How to block open ports on a router.....

Discussion in 'Computer Support' started by Boaby, Aug 6, 2009.

  1. Boaby

    Boaby Guest

    Hello folks,

    I have a D-Link DIR 655 wireless router with the latest available
    firmware from D-Link. Recently I have done a port scan on my router
    which displayed the following results:

    PORT STATE SERVICE
    80/tcp open http
    4444/tcp open krb524
    8099/tcp open unknown
    20005/tcp open btx

    Anyone has any ideas on how to closed open ports on a D-Link DIR 655?

    Thanks,
    Boaby
    Boaby, Aug 6, 2009
    #1
    1. Advertising

  2. Boaby

    Boaby Guest

    On 2009-08-06 16:22:49 +0100, Boaby <> said:

    > Hello folks,
    >
    > I have a D-Link DIR 655 wireless router with the latest available
    > firmware from D-Link. Recently I have done a port scan on my router
    > which displayed the following results:
    >
    > PORT STATE SERVICE
    > 80/tcp open http
    > 4444/tcp open krb524
    > 8099/tcp open unknown
    > 20005/tcp open btx
    >
    > Anyone has any ideas on how to closed open ports on a D-Link DIR 655?
    >
    > Thanks,
    > Boaby


    Wow, did not realize this newsgroup is swamped with advert postings....
    Boaby, Aug 6, 2009
    #2
    1. Advertising

  3. Boaby

    Mara Guest

    On Thu, 6 Aug 2009 16:35:55 +0100, Boaby <> wrote:

    >On 2009-08-06 16:22:49 +0100, Boaby <> said:
    >
    >> Hello folks,
    >>
    >> I have a D-Link DIR 655 wireless router with the latest available
    >> firmware from D-Link. Recently I have done a port scan on my router
    >> which displayed the following results:
    >>
    >> PORT STATE SERVICE
    >> 80/tcp open http
    >> 4444/tcp open krb524
    >> 8099/tcp open unknown
    >> 20005/tcp open btx
    >>
    >> Anyone has any ideas on how to closed open ports on a D-Link DIR 655?
    >>
    >> Thanks,
    >> Boaby

    >
    >Wow, did not realize this newsgroup is swamped with advert postings....


    Where? I don't see them. That's what a good newsfeed does. :)

    --
    Why can't people set their clocks, reply to the correct poster, test in
    a test group, write a coherent question, or keep a question to one thread?
    Some people are so far from hitting the nail, it doesn't matter if they
    have a hammer or a banana. --trout, 24hshd, c.2002
    Mara, Aug 6, 2009
    #3
  4. Boaby

    Aardvark Guest

    On Thu, 06 Aug 2009 16:35:55 +0100, Boaby wrote:

    > Wow, did not realize this newsgroup is swamped with advert postings....


    Funny, I can't see any.
    Aardvark, Aug 6, 2009
    #4
  5. Boaby

    Boaby Guest

    On 2009-08-06 17:04:42 +0100, "floffy2" <> said:

    >
    > Boaby;3941 Wrote:
    >> Hello folks,
    >>
    >> I have a D-Link DIR 655 wireless router with the latest available
    >> firmware from D-Link. Recently I have done a port scan on my router
    >> which displayed the following results:
    >>
    >> PORT STATE SERVICE
    >> 80/tcp open http
    >> 4444/tcp open krb524
    >> 8099/tcp open unknown
    >> 20005/tcp open btx
    >>
    >> Anyone has any ideas on how to closed open ports on a D-Link DIR 655?
    >>
    >> Thanks,
    >> Boaby

    >
    > port 80 = Webpage , Do you have a web page server ??
    > port 4444 = use for IPV6 <-- this is ok
    > The 2 other i do not known
    > go to http://192.168.0.1 or http://192.168.1.1 depend the router
    > router ask login / password , one of them normaly is : admin
    > after in goto firewal-> port forward and check of the port below are
    > list
    > un list them et voila !


    Thanks for the suggestion, Floffy2. I can confirm that I have port
    forwarding on my router but it does show any ports are set to open?
    There does not seem to be an ability to close ports on a D-Link DIR 655
    router? I am truly mystified by this?

    Boaby
    Boaby, Aug 6, 2009
    #5
  6. Boaby

    why? Guest

    On Thu, 6 Aug 2009 12:04:42 -0400, floffy2 wrote:

    >
    >Boaby;3941 Wrote:
    >> Hello folks,
    >>
    >> I have a D-Link DIR 655 wireless router with the latest available
    >> firmware from D-Link. Recently I have done a port scan on my router
    >> which displayed the following results:
    >>
    >> PORT STATE SERVICE
    >> 80/tcp open http
    >> 4444/tcp open krb524
    >> 8099/tcp open unknown
    >> 20005/tcp open btx
    >>
    >> Anyone has any ideas on how to closed open ports on a D-Link DIR 655?
    >>
    >> Thanks,
    >> Boaby

    >
    >port 80 = Webpage , Do you have a web page server ??
    >port 4444 = use for IPV6 <-- this is ok


    4444 is already confusingly used twice Kerberos v5 to v4 service / NV
    Video.

