Help with exposed NAT Router please :)-Solved

Discussion in 'other firewalls' started by spydespiser, Oct 22, 2003.

Thread Status:
Not open for further replies.
  1. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Hi guys i'm back

    Have been ill for a while so have not been able to sit at pc much but have dropped in now and again just to check up on gossip,jokes and issues :cool:

    B/Bands active now. Yippee :)
    PC's fast on the net. Yippee :)
    Dumped AOL (ha) Yippee :) Serves em right P*s*in me about
    Bought a NAT,F/W modem Greato_O

    I used to go to Gibbo's shields up and get a full stealth pass rating but since switching to my new Zoom 5551 Modem/Gateway/Router/Firewall i get closed ports with port 80 open

    i have read his bit about defaults on the WAN side but cannot seem to find necessary setting to close or re-stealth said ports

    I am currently using LAN connector at the moment as i cant seem to be able to get a connection with the USB/BT Yahoo B/Band side of things yet(no dial up tone)


    Any help,ideas appreciated
     

    Attached Files:

  2. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Well after many hours of not being able to connect and banging my head under desk and trying this and that i am now back in stealth mode at GRC(just got to try the others) :)

    the only thing i did that i hadn't already tried numerous times for last 24hrs was strip pc of every last trace of AOL's software, o_O makes you think doesn't it?

    Pc is a lot happier too, for last week or so i have had nothing but crashes and chkdsk's on bootup

    Still cant sign in to my BTyahoo services as they dont like the fact that i didn't want to spend my money on their poxy modem but have found a way to backdoor the browser and get to my email account(all their browser files force you through a dial-up login screenwhich is of absolutely no use to my modem(even usb with no phone/filters cant get dial tone required and modem is already by default to their specs)
    must of set up at least 20 different B/band configurations.no joy

    however i still have one concern.
    When i was using ahem AOL's ahem trial they scrambled my IP each time i connected so it always showed up at GRC differently but an IP the same as my BTyahoo account profile is displayed, have even powered down and disconected everything and then resubmitted again but it remains the same
    Is this my actual IP? or one devised by hardware f/w?

    I see cochise finally got his gif, i looked all over but due to 56k took ages just loading pages, and could only find a couple of chiefs

    Lost me paint shop animator as well :(

    SpyD
     

    Attached Files:

  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi spydespiser

    Not being familiar with this modem/router/firewall could you explain a little more about your current set up and connection type.

    Is your concern that your WAN IP appears to remain the same?
    Even though the ISP may say your IP is dynamic, it is not unusual for some to stay the same. Depending on your set up, the router will usually obain your public (WAN) IP from your service provider and systems behind it on the LAN will have private IP addresses assigned by the DHCP server in the router.

    Regards,

    CrazyM
     
  4. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Hi CrazyM :)

    I've just got back from ADSLGuides site and their reveiw of my product has answered more questions than manual does

    I have now got usb/network side working now
    Port 80 is back on display(dont know why i got it stealthed yesterday)

    Errrr dunno o_O :D :D
    Active ports shows me this so maybe everythings all right(please note since having dealings with aol i have had to go find and reinstall a lot of apps recently so didnt have tools to investigate matter)
     

    Attached Files:

  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi spydespiser

    By display do you mean it's showing as open or closed to scans?
    You might want to double check all your advanced settings to make sure no options are selected that may cause your router to listen/hold that port open on the WAN side.

    You Active Ports screenshot shows your system having a private LAN IP address (10.0.0.3). This is normal and the way it should be. Your router should have a status page somewhere which will show what your current WAN (public) IP is.

