Re: trying to stealth port 113

From: RadarG (justinnkim_at_cox.net)
Date: 12/10/03 

Date: Wed, 10 Dec 2003 14:40:51 -0500

"*Vanguard*" <no-email@post-reply-in-newsgroup.nix> wrote in message
news:psHBb.496296$Tr4.1350930@attbi_s03...
> "RadarG" wrote
> in news:CvFBb.16457$Yt4.2290@lakeread05:
> > I went to GRC shields up and ran a scan and it said that port 113 was
> > closed. How do I stealth it? I would like to close these ports that i
> > am not using. But isnt stealthing better? thanks Justin
>
> There is a link to an article on just that exact shortcoming. As I
> recall, I ran the test, saw the one port detected, and saw a link there
> about that problem.
>
> Short story is: define a virtual server in your router. Your NAT router
> has its own DHCP server to allocate dynamically assigned IP addresses
> which is how your hosts are configured to use DHCP (some routers let you
> assign static IP addresses). There is a range of IP addresses that the
> router's DHCP server is allowed from which it will assign IP addresses.
> So pick an IP address outside that range that the DHCP server will use.
> Then define a route through your router from the WAN-side port 113 to
> the IP address for this non-existent host. The ident/AUTH is tried,
> goes to port 113 on the router, the router funnels it off to the
> LAN-side IP address for the server, the server doesn't exist, and the
> request falls into the bit bucket because there's nothing there to
> respond. I picked an IP address that was outside what the NAT router's
> DHCP server can assign to make sure that this non-existent virtual
> server didn't accidently become one of the internal hosts. The NAT
> router's DHCP server can never assign that out-of-bounds IP address.
>
>
> --
> ____________________________________________________________
> *** Post replies to newsgroup. E-mail is not accepted. ***
> ____________________________________________________________
>
>
> Thanks for the info

Relevant Pages

  • Re: Lost lease to own IP address
    ... Have you tried do a release and renew of the IP address that that router itself gets? ... If it can't connect then the router gets an APIPA address, but your hosts on the LAN side of your router should still be getting their IP addresses from your router's DHCP server. ... maybe the system will open a new port for the service automatically. ... A general-purpose computer is adaptable and configurable, unlike your car or washing machine. ...
    (microsoft.public.windowsxp.general)
  • Re: moving sbs network
    ... Did you mean the DSL modem (not router) connects to the TZ170 WAN port? ... device is acting as the DHCP server for the public segment? ... The SBS external NIC connects to the LAN port. ...
    (microsoft.public.windows.server.sbs)
  • Re: trying to stealth port 113
    ... > I went to GRC shields up and ran a scan and it said that port 113 was ... define a virtual server in your router. ... router's DHCP server is allowed from which it will assign IP addresses. ... server didn't accidently become one of the internal hosts. ...
    (alt.computer.security)
  • Re: Using a standby router as a switch.
    ... > I've got a Netgear router but I need a few more ports. ... The DHCP server on the RP614v2 router must be disabled. ... > Put it on the network by plugging the network cable into the Internet ... It should be plugging LAN port to LAN port between the two routers no WAN ...
    (comp.security.firewalls)
  • Re: Using Remote Desktop From an SBS Domain
    ... when you tried to RDP while attached directly to a port on your router? ... So if 3389 needs forwarded on the client end too then that is what the ... Hopefully next week I can attempt a connection while my ISP watches the ...
    (microsoft.public.windows.server.sbs)