How to block open ports on a router.....

Discussion in 'Computer Support' started by Boaby, Aug 6, 2009.

  1. Boaby

    Boaby Guest

    Hello folks,

    I have a D-Link DIR 655 wireless router with the latest available
    firmware from D-Link. Recently I have done a port scan on my router
    which displayed the following results:

    PORT STATE SERVICE
    80/tcp open http
    4444/tcp open krb524
    8099/tcp open unknown
    20005/tcp open btx

    Anyone has any ideas on how to closed open ports on a D-Link DIR 655?

    Thanks,
    Boaby
     
    Boaby, Aug 6, 2009
    #1
    1. Advertisements

  2. Boaby

    Boaby Guest

    Wow, did not realize this newsgroup is swamped with advert postings....
     
    Boaby, Aug 6, 2009
    #2
    1. Advertisements

  3. Boaby

    Mara Guest

    Where? I don't see them. That's what a good newsfeed does. :)
     
    Mara, Aug 6, 2009
    #3
  4. Boaby

    Aardvark Guest

    Funny, I can't see any.
     
    Aardvark, Aug 6, 2009
    #4
  5. Boaby

    Boaby Guest

    Thanks for the suggestion, Floffy2. I can confirm that I have port
    forwarding on my router but it does show any ports are set to open?
    There does not seem to be an ability to close ports on a D-Link DIR 655
    router? I am truly mystified by this?

    Boaby
     
    Boaby, Aug 6, 2009
    #5
  6. Boaby

    why? Guest

    4444 is already confusingly used twice Kerberos v5 to v4 service / NV
    Video.

    Of course it's likely to be used in IPv6, OP didn't say anything about
    IPv6.

    If it's an exploit and user isn't using krb524 then it's 50/50 it's okay
    or not. Other checks would have to be made.
    Then you don't know about this maybe?
    http://www.iana.org/assignments/port-numbers
    although many ports above 1024 are used by anything.

    # 8089-8096 Unassigned

    openwebnet 20005/tcp OpenWebNet protocol for electric network
    openwebnet 20005/udp OpenWebNet protocol for electric network

    Depends if user means shutting down the router web / admin or the
    through router access to PC ports. OP said they did a port scan on the
    router, didn't say if that's what they really meant / understood the
    test to be for.

    'port forward and check of the port below are list' , means what?
    More likely it's enable / disable.

    Me
     
    why?, Aug 6, 2009
    #6
  7. Often its way easier than making port by port decisions.
    Under the routers firewall tab should be some choices like "high" "medium"
    "low" and "none".

    The suggestion to go to the SheildsUp! website is always good.


    --
    Proof of Americas 3rd world status:
    http://www.ramusa.org/
    "I believe there are more instances of the abridgement of freedom of the people
    by gradual and silent encroachments by those in power than by violent and
    sudden usurpations.... The means of defense against foreign danger historically
    have become the instruments of tyranny at home."
    -James Madison
     
    §ñühw¤£f, Aug 6, 2009
    #7
  8. Boaby

    NormanM Guest

    Can't be done, considering that the DIR-655 doesn't open any ports without
    user intervention.

    Have you done a 'netstat' scan from inside of your LAN?

    My scan results against my DIR-655, from the outside:

    | ----------------------------------------------------------------------
    |
    | GRC Port Authority Report created on UTC: 2009-08-07 at 03:32:02
    |
    | Results from scan of ports: 80, 4444, 8099, 20005
    |
    | 1 Ports Open
    | 0 Ports Closed
    | 3 Ports Stealth
    | ---------------------
    | 4 Ports Tested
    |
    | NO PORTS were found to be CLOSED.
    |
    | The port found to be OPEN was: 80
    |
    | Other than what is listed above, all ports are STEALTH.
    |
    | TruStealth: FAILED - NOT all tested ports were STEALTH,
    | - NO unsolicited packets were received,
    | - A PING REPLY (ICMP Echo) WAS RECEIVED.
    |
    | ----------------------------------------------------------------------

    My 'netstat' scan, in part:

    | C:\utils\ns_bench>netstat -aon
    |
    | Active Connections
    |
    | Proto Local Address Foreign Address State PID
    | TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 524

    Ports 4444, 8099, and 200005 do not show up as either "listening"
    ('netstat'), or "open" (GRC ShieldsUP!).

    Port 80 is both because I am running Apache, and set up a port 80 pinhole in
    my router.

    I have no clue how Blueyonder configures their customers. There is always
    the possibility that they have some kind of proxy between your CPE and the
    Internet; in which case, you are scanning their equipment, not yours.
     
    NormanM, Aug 7, 2009
    #8
  9. Boaby

    Boaby Guest

    Just want to thank everyone with their responses so far. I have tried
    the shields up website to test my router's port detection. Shields up
    gave a resounding score of 100% success of no open ports.

    The site explains this:


    Your system has achieved a perfect "TruStealth" rating. Not a single
    packet — solicited or otherwise — was received from your system as a
    result of our security probing tests. Your system ignored and refused
    to reply to repeated Pings (ICMP Echo Requests). From the standpoint of
    the passing probes of any hacker, this machine does not exist on the
    Internet. Some questionable personal security systems expose their
    users by attempting to "counter-probe the prober", thus revealing
    themselves. But your system wisely remained silent in every way. Very
    nice.

    So is that a good thing?

    Once again thanks for the advice and links.

    Boaby
     
    Boaby, Aug 7, 2009
    #9
  10. Boaby

    why? Guest

    That as well, although I prefer the port/application rule at a time. I
    go by what's logged as blocked and add a rule as required.
    That and 1 or 2 others at the same time to make sure.

    Me
     
    why?, Aug 8, 2009
    #10
  11. Boaby

    why? Guest

    BY/VM say they don't block ports except the NetBIOS filesharing ports.
    Check old posts / ask in the ng - virginmedia.users.self-help.security
    Depends on your point of view. The strict? intrepretaion of the RFCs
    http://en.wikipedia.org/wiki/Request_for_Comments
    says certain traffic should be allowed. Setting stealth on
    router/firewall breaks the basic operation.

    You can google for the above ( using port stealth rfc blocking) and see
    the various points of view for yourself.
    Me
     
    why?, Aug 8, 2009
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.