d-link dsl-504 + kerio firewall question

Discussion in 'Computer Security' started by rello, Oct 28, 2004.

  1. rello

    rello Guest

    set up a 2 pc network with the above 4 port modem and found that my
    usual firewall, kerio showed holes everywhere when i ran a port scan
    from grc.com ....some ports were stealthed but many showed closed with
    a few open...i usually find the kerio default ruleset is fine for
    bigpond, optus broadband and any dialup account....any body got an
    idea why this is so???
    thanks
    relloman
    relloman
     
    rello, Oct 28, 2004
    #1
    1. Advertising

  2. rello

    SteveB Guest

    The problems can be on the PC you're not using as the incoming probes can't
    tell the difference between the 2. I get this with my DSL-500 plus switch
    feeding 3 PC's. My PC is watertight and stealthed when it's the only one
    switched on, but turn on a less well protected occasional usage laptop and
    probe the system from my PC using grc.com and I get some ports only closed
    not stealthed.


    "rello" <> wrote in message
    news:4180e768.9514901@news-server...
    > set up a 2 pc network with the above 4 port modem and found that my
    > usual firewall, kerio showed holes everywhere when i ran a port scan
    > from grc.com ....some ports were stealthed but many showed closed with
    > a few open...i usually find the kerio default ruleset is fine for
    > bigpond, optus broadband and any dialup account....any body got an
    > idea why this is so???
    > thanks
    > relloman
    > relloman
     
    SteveB, Oct 28, 2004
    #2
    1. Advertising

  3. rello

    rello Guest

    both have kerio loaded.....
    the default filtering on the dsl-504 is supposed to block by default
    unauthorised access...obviously not working.....i am not permitted to
    mess with the router admin and am supposed to secure the machines
    individually using software firewalls [kerio]

    kerio usually generates a connection alert for every connect attempt
    from grc which, if denied, shows stealth on all ports.....in this case
    kerio doesnt generate any connection alerts....

    i might try adding a final rule in kerio ruleset blocking all
    protocols in and see if that makes the difference for port scans.....
    thanks for your interest and any further comments

    On Thu, 28 Oct 2004 18:39:20 +0100, "SteveB"
    <sbrads@nildramDOTcoDOTuk> wrote:

    >The problems can be on the PC you're not using as the incoming probes can't
    >tell the difference between the 2. I get this with my DSL-500 plus switch
    >feeding 3 PC's. My PC is watertight and stealthed when it's the only one
    >switched on, but turn on a less well protected occasional usage laptop and
    >probe the system from my PC using grc.com and I get some ports only closed
    >not stealthed.
    >
    >
    >"rello" <> wrote in message
    >news:4180e768.9514901@news-server...
    >> set up a 2 pc network with the above 4 port modem and found that my
    >> usual firewall, kerio showed holes everywhere when i ran a port scan
    >> from grc.com ....some ports were stealthed but many showed closed with
    >> a few open...i usually find the kerio default ruleset is fine for
    >> bigpond, optus broadband and any dialup account....any body got an
    >> idea why this is so???
    >> thanks
    >> relloman
    >> relloman

    >


    relloman
     
    rello, Oct 28, 2004
    #3
  4. rello

    RW Guest

    On Thu, 28 Oct 2004 22:26:55 +0000, rello wrote:

    > both have kerio loaded.....
    > the default filtering on the dsl-504 is supposed to block by default
    > unauthorised access...obviously not working.....i am not permitted to mess
    > with the router admin and am supposed to secure the machines individually
    > using software firewalls [kerio]


    I have a d-link dsl-504t, which should be similar (I think it's a
    UK or European variant). IIRC the Firewall was on by default, and GRC
    showed all the ports as stealthed. However if someone has turned off the
    firewall and then saved the configuration, it becomes the power-on default
    until it's changed back, or a factory reset is applied.

    If that is the case then you should be worried because the whole world has
    access to telnet and the http interface on the router. I tried this myself
    and was able to login as root to the embedded linux via a remote
    unix server. The router was set deny access, but without the firewall
    that setting wasn't effective.
     
    RW, Nov 4, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. norm

    Is D-Link DSL-604T same as D-Link DSL-604+ ?

    norm, Nov 16, 2005, in forum: Wireless Networking
    Replies:
    6
    Views:
    3,200
  2. deemac

    Kerio Personal Firewall

    deemac, Jun 30, 2003, in forum: Computer Support
    Replies:
    9
    Views:
    730
    Blinky the Shark
    Jul 2, 2003
  3. rello

    D-link dsl-504 cant block ports

    rello, Jun 17, 2004, in forum: Computer Security
    Replies:
    5
    Views:
    679
    rello
    Jun 17, 2004
  4. Evan Platt

    Kerio Firewall question

    Evan Platt, Jan 13, 2006, in forum: Computer Support
    Replies:
    3
    Views:
    428
    Evan Platt
    Jan 14, 2006
  5. anthonyberet

    How to get to the console on a D-link 504 ADSL router?

    anthonyberet, Jan 29, 2006, in forum: Computer Support
    Replies:
    17
    Views:
    3,838
    Liza Smorgaborgsson
    Jan 30, 2006
Loading...

Share This Page