Hi guys i'm back

Have been ill for a while so have not been able to sit at pc much but have dropped in now and again just to check up on gossip,jokes and issues 8)

B/Bands active now. Yippee :)
PC's fast on the net. Yippee :)
Dumped AOL (ha) Yippee :) Serves em right P*s*in me about
Bought a NAT,F/W modem Great???

I used to go to Gibbo's shields up and get a full stealth pass rating but since switching to my new Zoom 5551 Modem/Gateway/Router/Firewall i get closed ports with port 80 open

i have read his bit about defaults on the WAN side but cannot seem to find necessary setting to close or re-stealth said ports

I am currently using LAN connector at the moment as i cant seem to be able to get a connection with the USB/BT Yahoo B/Band side of things yet(no dial up tone)


Any help,ideas appreciated

Well after many hours of not being able to connect and banging my head under desk and trying this and that i am now back in stealth mode at GRC(just got to try the others) :)

the only thing i did that i hadn't already tried numerous times for last 24hrs was strip pc of every last trace of AOL's software, ??? makes you think doesn't it?

Pc is a lot happier too, for last week or so i have had nothing but crashes and chkdsk's on bootup

Still cant sign in to my BTyahoo services as they dont like the fact that i didn't want to spend my money on their poxy modem but have found a way to backdoor the browser and get to my email account(all their browser files force you through a dial-up login screenwhich is of absolutely no use to my modem(even usb with no phone/filters cant get dial tone required and modem is already by default to their specs)
must of set up at least 20 different B/band configurations.no joy

however i still have one concern.
When i was using ahem AOL's ahem trial they scrambled my IP each time i connected so it always showed up at GRC differently but an IP the same as my BTyahoo account profile is displayed, have even powered down and disconected everything and then resubmitted again but it remains the same
Is this my actual IP? or one devised by hardware f/w?

I see cochise finally got his gif, i looked all over but due to 56k took ages just loading pages, and could only find a couple of chiefs

Lost me paint shop animator as well :(

SpyD

Hi spydespiser

-{ Quote: "I am currently using LAN connector at the moment as i cant seem to be able to get a connection with the USB/BT Yahoo B/Band side of things yet(no dial up tone)" }-

Not being familiar with this modem/router/firewall could you explain a little more about your current set up and connection type.

-{ Quote: "however i still have one concern.
When i was using ahem AOL's ahem trial they scrambled my IP each time i connected so it always showed up at GRC differently but an IP the same as my BTyahoo account profile is displayed, have even powered down and disconected everything and then resubmitted again but it remains the same
Is this my actual IP? or one devised by hardware f/w?" }-

Is your concern that your WAN IP appears to remain the same?
Even though the ISP may say your IP is dynamic, it is not unusual for some to stay the same. Depending on your set up, the router will usually obain your public (WAN) IP from your service provider and systems behind it on the LAN will have private IP addresses assigned by the DHCP server in the router.

Regards,

CrazyM

Hi CrazyM :)

I've just got back from ADSLGuides site and their reveiw of my product has answered more questions than manual does

I have now got usb/network side working now
Port 80 is back on display(dont know why i got it stealthed yesterday)

-{ Quote: "Is your concern that your WAN IP appears to remain the same?
Even though the ISP may say your IP is dynamic, it is not unusual for some to stay the same. Depending on your set up, the router will usually obain your public (WAN) IP from your service provider and systems behind it on the LAN will have private IP addresses assigned by the DHCP server in the router." }-

Errrr dunno ??? ;D ;D
Active ports shows me this so maybe everythings all right(please note since having dealings with aol i have had to go find and reinstall a lot of apps recently so didnt have tools to investigate matter)

Hi spydespiser

-{ Quote: "Port 80 is back on display(dont know why i got it stealthed yesterday)" }-

By display do you mean it's showing as open or closed to scans?
You might want to double check all your advanced settings to make sure no options are selected that may cause your router to listen/hold that port open on the WAN side.

You Active Ports screenshot shows your system having a private LAN IP address (10.0.0.3). This is normal and the way it should be. Your router should have a status page somewhere which will show what your current WAN (public) IP is.

