| Home | Register | Members | Search | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
"RG" <(E-Mail Removed)> wrote in
news:JEbXa.8128$(E-Mail Removed): > Sure it helps! > I could do it in the Virtual Server page even though the settings are > not obvious but... it works! > > Thanks! > Ron > > "2koffroad" <(E-Mail Removed)> a écrit dans le message de > news:zSaXa.105$(E-Mail Removed)... >> Yes, I have the same router and the best you can do is port forward >> that port to an internal address that doesnt exist, like if your >> using 192.168.0.101, just port forward port 113 to 192.168.0.253 or >> something similar. >> >> Hope this helps. >> P >> "RG" <(E-Mail Removed)> wrote in message >> news:tH9Xa.3472$(E-Mail Removed)... >> > Hello, >> > >> > my D-Link DWL-614+ wireless router can stealth all ports (when >> > testing > at >> > Gibson Research web site www.grc.com) except IDENT port 113. >> > >> > Is there any way to force the router to stealth that port? >> > >> > Ron >> > >> > >> >> >> > > You should also be able to put a dummy ip into the DMZ of the router, which should redirect all unsolicited inbound traffic to the dummy ip and into infinity. If the router has a log viewing utility, you should be able to see that traffic. Duane  -- The protection of the machine is a process and not a given! |
|
|
|
|
|||
|
Guest
Posts: n/a
|
Duane, why would forwarding unsolicited inbound traffic to a non-existent
host on the LAN side be better than just silently dropping it (which is what happens if you don't put in a DMZ host at all)? Seems to me that all it does is 1) make additional work for the router and 2) put extra packets on the LAN. "Duane Arnold" <(E-Mail Removed)> wrote in message news:Xns93CC9895FCF81notmenotmecom@63.240.76.16... > "RG" <(E-Mail Removed)> wrote in > news:JEbXa.8128$(E-Mail Removed): > > > Sure it helps! > > I could do it in the Virtual Server page even though the settings are > > not obvious but... it works! > > > > Thanks! > > Ron > > > > "2koffroad" <(E-Mail Removed)> a écrit dans le message de > > news:zSaXa.105$(E-Mail Removed)... > >> Yes, I have the same router and the best you can do is port forward > >> that port to an internal address that doesnt exist, like if your > >> using 192.168.0.101, just port forward port 113 to 192.168.0.253 or > >> something similar. > >> > >> Hope this helps. > >> P > >> "RG" <(E-Mail Removed)> wrote in message > >> news:tH9Xa.3472$(E-Mail Removed)... > >> > Hello, > >> > > >> > my D-Link DWL-614+ wireless router can stealth all ports (when > >> > testing > > at > >> > Gibson Research web site www.grc.com) except IDENT port 113. > >> > > >> > Is there any way to force the router to stealth that port? > >> > > >> > Ron > >> > > >> > > >> > >> > >> > > > > > > You should also be able to put a dummy ip into the DMZ of the router, > which should redirect all unsolicited inbound traffic to the dummy ip and > into infinity. > > If the router has a log viewing utility, you should be able to see that > traffic. > > Duane > > -- > The protection of the machine is a process and not a given! |
|
|
|
|
|||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
These NAT routers are only to keep the honest people out (and script
kiddies), kinda like a lock on your car, any determined hacker can and will get through these simple routers, if you have something that important you are trying to protect, you should probably look at something like a Cisco Pix Firewall. Other wise backup files that are important to you and then you dont have to worry about an intruder in the first place. "Duane Arnold" <(E-Mail Removed)> wrote in message news:Xns93CCBBA2184FEnotmenotmecom@63.240.76.16... > "John Roland Elliott" <JohnRolandElliott-no-(E-Mail Removed)> wrote in > news:HmeXa.41885$(E-Mail Removed) et: > > > Duane, why would forwarding unsolicited inbound traffic to a > > non-existent host on the LAN side be better than just silently > > dropping it (which is what happens if you don't put in a DMZ host at > > all)? Seems to me that all it does is 1) make additional work for the > > router and 2) put extra packets on the LAN. > > > 192.168.1.254 is a dummy ip that is not being used and is in the DMZ of > the Linksys router. This was a tip given to me in a FW <g>. The packets > never reach the LAN and are being redirected to that non-existant IP. > > It has been my experience that these cheap NAT routers can be defeated by > a determined attacker, which I have seen on a couple of times on my > network. > > And by using that method, I am able to track traffic to and from the > router at all times including the unsolicited inbound. If I had a host > based FW on a machine connected directly to the Internet, it would be > using even more resources during its logging. > > So I think I am getting the better of the deal by using the router in > this manner. > > Duane > > -- > The protection of the machine is a process and not a given! |
|
|
|
|
|||
|
Guest
Posts: n/a
|
"2koffroad" <(E-Mail Removed)> wrote in
news:HUgXa.220$(E-Mail Removed): > These NAT routers are only to keep the honest people out (and script > kiddies), kinda like a lock on your car, any determined hacker can and > will get through these simple routers, if you have something that > important you are trying to protect, you should probably look at > something like a Cisco Pix Firewall. Other wise backup files that are > important to you and then you dont have to worry about an intruder in > the first place. > > That is why I have BlackIce on the machines behind the router as one attack on SQL Server on the wired machine came right past the router. And the second attack came at my wireless laptop at SQL Server there too. BI stopped both attacks. Duane -- The protection of the machine is a process and not a given! |
