Re: D-Link DI-804HV Router Firewall SPI Function
From: NeoSadist (neosad1st_at_charter.net)
Date: 12/28/03
- Next message: K2NNJ: "Referers and NPF 2003"
- Previous message: sponge: "Re: Adware Question"
- In reply to: Charles: "D-Link DI-804HV Router Firewall SPI Function"
- Next in thread: Thomas Hertel: "Re: D-Link DI-804HV Router Firewall SPI Function"
- Reply: Thomas Hertel: "Re: D-Link DI-804HV Router Firewall SPI Function"
- Reply: Charles: "Re: D-Link DI-804HV Router Firewall SPI Function"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Dec 2003 15:38:28 -0700
Charles wrote:
> All,
>
> I purchased a D-Link DI-804HV router in order to increase the security
> of my home computer. One of the features that I hoped would help is
> stateful packet inspection. However, when I did a security scan on
> the Sygate Online Services website it found the "service" SOURCE PORT
> (port number 57387) CLOSED--not BLOCKED, and the site gave this
> additional information: "This is the port you are using to communicate
> to our Web Server. A firewall that uses Stateful Packet Inspection
> will show a 'BLOCKED' result for this port".
Dude, it's not like that's a super-big deal. The only difference between a
closed and "stealthed" port is that when a computer tries to connect to a
closed port, your router will transmit back an RST packet saying "no, you
aren't allowed to use this port, find another." By internet standards,
that is what is supposed to happen. Stealthed ports are when your router
doesn't transmit anything back, which is actually contrary to how the
internet is supposed to work (IEEE standards, etc). Just because they see
a closed port doesn't mean they can get in. Also, that packet that is
transmitted back shows that your router is up and running, but then again
they'd know that just by pinging it, so it's not like they don't already
know that you're up and running. People get too paranoid about whether all
their ports are stealthed. It's a nice thing to have, but if one shows
closed instead of stealth, it's not the end of the world.
And, BTW, it's impossible to make yourself look invisible on the web. If
you click on a link, your computer sends an http page request. If you log
into msn messenger, you're querying dns servers and connecting to the IM
servers. There are a lot of people out there telling a half-truth about
whether or not people can see you on the web as being bad.
>
> I contacted D-Link tech support, but the person I talked with seemed
> to be confused when I told her about the problem. They are supposed
> to have someone else call me--I am not holding my breath. My question
> is: Why doesn't the port in question show "BLOCKED"? I have the SPI
> function enabled. Is this a router hardware problem or do I
> misunderstand the proper function of SPI?
Depends on how they're scanning. I think that the difference between closed
and blocked is that they meant blocked = stealthed. First off, if the port
is closed, it IS blocked. Second, if the port is stealthed, they should
say "stealthed" or "undetectable" rather than "blocked."
Please give me the link to their scan so I can try it and see what the heck
they're talking about. Hopefully Sygate isn't smoking crack...
>
> Charles
-- Ban the bomb. Save the world for conventional warfare.
- Next message: K2NNJ: "Referers and NPF 2003"
- Previous message: sponge: "Re: Adware Question"
- In reply to: Charles: "D-Link DI-804HV Router Firewall SPI Function"
- Next in thread: Thomas Hertel: "Re: D-Link DI-804HV Router Firewall SPI Function"
- Reply: Thomas Hertel: "Re: D-Link DI-804HV Router Firewall SPI Function"
- Reply: Charles: "Re: D-Link DI-804HV Router Firewall SPI Function"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
