router security

Discussion in 'Computer Security' started by Robert, Dec 30, 2004.

  1. Robert

    Robert Guest

    On Thu, 30 Dec 2004 21:48:06 +0100, Christian Christmann wrote:

    > Is it possible to get access to my Debian system
    > through the router from outside? If so, how could
    > an attack look like?


    Try this site. They will scan your box from the outside for you.

    https://www.grc.com/x/ne.dll?bh0bkyd2


    --

    Regards
    Robert

    Smile... it increases your face value!
     
    Robert, Dec 30, 2004
    #1
    1. Advertising

  2. Hi,

    I've a DSL router with a firewall. Behind this
    router my Linux box is running.

    Nmap indicates the following ports:

    PORT STATE SERVICE
    21/tcp open ftp (this is my forwarded xmule-port)
    53/tcp closed domain
    113/tcp closed auth
    1720/tcp open H.323/Q.931
    61441/tcp closed netprowler-sensor
    65301/tcp closed pcanywhere

    Is it possible to get access to my Debian system
    through the router from outside? If so, how could
    an attack look like?

    Thanks
    Chris
     
    Christian Christmann, Dec 30, 2004
    #2
    1. Advertising

  3. Robert

    donnie Guest

    On Thu, 30 Dec 2004 21:48:06 +0100, Christian Christmann
    <> wrote:

    >Hi,
    >
    >I've a DSL router with a firewall. Behind this
    >router my Linux box is running.
    >
    >Nmap indicates the following ports:
    >
    >PORT STATE SERVICE
    >21/tcp open ftp (this is my forwarded xmule-port)
    >53/tcp closed domain
    >113/tcp closed auth
    >1720/tcp open H.323/Q.931
    >61441/tcp closed netprowler-sensor
    >65301/tcp closed pcanywhere
    >
    >Is it possible to get access to my Debian system
    >through the router from outside? If so, how could
    >an attack look like?
    >
    >Thanks
    >Chris

    #########################
    Am I correct in assuming that the router is behind the DSL modem w/ an
    internal IP address and the gateway way for the router is the modem
    which has an external IP? If so, then I take it that you ran nmap
    from inside the network. If that's the case, try nmap from outside
    the network using the modem external IP as the target. In other
    words, try to crack your own network.
    donnie.
     
    donnie, Dec 31, 2004
    #3
  4. Robert

    Pete Guest

    Pete, Dec 31, 2004
    #4
  5. Robert

    Robert Guest

    On Sat, 01 Jan 2005 02:31:06 -0600, Chuck wrote:

    > My impression is that GRC does a simple TCP connect to your ports of interest.
    > NMap, as Donnie suggests, will do a more thorough test (I count over a dozen
    > different selectable tests, including the TCP Connect). Unfortunately, you have
    > to do an NMap scan yourself - I don't know of an NMap scanning website
    > equivalent to the GRC NanoProbe.


    And there in lies the problem. To check your security you will need to do
    it from outside the network you are protecting. In this case you have a
    few options:

    1. Connect a machine outside the firewall and run NMap (which I agree is a
    great program)

    2. Find someone you trust and have them scan you.

    3. Use a web based scanner. (the easiest to complete)

    GRC will check all the known ports for you plus some more.



    --

    Regards
    Robert

    Smile... it increases your face value!
     
    Robert, Dec 31, 2004
    #5
  6. Robert

    Chuck Guest

    On Wed, 29 Dec 2004 22:47:32 -0500, Robert <> wrote:

    >On Thu, 30 Dec 2004 21:48:06 +0100, Christian Christmann wrote:
    >
    >> Is it possible to get access to my Debian system
    >> through the router from outside? If so, how could
    >> an attack look like?

