router security

On Thu, 30 Dec 2004 21:48:06 +0100, Christian Christmann wrote:

> Is it possible to get access to my Debian system
> through the router from outside? If so, how could
> an attack look like?

Try this site. They will scan your box from the outside for you.

https://www.grc.com/x/ne.dll?bh0bkyd2


--

Regards
Robert

Smile... it increases your face value!

Robert

Hi,

I've a DSL router with a firewall. Behind this
router my Linux box is running.

Nmap indicates the following ports:

PORT STATE SERVICE
21/tcp open ftp (this is my forwarded xmule-port)
53/tcp closed domain
113/tcp closed auth
1720/tcp open H.323/Q.931
61441/tcp closed netprowler-sensor
65301/tcp closed pcanywhere

Is it possible to get access to my Debian system
through the router from outside? If so, how could
an attack look like?

Thanks
Chris

Christian Christmann

On Thu, 30 Dec 2004 21:48:06 +0100, Christian Christmann
<> wrote:

>Hi,
>
>I've a DSL router with a firewall. Behind this
>router my Linux box is running.
>
>Nmap indicates the following ports:
>
>PORT STATE SERVICE
>21/tcp open ftp (this is my forwarded xmule-port)
>53/tcp closed domain
>113/tcp closed auth
>1720/tcp open H.323/Q.931
>61441/tcp closed netprowler-sensor
>65301/tcp closed pcanywhere
>
>Is it possible to get access to my Debian system
>through the router from outside? If so, how could
>an attack look like?
>
>Thanks
>Chris
#########################
Am I correct in assuming that the router is behind the DSL modem w/ an
internal IP address and the gateway way for the router is the modem
which has an external IP? If so, then I take it that you ran nmap
from inside the network. If that's the case, try nmap from outside
the network using the modem external IP as the target. In other
words, try to crack your own network.
donnie.

donnie

On Wed, 29 Dec 2004 22:47:32 -0500, Robert <> wrote:

>On Thu, 30 Dec 2004 21:48:06 +0100, Christian Christmann wrote:

>Try this site. They will scan your box from the outside for you.
>
> https://www.grc.com/x/ne.dll?bh0bkyd2


Or this one :

http://scan.sygate.com/


Regards,

Pete.

Pete

On Sat, 01 Jan 2005 02:31:06 -0600, Chuck wrote:

> My impression is that GRC does a simple TCP connect to your ports of interest.
> NMap, as Donnie suggests, will do a more thorough test (I count over a dozen
> different selectable tests, including the TCP Connect). Unfortunately, you have
> to do an NMap scan yourself - I don't know of an NMap scanning website
> equivalent to the GRC NanoProbe.

And there in lies the problem. To check your security you will need to do
it from outside the network you are protecting. In this case you have a
few options:

1. Connect a machine outside the firewall and run NMap (which I agree is a
great program)

2. Find someone you trust and have them scan you.

3. Use a web based scanner. (the easiest to complete)

GRC will check all the known ports for you plus some more.



--

Regards
Robert

Smile... it increases your face value!

Robert

On Wed, 29 Dec 2004 22:47:32 -0500, Robert <> wrote:

>On Thu, 30 Dec 2004 21:48:06 +0100, Christian Christmann wrote:
>
>> Is it possible to get access to my Debian system
>> through the router from outside? If so, how could
>> an attack look like?
>
>Try this site. They will scan your box from the outside for you.
>
> https://www.grc.com/x/ne.dll?bh0bkyd2

Robert,

My impression is that GRC does a simple TCP connect to your ports of interest.
NMap, as Donnie suggests, will do a more thorough test (I count over a dozen
different selectable tests, including the TCP Connect). Unfortunately, you have
to do an NMap scan yourself - I don't know of an NMap scanning website
equivalent to the GRC NanoProbe.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

Chuck

In article <> , Robert wrote:

>And there in lies the problem. To check your security you will need to do
>it from outside the network you are protecting.

Not totally true - but for most users (who don't know how to use the tools
their operating system already provides), you are probably going to get a
more reliable answer doing so.

>In this case you have a few options:
>
>1. Connect a machine outside the firewall and run NMap (which I agree is a
>great program)

Agreed

>2. Find someone you trust and have them scan you.
>
>3. Use a web based scanner. (the easiest to complete)

Though it often helps to turn up the logging while doing so, such that you
see what is being tested. VERY FEW web based scanners (or even nmap in a
default configuration) make a rigorous test of everything.

>GRC will check all the known ports for you plus some more.

Ummmm... oh, are they also testing imaginary ports too?

http://www.iana.org/assignments/protocol-numbers

lists 138 different protocols used over the wire - there are more than
TCP, UDP, ICMP. Of the more common protocols ALONE, TCP and UDP each have
65,536 different ports. ICMP, IGMP, GGP, EGP (and the other routing protocols)
don't use ports. Your provider may or may not support IPv6, which has it's
own bunch of protocols which are less standardized the the current IPv4
versions. Within IPv4 TCP (and UDP),

http://www.iana.org/assignments/port-numbers

identifies common usage of ports. However, these are just compatibility
recommendations. You could run a web server on port 74, and the network
police are not going to come and arrest you - it's just that not many
people will know to look there, so not many people will visit your site.
Also remember that no virus or trojan writer has bothered to register the
ports they are using at IANA, so the list doesn't include them.

Old guy

Moe Trin

Greetings, all!

I use a security service from NetChecker. They use NMap, SARA, and a bunch
of other scanning tools to get a more complete picture than just NMap alone.

Check them (us) out at www.netchecker.net for more info.

-Michael

"Robert" <> wrote in message
news e...
> On Sat, 01 Jan 2005 02:31:06 -0600, Chuck wrote:
>
> > My impression is that GRC does a simple TCP connect to your ports of
interest.
> > NMap, as Donnie suggests, will do a more thorough test (I count over a
dozen
> > different selectable tests, including the TCP Connect). Unfortunately,
you have
> > to do an NMap scan yourself - I don't know of an NMap scanning website
> > equivalent to the GRC NanoProbe.
>
> And there in lies the problem. To check your security you will need to do
> it from outside the network you are protecting. In this case you have a
> few options:
>
> 1. Connect a machine outside the firewall and run NMap (which I agree is a
> great program)
>
> 2. Find someone you trust and have them scan you.
>
> 3. Use a web based scanner. (the easiest to complete)
>
> GRC will check all the known ports for you plus some more.
>
>
>
> --
>
> Regards
> Robert
>
> Smile... it increases your face value!
>
>

Michael