    Regards,

    CrazyM
     
  6. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    thanx crazym :)

    port 80 is open and the others are closed, they did stealth at one point with new modem/router but dont know what i did and all my settings are default (same as when they stealthed)

    the only setting page with any reference to ports is the one at first post (everything is left at default as advised by manual as it says only to change any other settings if advised to do so by ISP)

    all adv settings pages contain either router ips 000etc or subnet masks 255255255etc
    except wan status which shows my public ip (varies cause i have to keep resetting firmware when i change something it dont like)
    and a Static Ip add in my permanent VC settings

    i just cant uderstand why yesterday it stealthed and today it fails as all i have done since is change from LAN to USB connector, no settings have been changed as there were none to change, it was all preconfigured by default o_O and i'm not even sure it decloaked at that point, it could have been earlier for all i know o_O

    could i have a background programme such as yahooMess(i read somewhere) or something?, i dont know as i cant fully access account as btyahoo wont support or techhelp on modems you dont buy from them i.e. i cant switch to other subaccounts i have(sign in)use/access all features of account

    thanx for looking at this for me :)

    SpyD :cool:

    EDIT- maybe its just replying with blocking, my software f/w used to do that at first then learnt to ignore/stealth probes
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi SpyD

    Have you tried more than one online scan site?
    For a convenient list: https://www.wilderssecurity.com/showthread.php?t=6341

    Does the router have logging capabilities? If so, what do they show, in particular, does it show the port 80 scan?

    Does the software firewall on your system log any scans getting past the router?

    Regards,

    CrazyM
     
  8. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    crazym

    tried the blackcode one as well same result,(will try rest but thought maybe post query as i might be a while)

    just before coming back to wilders i found this but can no longer see s/w f/w in current avtivity page, they disappeared when scr/grab taken
     

    Attached Files:

  9. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    gotta do this seperate as i had trouble posting img before with yahoo browser

    did a trace on akamai but no registrant(dont know what it is)
    212dot23dot32dot13
    have a lot of new files since chaning to yahoo

    they both hilighted as being outbound to port 80

    they are back now i have done security check with f/w("optimal")

    i also had grc & wilders show up in Ybrowser section of current activity screen but now sign of f/w, does that mean that when i took scr/shot f/w disabled and grc & wilders were behind it(these were only 2 browsed in that time, these also hilighted as out bound 80

    unit does not seem to have logging capab's

    have recently cleared log but will maintain same connection and monitor while trying other scan sites :)

    thanx

    SpyD :cool:
    p.s. sorry it in two bits will have to visit test forum and mess with new browser(or change it :D )
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi SpyD

    The screenshots from your firewall would appear to be of current connections. The destination port 80 (http) and source port (ephemeral) are consistent with that and nothing to worry about.

    After doing the tests at the scan site, check the software firewall logs on your system to see if anything is showing up there. It is unfortunate if your router does not have any logging.

    ...also check your IM here on the board.

    Regards,

    CrazyM
     
  11. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Hi CrazyM :)
    only just got back

    have done a few of the other tests and checked warning logs just before reading your post

    only one warning and that was when browser requested permission to access hacker whackr

    most came up clear auditpc found my public ip but nowt else
    one found port80 but then explained it could be nat/server
    and other similar finds(which sounds right)

    so i think its ok,but still dont understand how ext modem stealth itself yesterday if i cant configure or instruct to allow/block trraffic o_O (everything stays at default except ISP username and p/word)
    It is also NAPT(network address port translation) by default

    I suppose you get what you pay for, although £80 could have had other uses :D Vodka LOL :D

    Thanx again for helping out :)

    SpyD :cool:
     
  12. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Spyd

    Your router could be holding open port 80, but restricting access. If this is the case, make sure you have changed any default user names and passwords to access the configuration pages. Also check if there are any remote administration options. If so, make sure it is disabled.

    You could try contacting Zoom support and ask if it is normal for your unit to show port 80 (http) open on the WAN side and what access, if any, there is.

    Regards,

    CrazyM
     
  13. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Hi CrazyM :)

    That was what i was praying for and have already changed all default user/pass names (did that on first failed scan, first thing i do after messing with anything)

    i will contact them as this isnt in their FAQ/scenario's

    and i think i already have remote admins and such in order but will check all settings again

    Thought i would let you guts have a crack at it as you may have come across similar threads/Hardware on travels

    Thanx again for time/feedback on issue :)

    KC now i can (do you want chocolate chips in it?)

    SpyD :cool:

    Whats a Remote OS guess, is it stuff thats trying me or possible stuff i'm using to restrict?
     
  14. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi SpyD

    I had a quick look around the site as well and could not see anything covering it. Let us know what you hear back.

    Thanks, glad to help out :)

    Scannners best guess at OS or what you may be using to restrict access.

