GRC Nanoprobe Failure

[eyespy]

Hi all !
When checking and testing my ports at GRC, I always passed while using ZAP.
I've just recently set up a D-Link router which works fine.
Now when I do a portscan at GRC "solicited TCP packets" and "ping reply" fail.
Now is this a serious issue ? If so, what can I do to fix it ?
Obviously this is related to the router. I didn't receive one alert from ZAP while the portscans were taking place.

I'll include a copy of the GRC report.

Thanks and regards,
bill

[Patrice]

Hi eyespy,

it's not ZA anymore which is tested but your D-Link router. Do you have a new one? Otherwise try to install the latest firmware available for your router. Normally that helps. If it doesn't work out for you, contact the support of D-Link and let 'em know your results.

Best regards,

Patrice

[eyespy]

Patrice,
I hate to "Flash" it so soon !! It is working great. The "ping return" is not a big concern but I'm a little concerned about the "solicited TCP packets".
I will try the D-Link website. Thanks


regards,
bill

[CrazyM]

Hi Bill

From the posted log it shows a closed response for service/port 113 (auth/ident). If you require your system to respond closed on this local service/port for any email or ftp, then you may want to leave it as is.

If you do not require this closed response and want to stealth it, I believe with the DLink it is done by forwarding the port to a Virtual Server - in this case a non existent IP on the LAN. Try looking under the Advanced settings for Virtual Server set up.

Take a look under Tools - Misc for the echo request/echo reply settings.

Regards,

CrazyM

[eyespy]

CrazyM,
I didn't install the Router software, didn't feel that I needed it since I'm also using ZAP.
Do you think the "ping return" and the "solicited TCP packets" are a serious security threat ?

thanks,
bill

[CrazyM]

Hi Bill

The ping return and closed response are not a security threat, but if you want your public IP to be stealth you should be able to accomplish that by configuring the router/gateway.

You do not need to install their software, that is usually just a wizard to help with network set-up on your system.

You should be able to access the configuration pages/options via a web based interface with the router/gateway. Just use your browser and try http://192.168.1.1 or whatever the router/gateway is using as it's address.

Regards,

CrazyM

[Patrice]

Hi CrazyM,

I didn't see the attached log...

Sounds interesting to me, what you suggest. I have a question concerning this, I'm using myself a router as well (Linksys BEFSR41). If I hide port 113, don't I have other problems by surfing around? This service is needed from special sites and as you said FTP and Email. Should I try this out to see if it works?

Thanks in advance!

Best regards,

Patrice

[eyespy]

Quote:

quoting: Patrice link=board=18;threadid=9248;start=0#60587 date=1052987173]
Hi CrazyM,


Sounds interesting to me, what you suggest. I have a question concerning this, I'm using myself a router as well (Linksys BEFSR41). If I hide port 113, don't I have other problems by surfing around? This service is needed from special sites and as you said FTP and Email. Should I try this out to see if it works?

Thanks in advance!

Best regards,

Patrice

Patrice,
good question ! I was wondering that very same thing !

regards,
bill

[Patrice]

Hello people,

GREAT, I just did what CrazyM mentioned and this is working fine! I just forwarded port 113 to an IP which doesn't exist in my network. Since then my port 113 is stealth again!

What a nice, dirty trick CrazyM!

I owe you a beer or two!

Best regards,

Patrice

[eyespy]

OK...
I got it figured out. 113 is stealthed and no response to pings ! I'll try it for a few days and report any problems.

Ty CrazyM and Patrice

regards,
bill

[CrazyM]

Hi Bill

Good to hear you got it sorted out. Be sure to check all the default settings in the configuration pages to make sure you are happy with them. ie. change default password, remote management are a couple to check.

Regards,

CrazyM

[CrazyM]

Quote:

quoting: Patrice link=board=18;threadid=9248;start=0#60649 date=1053019968]GREAT, I just did what CrazyM mentioned and this is working fine! I just forwarded port 113 to an IP which doesn't exist in my network. Since then my port 113 is stealth again!

What a nice, dirty trick CrazyM!

Hi Patrice

I have not kept up with the firmware releases for the BEFSR41 and how the different releases responded to scans (unfortunately it did vary between releases).

If you have a particular local service/port that continually responds closed on your router/gateway and if you want stealth, forwarding that port to a non-existant internal IP (or in Bill's case what DLink referes to as Virtural Server), is one way to have those packets dropped and achieve a stealth response. You just have to be careful in choosing the IP used and make sure it is not one that the router/gateway will use in it's assignment of IP's via the DHCP server. This technique for the Linksys was touched on by Pilli in this post with comments to be aware when doing this by myself.

Regards,

CrazyM

[eyespy]

[quote]

Quote:

quoting: CrazyM If you have a particular local service/port that continually responds closed on your router/gateway and if you want stealth, forwarding that port to a non-existant internal IP (or in Bill's case what DLink referes to as Virtural Server), is one way to have those packets dropped and achieve a stealth response. You just have to be careful in choosing the IP used and make sure it is not one that the router/gateway will use in it's assignment of IP's via the DHCP server. This technique for the Linksys was touched on by Pilli in this post with comments to be aware when doing this by myself.

Regards,

CrazyM

CrazyM,
I'll run this by you just in case I have it configured wrong.....

IP address..... 192.168.0.100

Subnet Mask..... 255.255.255.0

Default Gateway....192.168.0.1

This is under the CMD/ ipconfig in WinXP.


In the D-Link router config, below is the setup in the Virtual Server window....

I have Ident TCP port 113 forwarded to IP 192.168.0.10.

What do you think ??


regards,
bill

[Patrice]

Hi eyespy,

should work if I look at your settings. What are the results of the online test (GRC) now?

Regards,

Patrice

[CrazyM]

Hi Bill

If your system IP (192.168.0.100) is assigned automatically by the routers DHCP server that would suggest to me that it starts at .100 and goes up from there. In that case using 192.168.0.10 for the virtual server should be OK.

As I mentioned to Patrice in an earlier post: "You just have to be careful in choosing the IP used and make sure it is not one that the router/gateway will use in it's assignment of IP's via the DHCP server."

Is there a configuration page for the DLink's DHCP server that confirms the default range of IP's used?

Regards,

CrazyM

[eyespy]

Quote:

quoting: Patrice link=board=18;threadid=9248;start=0#60918 date=1053162230]
Hi eyespy,

should work if I look at your settings. What are the results of the online test (GRC) now?

Regards,

Patrice

Hi Patrice !
Port 113 now shows stealth and no "pings" returned.

regards,
bill

[eyespy]

Quote:

quoting: CrazyM link=board=18;threadid=9248;start=0#60951 date=1053182492]
Hi Bill

Is there a configuration page for the DLink's DHCP server that confirms the default range of IP's used?

Regards,

CrazyM

Thanks CrazyM !
In the D-Link wizard, under "Status", in the WAN section, DNS is 192.168.1.10 192.168.1.34 exactly.

I have Ident on port 113 set to Virtual Server 192.168.0.10

Everything seems to working fine at this point !!

thanks and regards,
bill