    Of course it's likely to be used in IPv6, OP didn't say anything about
    IPv6.

    If it's an exploit and user isn't using krb524 then it's 50/50 it's okay
    or not. Other checks would have to be made.

    >The 2 other i do not known


    Then you don't know about this maybe?
    http://www.iana.org/assignments/port-numbers
    although many ports above 1024 are used by anything.

    # 8089-8096 Unassigned

    openwebnet 20005/tcp OpenWebNet protocol for electric network
    openwebnet 20005/udp OpenWebNet protocol for electric network


    >go to http://192.168.0.1 or http://192.168.1.1 depend the router
    >router ask login / password , one of them normaly is : admin
    >after in goto firewal-> port forward and check of the port below are
    >list


    Depends if user means shutting down the router web / admin or the
    through router access to PC ports. OP said they did a port scan on the
    router, didn't say if that's what they really meant / understood the
    test to be for.

    'port forward and check of the port below are list' , means what?

    >un list them et voila !


    More likely it's enable / disable.

    Me
    why?, Aug 6, 2009
    #6
  7. In message <>, why? wrote:
    >
    > On Thu, 6 Aug 2009 12:04:42 -0400, floffy2 wrote:
    >
    > >
    > >Boaby;3941 Wrote:
    > >> Hello folks,
    > >>
    > >> I have a D-Link DIR 655 wireless router with the latest available
    > >> firmware from D-Link. Recently I have done a port scan on my router
    > >> which displayed the following results:
    > >>
    > >> PORT STATE SERVICE
    > >> 80/tcp open http
    > >> 4444/tcp open krb524
    > >> 8099/tcp open unknown
    > >> 20005/tcp open btx
    > >>
    > >> Anyone has any ideas on how to closed open ports on a D-Link DIR 655?
    > >>
    > >> Thanks,
    > >> Boaby

    > >
    > >port 80 = Webpage , Do you have a web page server ??
    > >port 4444 = use for IPV6 <-- this is ok

    >
    > 4444 is already confusingly used twice Kerberos v5 to v4 service / NV
    > Video.
    >
    > Of course it's likely to be used in IPv6, OP didn't say anything about
    > IPv6.
    >
    > If it's an exploit and user isn't using krb524 then it's 50/50 it's okay
    > or not. Other checks would have to be made.
    >
    > >The 2 other i do not known

    >
    > Then you don't know about this maybe?
    > http://www.iana.org/assignments/port-numbers
    > although many ports above 1024 are used by anything.
    >
    > # 8089-8096 Unassigned
    >
    > openwebnet 20005/tcp OpenWebNet protocol for electric network
    > openwebnet 20005/udp OpenWebNet protocol for electric network
    >
    >
    > >go to http://192.168.0.1 or http://192.168.1.1 depend the router
    > >router ask login / password , one of them normaly is : admin
    > >after in goto firewal-> port forward and check of the port below are
    > >list

    >
    > Depends if user means shutting down the router web / admin or the
    > through router access to PC ports. OP said they did a port scan on the
    > router, didn't say if that's what they really meant / understood the
    > test to be for.
    >
    > 'port forward and check of the port below are list' , means what?
    >
    > >un list them et voila !

    >
    > More likely it's enable / disable.
    >
    > Me


    Often its way easier than making port by port decisions.
    Under the routers firewall tab should be some choices like "high" "medium"
    "low" and "none".

    The suggestion to go to the SheildsUp! website is always good.


    --
    Proof of Americas 3rd world status:
    http://www.ramusa.org/
    "I believe there are more instances of the abridgement of freedom of the people
    by gradual and silent encroachments by those in power than by violent and
    sudden usurpations.... The means of defense against foreign danger historically
    have become the instruments of tyranny at home."
    -James Madison
    §ñühw¤£f, Aug 6, 2009
    #7
  8. Boaby

    NormanM Guest

    On Thu, 6 Aug 2009 16:22:49 +0100, Boaby wrote:

    > Hello folks,
    >
    > I have a D-Link DIR 655 wireless router with the latest available
    > firmware from D-Link. Recently I have done a port scan on my router
    > which displayed the following results:
    >
    > PORT STATE SERVICE
    > 80/tcp open http
    > 4444/tcp open krb524
    > 8099/tcp open unknown
    > 20005/tcp open btx
    >
    > Anyone has any ideas on how to closed open ports on a D-Link DIR 655?


    Can't be done, considering that the DIR-655 doesn't open any ports without
    user intervention.

