1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stealthing port 113 on a BEFSR41

Discussion in 'Networking Issues' started by BigE, Aug 13, 2004.

  1. BigE

    BigE Network Guru Member

    I have forwarded port 113 to an ip address that is out of the range of IP's on my network, and I have alto filtered this IP just incase, to stealth this port. Is there any treat to doing this. The Qualys security scan sees this and gives me a "TCP Source Port Pass Firewall" vulnerability status. I understand I have opened up a hole, but it is a black hole to nowhere. So, I think it is at least. Anybody have any comments on this...
     
  2. jdepew

    jdepew Administrator Staff Member Member

    How about just not messing with the port to begin with? Its handled automatically with the firmware.

    "UPDATE: The latest firmware update for the Linksys family of NAT routers has added an adaptive IDENT stealthing feature (though it is not enabled by default). So the Linksys routers will give you the best of both worlds. Bravo Linksys! " - from GRC.com

    Here's a great description of the port and what 'stealthing' it does - http://grc.com/port_113.htm

    http://www.GRC.com is also the home of the great Shields Up! port scanner to check and see if you're safe.

    BTW, to answer your question with NAT routers that didn't handle the IDENT/AUTH port correctly, the way you handled it is just fine. Forwarding the port to an unused IP will return a closed port and thus 'stealthed.' In other words - you can forward that port to 192.168.1.240 (as long as that isn't used) and shouldn't have to worry about filtering that IP. I think you may have meant you were forwarding it onto a global IP address, which may or may not, if existant have an open IDENT port hence your vulnerability. The Port forward should be set to an IP on your internal network.

    Jim
     
  3. BigE

    BigE Network Guru Member

    No option to stealth port 113

    I have a BEFSR41 V3 router with firmware version 1.05.00 which is the latest version, and there is no stealthing of port 113 option.
     

Share This Page