    >
    >Try this site. They will scan your box from the outside for you.
    >
    > https://www.grc.com/x/ne.dll?bh0bkyd2


    Robert,

    My impression is that GRC does a simple TCP connect to your ports of interest.
    NMap, as Donnie suggests, will do a more thorough test (I count over a dozen
    different selectable tests, including the TCP Connect). Unfortunately, you have
    to do an NMap scan yourself - I don't know of an NMap scanning website
    equivalent to the GRC NanoProbe.

    --
    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
     
    Chuck, Jan 1, 2005
    #6
  7. Robert

    Moe Trin Guest

    In article <>, Robert wrote:

    >And there in lies the problem. To check your security you will need to do
    >it from outside the network you are protecting.


    Not totally true - but for most users (who don't know how to use the tools
    their operating system already provides), you are probably going to get a
    more reliable answer doing so.

    >In this case you have a few options:
    >
    >1. Connect a machine outside the firewall and run NMap (which I agree is a
    >great program)


    Agreed

    >2. Find someone you trust and have them scan you.
    >
    >3. Use a web based scanner. (the easiest to complete)


    Though it often helps to turn up the logging while doing so, such that you
    see what is being tested. VERY FEW web based scanners (or even nmap in a
    default configuration) make a rigorous test of everything.

    >GRC will check all the known ports for you plus some more.


    Ummmm... oh, are they also testing imaginary ports too?

    http://www.iana.org/assignments/protocol-numbers

    lists 138 different protocols used over the wire - there are more than
    TCP, UDP, ICMP. Of the more common protocols ALONE, TCP and UDP each have
    65,536 different ports. ICMP, IGMP, GGP, EGP (and the other routing protocols)
    don't use ports. Your provider may or may not support IPv6, which has it's
    own bunch of protocols which are less standardized the the current IPv4
    versions. Within IPv4 TCP (and UDP),

    http://www.iana.org/assignments/port-numbers

    identifies common usage of ports. However, these are just compatibility
    recommendations. You could run a web server on port 74, and the network
    police are not going to come and arrest you - it's just that not many
    people will know to look there, so not many people will visit your site.
    Also remember that no virus or trojan writer has bothered to register the
    ports they are using at IANA, so the list doesn't include them.

    Old guy
     
    Moe Trin, Jan 3, 2005
    #7
  8. Robert

    Michael Guest

    Greetings, all!

    I use a security service from NetChecker. They use NMap, SARA, and a bunch
    of other scanning tools to get a more complete picture than just NMap alone.

    Check them (us) out at www.netchecker.net for more info.

    -Michael

    "Robert" <> wrote in message
    news:p...
    > On Sat, 01 Jan 2005 02:31:06 -0600, Chuck wrote:
    >
    > > My impression is that GRC does a simple TCP connect to your ports of

    interest.
    > > NMap, as Donnie suggests, will do a more thorough test (I count over a

    dozen
    > > different selectable tests, including the TCP Connect). Unfortunately,

    you have
    > > to do an NMap scan yourself - I don't know of an NMap scanning website
    > > equivalent to the GRC NanoProbe.

    >
    > And there in lies the problem. To check your security you will need to do
    > it from outside the network you are protecting. In this case you have a
    > few options:
    >
    > 1. Connect a machine outside the firewall and run NMap (which I agree is a
    > great program)
    >
    > 2. Find someone you trust and have them scan you.
    >
    > 3. Use a web based scanner. (the easiest to complete)
    >
    > GRC will check all the known ports for you plus some more.
    >
    >
    >
    > --
    >
    > Regards
    > Robert
    >
    > Smile... it increases your face value!
    >
    >
     
    Michael, Jan 7, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    4
    Views:
    937
  2. Replies:
    0
    Views:
    826
  3. Rick Sears
    Replies:
    0
    Views:
    533
    Rick Sears
    Jul 29, 2003
  4. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    648
    COMSOLIT Messmer
    Sep 5, 2003
  5. Ablang
    Replies:
    2
    Views:
    608
    Gimpy
    Jun 10, 2006
Loading...

Share This Page