    Have you done a 'netstat' scan from inside of your LAN?

    My scan results against my DIR-655, from the outside:

    | ----------------------------------------------------------------------
    |
    | GRC Port Authority Report created on UTC: 2009-08-07 at 03:32:02
    |
    | Results from scan of ports: 80, 4444, 8099, 20005
    |
    | 1 Ports Open
    | 0 Ports Closed
    | 3 Ports Stealth
    | ---------------------
    | 4 Ports Tested
    |
    | NO PORTS were found to be CLOSED.
    |
    | The port found to be OPEN was: 80
    |
    | Other than what is listed above, all ports are STEALTH.
    |
    | TruStealth: FAILED - NOT all tested ports were STEALTH,
    | - NO unsolicited packets were received,
    | - A PING REPLY (ICMP Echo) WAS RECEIVED.
    |
    | ----------------------------------------------------------------------

    My 'netstat' scan, in part:

    | C:\utils\ns_bench>netstat -aon
    |
    | Active Connections
    |
    | Proto Local Address Foreign Address State PID
    | TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 524

    Ports 4444, 8099, and 200005 do not show up as either "listening"
    ('netstat'), or "open" (GRC ShieldsUP!).

    Port 80 is both because I am running Apache, and set up a port 80 pinhole in
    my router.

    I have no clue how Blueyonder configures their customers. There is always
    the possibility that they have some kind of proxy between your CPE and the
    Internet; in which case, you are scanning their equipment, not yours.

    --
    Norman
    ~Oh Lord, why have you come
    ~To Konnyu, with the Lion and the Drum
    NormanM, Aug 7, 2009
    #8
  9. Boaby

    Boaby Guest

    On 2009-08-07 04:38:42 +0100, NormanM <> said:

    > On Thu, 6 Aug 2009 16:22:49 +0100, Boaby wrote:
    >
    >> Hello folks,
    >>
    >> I have a D-Link DIR 655 wireless router with the latest available
    >> firmware from D-Link. Recently I have done a port scan on my router
    >> which displayed the following results:
    >>
    >> PORT STATE SERVICE
    >> 80/tcp open http
    >> 4444/tcp open krb524
    >> 8099/tcp open unknown
    >> 20005/tcp open btx
    >>
    >> Anyone has any ideas on how to closed open ports on a D-Link DIR 655?

    >
    > Can't be done, considering that the DIR-655 doesn't open any ports without
    > user intervention.
    >
    > Have you done a 'netstat' scan from inside of your LAN?
    >
    > My scan results against my DIR-655, from the outside:
    >
    > | ----------------------------------------------------------------------
    > |
    > | GRC Port Authority Report created on UTC: 2009-08-07 at 03:32:02
    > |
    > | Results from scan of ports: 80, 4444, 8099, 20005
    > |
    > | 1 Ports Open
    > | 0 Ports Closed
    > | 3 Ports Stealth
    > | ---------------------
    > | 4 Ports Tested
    > |
    > | NO PORTS were found to be CLOSED.
    > |
    > | The port found to be OPEN was: 80
    > |
    > | Other than what is listed above, all ports are STEALTH.
    > |
    > | TruStealth: FAILED - NOT all tested ports were STEALTH,
    > | - NO unsolicited packets were received,
    > | - A PING REPLY (ICMP Echo) WAS RECEIVED.
    > |
    > | ----------------------------------------------------------------------
    >
    > My 'netstat' scan, in part:
    >
    > | C:\utils\ns_bench>netstat -aon
    > |
    > | Active Connections
    > |
    > | Proto Local Address Foreign Address State PID
    > | TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 524
    >
    > Ports 4444, 8099, and 200005 do not show up as either "listening"
    > ('netstat'), or "open" (GRC ShieldsUP!).
    >
    > Port 80 is both because I am running Apache, and set up a port 80 pinhole in
    > my router.
    >
    > I have no clue how Blueyonder configures their customers. There is always
    > the possibility that they have some kind of proxy between your CPE and the
    > Internet; in which case, you are scanning their equipment, not yours.


    Just want to thank everyone with their responses so far. I have tried
    the shields up website to test my router's port detection. Shields up
    gave a resounding score of 100% success of no open ports.

    The site explains this:


    Your system has achieved a perfect "TruStealth" rating. Not a single
    packet — solicited or otherwise — was received from your system as a
    result of our security probing tests. Your system ignored and refused
    to reply to repeated Pings (ICMP Echo Requests). From the standpoint of
    the passing probes of any hacker, this machine does not exist on the
    Internet. Some questionable personal security systems expose their
    users by attempting to "counter-probe the prober", thus revealing
    themselves. But your system wisely remained silent in every way. Very
    nice.

    So is that a good thing?

    Once again thanks for the advice and links.

