router security

[frustratedIam]

I have a d-link broadband router. I wanted to check its security so went to sheilds up and just about ALL ports showed open. Help me please

[johnwill]

It sounds like you have configured your machine to be in the DMZ, or you have the router installed incorrectly. Do you have the broadband modem running to the WAN port of the router, and your machine connected to one of the LAN ports?

[frustratedIam]

I have a always on satelite connection to the net and configed it to be a dynamic ip in the router and my pc in the lan port

[johnwill]

It the satellite connection plugged into the WAN port?

[frustratedIam]

yes, it is plugged into the wan port

[johnwill]

How about the model of the router, the version and patch level of Windows, and the output of this:

Open a DOS window and type:

IPCONFIG /ALL >C:\RESULT.TXT

Open C:\RESULT.TXT with Notepad and copy/paste the entire results here.

[frustratedIam]

router is a d-link DI-604 v.3.51 windows xp media center sp 2

results


Windows IP Configuration



Host Name . . . . . . . . . . . . : SUSIEQ

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : anikast.ca



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : anikast.ca

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-11-2F-D6-F9-2F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : September 22, 2005 5:55:05 PM

Lease Expires . . . . . . . . . . : September 29, 2005 5:55:05 PM

[frustratedIam]

I removed the router and connected straight through to the internet. I get the same results as I did with the router. I am so confused. When I had dialup and checked gibsons sheilds up all ports were in stealth. I am using zonealarm pro

[johnwill]

Well, it makes no sense to me. The only way I can see the router allowing all the ports is that you have the machine in the DMZ, or you have connected the router incorrectly. Have you reset it to factory defaults and tried it?

[frustratedIam]

I have reset it to factory defaults and am not in dmz. I am going to unhook everything and try again. The funny thing is that when I bypassed the router I didn't have to change how I connect to the internet.

[Resolution]

Does that router allow you to set firewall rules such as this...

http://support.dlink.com/emulators/d..._firewall.html

[frustratedIam]

yes, I can do that. I was trying to figure that out

[johnwill]

The router in it's default configuration should allow very few ports through, 113 is sometimes visible, but little else.

Exactly what ports show up open when you're using the router after a factory reset and do the port scan?

[frustratedIam]

I rese the router and did a all service ports scan and everyone was open except 20,21,80,137,138,139,443 and 445 are all in stealth. I got the same results from my other computer on the network

[frustratedIam]

take note as stated in a previous post I get the same results when I bypass the router

[johnwill]

This is apparently one I'd have to see. I have an SMC and a D-Link router here, and they work as I'd expect, and my ports are all invisible, except for the FTP port, which I have open for my server. Please post your report here when using the router.

GRC Port Authority Report created on UTC: 2005-09-24 at 22:55:58

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
1 Ports Closed
25 Ports Stealth
---------------------
26 Ports Tested

NO PORTS were found to be OPEN.

The port found to be CLOSED was: 21

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

[frustratedIam]

shields up report

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2005-09-24 at 23:34:02

Results from scan of ports: 0-1055

1048 Ports Open
0 Ports Closed
8 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be CLOSED.

Ports found to be STEALTH were: 20, 21, 80, 137, 138, 139, 443,
445

Other than what is listed above, all ports are OPEN.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

[Resolution]

First off, I have never seen a router automagically block ports that are notorious for being hacker targets, and then somehow leave everything else open. Turn off ZoneAlarm and then run the test. See if they differ when using the router and without it.

[frustratedIam]

zonealarm shut off

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2005-09-25 at 00:01:58

Results from scan of ports: 0-1055

1048 Ports Open
0 Ports Closed
8 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be CLOSED.

Ports found to be STEALTH were: 20, 21, 80, 137, 138, 139, 443,
445

Other than what is listed above, all ports are OPEN.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

[frustratedIam]

I used zonealarm to block all the ports that are open and I still get the same results. Is it possiible shields up is not testing the correct ip?