Open ports with D-Link DSL604+

Hi,

Just bought one of the above - just got to wait for my wireless card
to arrive now! - but (connected by Ethernet) I've done a GRC ShieldsUp
check and it tells me that Ports 23 (Telnet) and 80 (Web) are open. I
don't know why and I'd like to shut them.

I've not got Remote Administration enabled so that can't be it. Indeed
I can't telnet to, or access the web on, my external IP. Both my
machines are running ZoneAlarm Pro with practically nothing allowed
external server access, so that can't be it. Anyway there is no port
forwarding specified. I wonder what it can be? and how I can stop it?

Anyway, I'd like to configure the firewall. It looks very complicated
and the manual isn't really any help. Ideally I'd like to block (or
even better stealth) all the ports and only punch holes in the
firewall for the utilities that really need it (e.g. my IP phone).

Has anybody any suggestions?

Many thanks in advance

In article <(E-Mail Removed)>, King Queen wrote:

> Just bought one of the above - just got to wait for my wireless card
> to arrive now! - but (connected by Ethernet) I've done a GRC ShieldsUp
> check and it tells me that Ports 23 (Telnet) and 80 (Web) are open. I
> don't know why and I'd like to shut them.

By default, these ports are enabled on the internal 'private' network
interface so you can access the web configuration screens (which run off
an embedded webserver on port 80) and the command line administation
interface, which runs via telnet on port 23. They are not accessible
from the 'public' Internet side of the firewall, and as such pose no
threat. You definitely need at least one of them so you can administer
the router in the first place.

If you are running with a static routed IP subnet rather than using NAT,
you have to enable 'remote administration' and use the firewall to
disallow connections from the Internet to those ports on the router's
public IP.

For help in using the DSL-604+'s firewall rules, try browsing the
router's dedicated forum on the Expansys site (http://www.expansys.com)
- lots of knowledge on there ISTR. Haven't got a browser available at the
moment so I can't give you a direct link I'm afraid.

--
| grendel [at] durge [dot] org | web technologist | london, uk
| "It's people like you what cause unrest"

On 24 Feb 2004 14:36:09 GMT,
(E-Mail Removed) (Grendel) wrote:

>By default, these ports are enabled on the internal 'private' network
>interface so you can access the web configuration screens (which run off
>an embedded webserver on port 80) and the command line administation
>interface, which runs via telnet on port 23. They are not accessible
>from the 'public' Internet side of the firewall, and as such pose no
>threat. You definitely need at least one of them so you can administer
>the router in the first place.

Hi,

Thanks for the info and the link which I am having a look at.

Bizarre thing is that it was the GRC ShieldsUp tester that found the
open ports, so they aren't from my local subnet. I'd expect the ports
to be open to me on the internal subnet, but not from outside.

Thanks