? thanks Justin

RadarG

"RadarG" wrote
in news:CvFBb.16457$Yt4.2290@lakeread05:
> I went to GRC shields up and ran a scan and it said that port 113 was
> closed. How do I stealth it? I would like to close these ports that i
> am not using. But isnt stealthing better? thanks Justin

There is a link to an article on just that exact shortcoming. As I
recall, I ran the test, saw the one port detected, and saw a link there
about that problem.

Short story is: define a virtual server in your router. Your NAT router
has its own DHCP server to allocate dynamically assigned IP addresses
which is how your hosts are configured to use DHCP (some routers let you
assign static IP addresses). There is a range of IP addresses that the
router's DHCP server is allowed from which it will assign IP addresses.
So pick an IP address outside that range that the DHCP server will use.
Then define a route through your router from the WAN-side port 113 to
the IP address for this non-existent host. The ident/AUTH is tried,
goes to port 113 on the router, the router funnels it off to the
LAN-side IP address for the server, the server doesn't exist, and the
request falls into the bit bucket because there's nothing there to
respond. I picked an IP address that was outside what the NAT router's
DHCP server can assign to make sure that this non-existent virtual
server didn't accidently become one of the internal hosts. The NAT
router's DHCP server can never assign that out-of-bounds IP address.


--
__________________________________________________ __________
*** Post replies to newsgroup. E-mail is not accepted. ***
__________________________________________________ __________

*Vanguard*

"*Vanguard*" <no-> wrote in message
newssHBb.496296$Tr4.1350930@attbi_s03...
> "RadarG" wrote
> in news:CvFBb.16457$Yt4.2290@lakeread05:
> > I went to GRC shields up and ran a scan and it said that port 113 was
> > closed. How do I stealth it? I would like to close these ports that i
> > am not using. But isnt stealthing better? thanks Justin
>
> There is a link to an article on just that exact shortcoming. As I
> recall, I ran the test, saw the one port detected, and saw a link there
> about that problem.
>
> Short story is: define a virtual server in your router. Your NAT router
> has its own DHCP server to allocate dynamically assigned IP addresses
> which is how your hosts are configured to use DHCP (some routers let you
> assign static IP addresses). There is a range of IP addresses that the
> router's DHCP server is allowed from which it will assign IP addresses.
> So pick an IP address outside that range that the DHCP server will use.
> Then define a route through your router from the WAN-side port 113 to
> the IP address for this non-existent host. The ident/AUTH is tried,
> goes to port 113 on the router, the router funnels it off to the
> LAN-side IP address for the server, the server doesn't exist, and the
> request falls into the bit bucket because there's nothing there to
> respond. I picked an IP address that was outside what the NAT router's
> DHCP server can assign to make sure that this non-existent virtual
> server didn't accidently become one of the internal hosts. The NAT
> router's DHCP server can never assign that out-of-bounds IP address.
>
>
> --
> __________________________________________________ __________
> *** Post replies to newsgroup. E-mail is not accepted. ***
> __________________________________________________ __________
>
>
> Thanks for the info

RadarG