Regards,

CrazyM

thanx crazym :)

port 80 is open and the others are closed, they did stealth at one point with new modem/router but dont know what i did and all my settings are default (same as when they stealthed)

the only setting page with any reference to ports is the one at first post (everything is left at default as advised by manual as it says only to change any other settings if advised to do so by ISP)

all adv settings pages contain either router ips 000etc or subnet masks 255255255etc
except wan status which shows my public ip (varies cause i have to keep resetting firmware when i change something it dont like)
and a Static Ip add in my permanent VC settings

i just cant uderstand why yesterday it stealthed and today it fails as all i have done since is change from LAN to USB connector, no settings have been changed as there were none to change, it was all preconfigured by default ??? and i'm not even sure it decloaked at that point, it could have been earlier for all i know ???

could i have a background programme such as yahooMess(i read somewhere) or something?, i dont know as i cant fully access account as btyahoo wont support or techhelp on modems you dont buy from them i.e. i cant switch to other subaccounts i have(sign in)use/access all features of account

thanx for looking at this for me :)

SpyD 8)

EDIT- maybe its just replying with blocking, my software f/w used to do that at first then learnt to ignore/stealth probes

Hi SpyD

Have you tried more than one online scan site?
For a convenient list: http://www.wilderssecurity.com/showthread.php?t=6341

Does the router have logging capabilities? If so, what do they show, in particular, does it show the port 80 scan?

Does the software firewall on your system log any scans getting past the router?

Regards,

CrazyM

crazym

tried the blackcode one as well same result,(will try rest but thought maybe post query as i might be a while)

just before coming back to wilders i found this but can no longer see s/w f/w in current avtivity page, they disappeared when scr/grab taken

gotta do this seperate as i had trouble posting img before with yahoo browser

did a trace on akamai but no registrant(dont know what it is)
212dot23dot32dot13
have a lot of new files since chaning to yahoo

they both hilighted as being outbound to port 80

they are back now i have done security check with f/w("optimal")

i also had grc & wilders show up in Ybrowser section of current activity screen but now sign of f/w, does that mean that when i took scr/shot f/w disabled and grc & wilders were behind it(these were only 2 browsed in that time, these also hilighted as out bound 80

unit does not seem to have logging capab's

-{ Quote: "Does the software firewall on your system log any scans getting past the router?" }-

have recently cleared log but will maintain same connection and monitor while trying other scan sites :)

thanx

SpyD 8)
p.s. sorry it in two bits will have to visit test forum and mess with new browser(or change it ;D )

Hi SpyD

The screenshots from your firewall would appear to be of current connections. The destination port 80 (http) and source port (ephemeral) are consistent with that and nothing to worry about.

After doing the tests at the scan site, check the software firewall logs on your system to see if anything is showing up there. It is unfortunate if your router does not have any logging.

...also check your IM here on the board.

Regards,

CrazyM

Hi CrazyM :)
only just got back

have done a few of the other tests and checked warning logs just before reading your post

only one warning and that was when browser requested permission to access hacker whackr

most came up clear auditpc found my public ip but nowt else
one found port80 but then explained it could be nat/server
and other similar finds(which sounds right)

so i think its ok,but still dont understand how ext modem stealth itself yesterday if i cant configure or instruct to allow/block trraffic ??? (everything stays at default except ISP username and p/word)
It is also NAPT(network address port translation) by default

-{ Quote: "It is unfortunate if your router does not have any logging." }-
I suppose you get what you pay for, although £80 could have had other uses ;D Vodka LOL ;D

Thanx again for helping out :)

SpyD 8)

Hi Spyd

Your router could be holding open port 80, but restricting access. If this is the case, make sure you have changed any default user names and passwords to access the configuration pages. Also check if there are any remote administration options. If so, make sure it is disabled.

You could try contacting Zoom support and ask if it is normal for your unit to show port 80 (http) open on the WAN side and what access, if any, there is.

Regards,

CrazyM

Hi CrazyM :)

-{ Quote: "Your router could be holding open port 80, but restricting access." }-
That was what i was praying for and have already changed all default user/pass names (did that on first failed scan, first thing i do after messing with anything)

i will contact them as this isnt in their FAQ/scenario's

and i think i already have remote admins and such in order but will check all settings again

Thought i would let you guts have a crack at it as you may have come across similar threads/Hardware on travels

Thanx again for time/feedback on issue :)

KC now i can (do you want chocolate chips in it?)

SpyD 8)

Whats a Remote OS guess, is it stuff thats trying me or possible stuff i'm using to restrict?

Hi SpyD

-{ Quote: "i will contact them as this isnt in their FAQ/scenario's" }-

I had a quick look around the site as well and could not see anything covering it. Let us know what you hear back.

