Re: trying to stealth port 113

From: *Vanguard* (no-email_at_post-reply-in-newsgroup.nix)
Date: 12/10/03

  • Next message: RadarG: "Re: trying to stealth port 113" 
    Date: Wed, 10 Dec 2003 16:02:29 GMT

    "RadarG" wrote
    in news:CvFBb.16457$Yt4.2290@lakeread05:
    > I went to GRC shields up and ran a scan and it said that port 113 was
    > closed. How do I stealth it? I would like to close these ports that i
    > am not using. But isnt stealthing better? thanks Justin

    There is a link to an article on just that exact shortcoming. As I
    recall, I ran the test, saw the one port detected, and saw a link there
    about that problem.

    Short story is: define a virtual server in your router. Your NAT router
    has its own DHCP server to allocate dynamically assigned IP addresses
    which is how your hosts are configured to use DHCP (some routers let you
    assign static IP addresses). There is a range of IP addresses that the
    router's DHCP server is allowed from which it will assign IP addresses.
    So pick an IP address outside that range that the DHCP server will use.
    Then define a route through your router from the WAN-side port 113 to
    the IP address for this non-existent host. The ident/AUTH is tried,
    goes to port 113 on the router, the router funnels it off to the
    LAN-side IP address for the server, the server doesn't exist, and the
    request falls into the bit bucket because there's nothing there to
    respond. I picked an IP address that was outside what the NAT router's
    DHCP server can assign to make sure that this non-existent virtual
    server didn't accidently become one of the internal hosts. The NAT
    router's DHCP server can never assign that out-of-bounds IP address. 

    --
____________________________________________________________
*** Post replies to newsgroup.  E-mail is not accepted. ***
____________________________________________________________
  • Next message: RadarG: "Re: trying to stealth port 113"

    Relevant Pages

    • Re: Lost lease to own IP address
      ... Have you tried do a release and renew of the IP address that that router itself gets? ... If it can't connect then the router gets an APIPA address, but your hosts on the LAN side of your router should still be getting their IP addresses from your router's DHCP server. ... maybe the system will open a new port for the service automatically. ... A general-purpose computer is adaptable and configurable, unlike your car or washing machine. ...
      (microsoft.public.windowsxp.general)
    • Re: moving sbs network
      ... Did you mean the DSL modem (not router) connects to the TZ170 WAN port? ... device is acting as the DHCP server for the public segment? ... The SBS external NIC connects to the LAN port. ...
      (microsoft.public.windows.server.sbs)
    • Re: OT: Setting up subnets (for dummies)
      ... or they are already on a different subnet). ... You can have the router, or whatever else is serving up DHCP, split up the ... that goes to 16 hosts, ... You can set up a DHCP server on a regular OS X client box ...
      (uk.comp.sys.mac)
    • Re: trying to stealth port 113
      ... But isnt stealthing better? ... > recall, I ran the test, saw the one port detected, and saw a link there ... define a virtual server in your router. ... > router's DHCP server is allowed from which it will assign IP addresses. ...
      (alt.computer.security)
    • Re: Static IP outside of router DHCP range
      ... range of the Linksys router DHCP server, but still in the same subnet as the ... I would like to put the video server at 192.168.1.150 ... much more then 20-50 concurrent hosts connected to it (since the router ...
      (alt.comp.hardware.pc-homebuilt)