|
|
|
|
|||
|
Guest
Posts: n/a
|
"Duane Arnold" <(E-Mail Removed)> wrote in message news:Xns93CCBBA2184FEnotmenotmecom@63.240.76.16... > "John Roland Elliott" <JohnRolandElliott-no-(E-Mail Removed)> wrote in > news:HmeXa.41885$(E-Mail Removed) et: > > > Duane, why would forwarding unsolicited inbound traffic to a > > non-existent host on the LAN side be better than just silently > > dropping it (which is what happens if you don't put in a DMZ host at > > all)? Seems to me that all it does is 1) make additional work for the > > router and 2) put extra packets on the LAN. > > > 192.168.1.254 is a dummy ip that is not being used and is in the DMZ of > the Linksys router. This was a tip given to me in a FW <g>. The packets > never reach the LAN and are being redirected to that non-existant IP. > > It has been my experience that these cheap NAT routers can be defeated by > a determined attacker, which I have seen on a couple of times on my > network. > > And by using that method, I am able to track traffic to and from the > router at all times including the unsolicited inbound. If I had a host > based FW on a machine connected directly to the Internet, it would be > using even more resources during its logging. > > So I think I am getting the better of the deal by using the router in > this manner. > > Duane > > -- > The protection of the machine is a process and not a given! The router doesn't know that there is no host out there on 192.168.1.254 and for that reason, because you told it forward all inbound traffic that it didn't know what to do with to that address, it puts the traffic the only place the host in question might be, namely, on the protected LAN. If the Linksys had a separate interface for the DMZ like some real firewalls do, forwarding to the DMZ host wouldn't put the traffic on the protected LAN. But with the Linksys, the DMZ host is just another host address on the protected LAN that is unlucky enough to have to listen to all the unsolicited inbound traffic the Linksys sees. To make matters worse, because the switch has never seen a MAC address for that non-existent machine, the switch puts the packet out on all of its ports instead of just the one port where the DMZ host would be if it existed. Does the Linksys not log unsolicited inbound traffic unless it forwards it to the DMZ host? |
|
|
|
|
|||
|
Guest
Posts: n/a
|
"John Roland Elliott" <JohnRolandElliott-no-(E-Mail Removed)> wrote in
news:XuxXa.46035$(E-Mail Removed) et: > > "Duane Arnold" <(E-Mail Removed)> wrote in message > news:Xns93CCBBA2184FEnotmenotmecom@63.240.76.16... >> "John Roland Elliott" <JohnRolandElliott-no-(E-Mail Removed)> wrote >> in news:HmeXa.41885$(E-Mail Removed) et: >> >> > Duane, why would forwarding unsolicited inbound traffic to a >> > non-existent host on the LAN side be better than just silently >> > dropping it (which is what happens if you don't put in a DMZ host >> > at all)? Seems to me that all it does is 1) make additional work >> > for the router and 2) put extra packets on the LAN. >> > >> 192.168.1.254 is a dummy ip that is not being used and is in the DMZ >> of the Linksys router. This was a tip given to me in a FW <g>. The >> packets never reach the LAN and are being redirected to that >> non-existant IP. >> >> It has been my experience that these cheap NAT routers can be >> defeated by a determined attacker, which I have seen on a couple of >> times on my network. >> >> And by using that method, I am able to track traffic to and from the >> router at all times including the unsolicited inbound. If I had a >> host based FW on a machine connected directly to the Internet, it >> would be using even more resources during its logging. >> >> So I think I am getting the better of the deal by using the router in >> this manner. >> >> Duane >> >> -- >> The protection of the machine is a process and not a given! > > The router doesn't know that there is no host out there on > 192.168.1.254 and for that reason, because you told it forward all > inbound traffic that it didn't know what to do with to that address, > it puts the traffic the only place the host in question might be, > namely, on the protected LAN. If the Linksys had a separate interface > for the DMZ like some real firewalls do, forwarding to the DMZ host > wouldn't put the traffic on the protected LAN. But with the Linksys, > the DMZ host is just another host address on the protected LAN that is > unlucky enough to have to listen to all the unsolicited inbound > traffic the Linksys sees. > > To make matters worse, because the switch has never seen a MAC > address for that non-existent machine, the switch puts the packet out > on all of its ports instead of just the one port where the DMZ host > would be if it existed. > > Does the Linksys not log unsolicited inbound traffic unless it > forwards it to the DMZ host? > > > It looks to be logging the same. You make some valid points. I may run without the dummy ip for awhile to see. Duane -- The protection of the machine is a process and not a given! |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Source port of 1079 (asprovatalk) to destination port 1025 (blackjack) - required for Microsoft Windows networking? | Spin | Windows Networking | 1 | 10-07-2008 08:09 PM |
| How many NIC for a event photography viewing system, advantages ofQuad Port (4-port) NICs | sam | Windows Networking | 1 | 03-17-2008 12:51 PM |
| Socket connection to port fails despite port open / listening ! | Jack | Linux Networking | 2 | 12-19-2007 03:46 PM |
| open ports on the router port 1900udp and port 5643 tcp | James | Broadband Hardware | 0 | 02-20-2005 08:07 AM |
| What is the difference between a multi-port ASDL modem/router and one with a 4 port hub? | Tim Lyons | Broadband | 4 | 02-27-2004 06:07 AM |
Linear Mode
