Re: D-Link DI-804HV Router Firewall SPI Function

From: Charles (cmelias_at_woh.rr.com)
Date: 12/29/03 

Date: 29 Dec 2003 05:51:56 -0800

NeoSadist <neosad1st@charter.net> wrote in message news:<vuuntfiuqi2349@corp.supernews.com>...
> Charles wrote:
>
> > All,
> >
> > I purchased a D-Link DI-804HV router in order to increase the security
> > of my home computer. One of the features that I hoped would help is
> > stateful packet inspection. However, when I did a security scan on
> > the Sygate Online Services website it found the "service" SOURCE PORT
> > (port number 57387) CLOSED--not BLOCKED, and the site gave this
> > additional information: "This is the port you are using to communicate
> > to our Web Server. A firewall that uses Stateful Packet Inspection
> > will show a 'BLOCKED' result for this port".
> >
> > I contacted D-Link tech support, but the person I talked with seemed
> > to be confused when I told her about the problem. They are supposed
> > to have someone else call me--I am not holding my breath. My question
> > is: Why doesn't the port in question show "BLOCKED"? I have the SPI
> > function enabled. Is this a router hardware problem or do I
> > misunderstand the proper function of SPI?
> >
> > Charles
>
> You mean http://scan.sygatetech.com/ ?
> Ok, let me see...
> Was it quick scan, tcp scan, udp scan, etc which scan was it? I did the one
> above, and it found my browser and OS (konqueror 3.1/Linux, but hey I was
> allowing Konqueror to transmit that anyways... if I wanted I could
> eliminate that).
> It could not find my computer name, and could not find any running services
> (but I'm wondering, were they talking about ports or actual services in the
> OS? people need to be more specific if possible...)
> Ok, then I took the stealth scan:
> "This port has not responded to any of our probes. It appears to be
> completely stealthed."
> This is what they meant. Blocked = Stealthed = no RST packets transmitted
> back to the scanner.
> Port 80: "This port has responded to our probes. This means that you are not
> running any application on this port, but it is still possible for someone
> to crash your computer through known TCP/IP stack vulnerabilities."
> Oh really? Duh! I connected to your website, I hope that port can be
> seen.... And since when has it NOT been possible for someone to "crash" my
> computer? That's too much of a generalization: exploits could include
> becoming admin/root on the machine, crashing it, rebooting it, DoS-ing its
> internet connection.........
>
> So, that should explain. They mean "stealth" when they say "blocked".
>
> But let me be clear, you need to read more about computer security. For the
> average joe, I could generalize and say that as long as you have no open
> ports (they're all closed or "blocked"), you're fine, if you're a home
> user.
> To exploit a machine, something vulnerable must be running on it and
> available to the outside world. For example, someone might try to connect
> over NetBIOS (file sharing) from the internet, but if my firewall blocks
> those ports (135-139,445) and/or I shut my Samba server off (Linux
> terminology, ignore it), they can't exploit it.
> I'm going to terminate this reply, due to how large it is becoming. You
> need to go read up on stuff. If you want to know more, there are several
> people in this newsgroup that have personal websites that will explain
> more. Although some sound like a marketing scheme, just read them without
> buying stuff. Do NOT trust anyone that sounds like they're pushing a
> product, however.

Thanks! I did not mention it in my original post, but the scan found
2 additional ports "CLOSED": 80 and 113. D-Link told me how to handle
these. I assigned them a "private IP" using a feature that D-Link
calls a "Virtual Server". When I ran the scan again these were listed
as "BLOCKED". I have read some on internet security and I read the
posts for this group, but I have much to learn.

Charles

Relevant Pages

  • Re: D-Link DI-804HV Router Firewall SPI Function
    ... > Charles wrote: ... A firewall that uses Stateful Packet Inspection ... > closed port, your router will transmit back an RST packet saying "no, you ... > closed instead of stealth, it's not the end of the world. ...
    (comp.security.firewalls)
  • Re: Separate threads only run with DoEvents
    ... The thread that it is on is started when the port is opened, ... Charles ... >> a loop calling DoEvents and testing a flag. ... >> The background thread looks at the incoming data, ...
    (microsoft.public.dotnet.languages.vb)
  • PC: Soapnet updated info
    ... the SOAPnet channel will begin airing episodes of the popular Emmy ... In other Port Charles news... ...
    (rec.arts.tv.soaps.abc)
  • Re: Learning PIC - where to start?
    ... Charles, do you know much about this board? ... I evaluated it for a company that was considering entering the PIC development market. ... I noticed that all microcontroller pins are brought out to IDC header pins. ... This would allow using Microchip's development tools for programming the chip while retaining the features of the development board. ...
    (sci.electronics.design)
  • Re: PC: Soapnet updated info
    ... Just a reminder to everyone that there are only 10 episodes of Port ... Charles left to air on Soapnet before the arcs start all over again. ...
    (rec.arts.tv.soaps.abc)