    Boaby
    Boaby, Aug 7, 2009
    #9
  10. Boaby

    why? Guest

    On Thu, 06 Aug 2009 15:17:55 -0600, §ñühw¤£f wrote:

    >In message <>, why? wrote:
    >>
    >> On Thu, 6 Aug 2009 12:04:42 -0400, floffy2 wrote:
    >>
    >> >
    >> >Boaby;3941 Wrote:
    >> >> Hello folks,
    >> >>
    >> >> I have a D-Link DIR 655 wireless router with the latest available
    >> >> firmware from D-Link. Recently I have done a port scan on my router
    >> >> which displayed the following results:
    >> >>
    >> >> PORT STATE SERVICE
    >> >> 80/tcp open http
    >> >> 4444/tcp open krb524
    >> >> 8099/tcp open unknown
    >> >> 20005/tcp open btx


    <snip>

    >> >> Boaby
    >> >
    >> >port 80 = Webpage , Do you have a web page server ??
    >> >port 4444 = use for IPV6 <-- this is ok

    >>
    >> 4444 is already confusingly used twice Kerberos v5 to v4 service / NV
    >> Video.
    >>
    >> Of course it's likely to be used in IPv6, OP didn't say anything about
    >> IPv6.
    >>
    >> If it's an exploit and user isn't using krb524 then it's 50/50 it's okay
    >> or not. Other checks would have to be made.


    <snip>

    >> 'port forward and check of the port below are list' , means what?
    >>
    >> >un list them et voila !

    >>
    >> More likely it's enable / disable.
    >>
    >> Me

    >
    >Often its way easier than making port by port decisions.
    >Under the routers firewall tab should be some choices like "high" "medium"
    >"low" and "none".


    That as well, although I prefer the port/application rule at a time. I
    go by what's logged as blocked and add a rule as required.

    >The suggestion to go to the SheildsUp! website is always good.


    That and 1 or 2 others at the same time to make sure.

    Me
    why?, Aug 8, 2009
    #10
  11. Boaby

    why? Guest

    On Fri, 7 Aug 2009 15:10:54 +0100, in 24hoursupport.helpdesk you wrote:

    >On 2009-08-07 04:38:42 +0100, NormanM <> said:
    >
    >> On Thu, 6 Aug 2009 16:22:49 +0100, Boaby wrote:
    >>
    >>> Hello folks,
    >>>
    >>> I have a D-Link DIR 655 wireless router with the latest available
    >>> firmware from D-Link. Recently I have done a port scan on my router
    >>> which displayed the following results:
    >>>
    >>> PORT STATE SERVICE
    >>> 80/tcp open http
    >>> 4444/tcp open krb524
    >>> 8099/tcp open unknown
    >>> 20005/tcp open btx


    <snip>

    >Just want to thank everyone with their responses so far. I have tried
    >the shields up website to test my router's port detection. Shields up
    >gave a resounding score of 100% success of no open ports.


    BY/VM say they don't block ports except the NetBIOS filesharing ports.
    Check old posts / ask in the ng - virginmedia.users.self-help.security

    >The site explains this:
    >
    >
    >Your system has achieved a perfect "TruStealth" rating. Not a single
    >packet — solicited or otherwise — was received from your system as a
    >result of our security probing tests. Your system ignored and refused
    >to reply to repeated Pings (ICMP Echo Requests). From the standpoint of
    >the passing probes of any hacker, this machine does not exist on the
    >Internet. Some questionable personal security systems expose their
    >users by attempting to "counter-probe the prober", thus revealing
    >themselves. But your system wisely remained silent in every way. Very
    >nice.
    >
    >So is that a good thing?


    Depends on your point of view. The strict? intrepretaion of the RFCs
    http://en.wikipedia.org/wiki/Request_for_Comments
    says certain traffic should be allowed. Setting stealth on
    router/firewall breaks the basic operation.

    You can google for the above ( using port stealth rfc blocking) and see
    the various points of view for yourself.

    >Once again thanks for the advice and links.
    >
    >Boaby


    Me
    why?, Aug 8, 2009
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter
    Replies:
    8
    Views:
    7,838
    Lars M. Hansen
    Dec 15, 2003
  2. Alexis Crawford
    Replies:
    1
    Views:
    3,941
    Walter Roberson
    Apr 2, 2004
  3. Aunt Agatha

    does build-in firewall in router leaves ports open?

    Aunt Agatha, Feb 7, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    2,133
    Boomer
    Feb 7, 2004
  4. DoKriss

    How to block open ports in Windows XP?

    DoKriss, Jul 2, 2003, in forum: Computer Security
    Replies:
    1
    Views:
    22,939
    Frode
    Jul 2, 2003
  5. Vincent Delporte
    Replies:
    0
    Views:
    575
    Vincent Delporte
    Dec 8, 2006
Loading...

Share This Page