-{ Quote: "Thanx again for time/feedback on issue
KC now i can (do you want chocolate chips in it?)" }-

Thanks, glad to help out :)

-{ Quote: "Whats a Remote OS guess, is it stuff thats trying me or possible stuff i'm using to restrict?" }-

Scannners best guess at OS or what you may be using to restrict access.

Regards,

CrazyM

Update

Emailed zoom on sunday got reply that i should have questions answered 1-3 business days, hopefully should have answers today/tonight(the 3rd day)

SpyD 8)

Hi spydespiser, There is a way of creating a black hole on most NAT routers,
If you have a DMZ (Demilitarised Zone) capability in the router set up pages.
Here is how to do it:
Open to the DMZ IP address and add a local IP address that will not be an actual PC for instance if your PC's address is 10.0.0.3 create a DMZ IP of 10.0.0.200
You dhould then go to the forwarding page if there is one and forward port 80 TCP & UDP to that IP you will then show Stealth on ALL the scan sites.

All network traffic aimed at your real IP will be diverted to the .200 blackhole PC:) but all wanted traffic will be as normal. :)

I am not familiar with your router so you may have to dig a bit for similar terms in your routers documentation.

My experience is only with Linksys & 3COM and recently whilst testing another product part of which involved attacking my IP - They did not succeed though this did not include denial of service attacks.

HTH Pilli

Thanx Pilli

I have DMZ

(pressed return by mistake and sent 1/2 a post) ;D

Am looking for forwarding port process screen/configuration

Hello Pilli
What about a router that has only one address in the DMZ page and another cannot be added? The existing one can only be changed.

Hi Q-Section, True, most home routers have just 1 DMZ address, usually for a PC used as a server or for other uses but most NAT routers allow other methods for VPN etc.
For most home users the Black hole method is very effectve.

Pilli
So you are saying to make the only address on the DMZ page the DMZ non-existant one?

Hi Pilli,Q-section :)

would this be the port forwarding setup screen ???

I,m treading completely new territory here as i've only been online a few week and have only just learnt s/w f/w's by hanging out here :)

Text on DMZ
>A DMZ cconfiguration bypasses the modem's NAT firewall and allows the computer to accept all incoming packets
CAUTION! Use the DMZ feature with utmost care. It exposes the DMZ computers entire contents to the internet; there is no firewall protection whatsoever

I take it the "Blackhole" alleviates this
-{ Quote: "All network traffic aimed at your real IP will be diverted to the .200 blackhole PC" }-

-{ Quote: "but all wanted traffic will be as normal." }-
Wanted as in stuff/procs i initiate?
what would happen if i had spyware or such, could it phone home or invite in unwanteds?

Am posting this even though not fully complete as i have that many browsers/documentation open i've forgot what im doing ;D ;D ;D

Must try harder! ;D ;D ;D
EDIT-according to documentation i can open multiple ports(for a maximum of 20) but have to configure each one individually
Would i do 1 for UDP
then 1 for TCP?

Me ;D ;D ;D

Q-Section, Yes you place the non existant one in the DMZ the Black hole

Spydispiser, I do not think that the screanie you show is port forwarding, maybe port triggering VPN whatever?

In the Linksys it is called port forwarding & is in a table format as stated above:

port no: From | To | TCP | UDP |port| IP address BH

In the 3com just has a place for the DMZ IP address & automatically routes normal traffic.

Note the warning on the screenie below, which obviously applies if you have a "real" pc in the DMZ :)

Still no E-mail >:( (don't often get angry but when i do somebody got some explaining to do!)

Hi Pilli :)

sorry reply took so long

tried something got booted off net
server locked up and had to hard reset firmware
had to dig out passwords
had to reverse property settings manual told me to change
coffee grew a layer of ice
Ashtray set on fire LOL :o :o :o ;D ;D ;D

-{ Quote: "I do not think that the screanie you show is port forwarding, maybe port triggering VPN whatever?
" }-
Tried a setup anyway cos documentation ref said Vitrtual server(port forwarding) so thought would try anyway
Failed!
All i seem to have is a NAT screen

EDIT- >:( some To**ers just cold called me on my new number that only 2 people should have! >:(
Time to remind BT who's paying their wages methinks

might as well add main screen while i'm bloating this thread with screenies ;D




I dont think that guy will ring back anymore ;D ;D ;D ;D ;D

Update on stealth/unstealth

Read somewhere(cant remember where cos i've been all over for threads/links)

the possible reason why X4 stealthed then unstealthed is(i'm sure this is what i read) that when LAN connected, X4 doesnt get scanned but S/W F/W does(which explains stealth as that is how S/W F/W is configured and apparently H/W F/W is bypassed due to this connection method) but when using USB connection H/W F/W gets scannned which is why it returns the open/closed staus results

So at least i have a little bit more information on product, no thanks to zoom who at 22:15 on 3rd day still have not replied from tech supp :(

Might send another E-mail and ask if they like the smell of my money ;D

Hi again spydespiser, As I see it Virtual servers are not port forwarding, I use them here for hosting a chat server, a virtual server allows ppl to reach your server through a dedicated port.
Usually as follows: Local PC IP address and the port No or range of ports that an outside PC can use to access your server through your router.

I'll have to say that 3COM's support has been oustanding, I emailed them with a problem on a Sunday & first thing Monday morning a knowledgable member of their staff phoned me, quickly solved the problem + emailed the answer.
Two days later another 3COM staff member phoned to ask if everything was satifactory - Now that is what I call "Service" - I almost thought that if I had another problem they would turn up on my doorstep with the router ambulance! :) ;D

HTH Pilli

Hi Pilli

-{ Quote: "As I see it Virtual servers are not port forwarding" }-
also seems to be the case here, even though all the linx i followed that led me to tech specs claimed it port forwarded and only Ref. to such in Manuals is through Vir serving ???


-{ Quote: "I'll have to say that 3COM's support has been oustanding, I emailed them with a problem on a Sunday & first thing Monday morning a knowledgable member of their staff phoned me, quickly solved the problem + emailed the answer.
Two days later another 3COM staff member phoned to ask if everything was satifactory " }-

Wanna swap ;D ;D ;D

3 1/2 business days-no reply

Thanx again Pilli, will tinker further with DMZ as i still have s/w f/w(i hope :o )

SpyD 8)

Hello Pilli
Thank you for the information. BTW - What site can you recommend to test the DMZ settings? We did a GRC port test before making the DMZ change and got "all stealth" already.

Hi Qsection :)

Tassie posted a good thread with some more test sites over here

http://www.wilderssecurity.com/showthread.php?t=6341

Might be of interest/use

SpyD 8)

Update
posted request for response 6pm

received reply 7:30pm


"It should be stealthed. Remember that the web console also uses port 80 so this may also be why it shows as open. However if you want to make sure that it is for sure, then forward port 80 to a bogus IP address in the virtual server settings. Have a good day.

Travis
Technical Support"

Not very forthcoming with info are they?

Where's the rest of it? this only answers 1 question asked of them ;D

Spydespiser, Travis must have read our earlier posts ;D So just forward port 80 to a bogus address using the virtual server settings - Yeh OK Travis ... Are you hiding them under your KB? :'(

;D ;D

Update

went back to mess with what i was trying to do the other day. you cannot follow manual instructions in printed order, it won't work cos IP doesn't exist or is invalid you have to skip instr 1, goto instr 2,ignore instr 3,then go back to instr 1 and do 1 and 3 together

Result

Port 80 now scans at GRC as stealth,

but all others are still visible as closed, so i still "exist" then don't i?

i can only have a maximum of 20 VServ settings

theres 26 ports being scanned on basic scan

so its a bit of a fruitless exercise, IMO :-\

as guess what!?, you got it i still "exist"

Basically i've bought a "ADSL MODEM/GATEWAY/ROUTER/FIREWALL"
that is, well basically just a 2port router/modem.

Where's the other 1/2 LOL ;D

whats the point in multi-functional piece of equipment, if you can only use 2 out of 4 features in a setup?

Bit like having a lock with no bloody door ;D

Thank you to the guys that contributed :)

looks like i've got more experimenting to do as tech supp only tell you what you have all ready told them and the bloody manuals a$$ about tip

SpyD 8)

another update

have just been for more scans and log checks and it isn't stealthing,
its just stepping aside a letting S/W F/W do what it was doing before i installed the modem, as i am now receiving incoming TCP's in my logs, which S/W F/W is ignoring(giving me stealth status)

:o :o watching a horror film and all my games/dvd cases have just toppled like dominoes :o :o

;D

so its still advertising my closed port status to the world, but is fobbing the responsibility of port 80 over to S/W F/W

so, only consolation is that i at least now know if S/W F/W is doing assigned tasks and has not changed function in any way without my knowledge i.e. stopped working as should, cos i can now scan/probe it

which i could never be 100% sure of before change of Vserv