    Regards,

    CrazyM
     
  15. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Update

    Emailed zoom on sunday got reply that i should have questions answered 1-3 business days, hopefully should have answers today/tonight(the 3rd day)

    SpyD :cool:
     
  16. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi spydespiser, There is a way of creating a black hole on most NAT routers,
    If you have a DMZ (Demilitarised Zone) capability in the router set up pages.
    Here is how to do it:
    Open to the DMZ IP address and add a local IP address that will not be an actual PC for instance if your PC's address is 10.0.0.3 create a DMZ IP of 10.0.0.200
    You dhould then go to the forwarding page if there is one and forward port 80 TCP & UDP to that IP you will then show Stealth on ALL the scan sites.

    All network traffic aimed at your real IP will be diverted to the .200 blackhole PC:) but all wanted traffic will be as normal. :)

    I am not familiar with your router so you may have to dig a bit for similar terms in your routers documentation.

    My experience is only with Linksys & 3COM and recently whilst testing another product part of which involved attacking my IP - They did not succeed though this did not include denial of service attacks.

    HTH Pilli
     
  17. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Thanx Pilli

    I have DMZ

    (pressed return by mistake and sent 1/2 a post) :D

    Am looking for forwarding port process screen/configuration
     

    Attached Files:

  18. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello Pilli
    What about a router that has only one address in the DMZ page and another cannot be added? The existing one can only be changed.
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Q-Section, True, most home routers have just 1 DMZ address, usually for a PC used as a server or for other uses but most NAT routers allow other methods for VPN etc.
    For most home users the Black hole method is very effectve.
     
  20. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Pilli
    So you are saying to make the only address on the DMZ page the DMZ non-existant one?
     
  21. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Hi Pilli,Q-section :)

    would this be the port forwarding setup screen o_O

    I,m treading completely new territory here as i've only been online a few week and have only just learnt s/w f/w's by hanging out here :)

    Text on DMZ
    >A DMZ cconfiguration bypasses the modem's NAT firewall and allows the computer to accept all incoming packets
    CAUTION! Use the DMZ feature with utmost care. It exposes the DMZ computers entire contents to the internet; there is no firewall protection whatsoever

    I take it the "Blackhole" alleviates this
    Wanted as in stuff/procs i initiate?
    what would happen if i had spyware or such, could it phone home or invite in unwanteds?

    Am posting this even though not fully complete as i have that many browsers/documentation open i've forgot what im doing :D :D :D

    Must try harder! :D :D :D
    EDIT-according to documentation i can open multiple ports(for a maximum of 20) but have to configure each one individually
    Would i do 1 for UDP
    then 1 for TCP?
     

    Attached Files:

  22. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Me :D :D :D
     

    Attached Files:

  23. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Q-Section, Yes you place the non existant one in the DMZ the Black hole

    Spydispiser, I do not think that the screanie you show is port forwarding, maybe port triggering VPN whatever?

    In the Linksys it is called port forwarding & is in a table format as stated above:

    port no: From | To | TCP | UDP |port| IP address BH

    In the 3com just has a place for the DMZ IP address & automatically routes normal traffic.

    Note the warning on the screenie below, which obviously applies if you have a "real" pc in the DMZ :)
     

    Attached Files:

  24. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    Still no E-mail :mad: (don't often get angry but when i do somebody got some explaining to do!)

    Hi Pilli :)

    sorry reply took so long

    tried something got booted off net
    server locked up and had to hard reset firmware
    had to dig out passwords
    had to reverse property settings manual told me to change
    coffee grew a layer of ice
    Ashtray set on fire LOL :eek: :eek: :eek: :D :D :D

    Tried a setup anyway cos documentation ref said Vitrtual server(port forwarding) so thought would try anyway
    Failed!
    All i seem to have is a NAT screen

    EDIT- :mad: some To**ers just cold called me on my new number that only 2 people should have! :mad:
    Time to remind BT who's paying their wages methinks
     

    Attached Files:

  25. spydespiser

    spydespiser Registered Member

    Joined:
    Sep 21, 2003
    Posts:
    162
    Location:
    Gtr M/C UK
    might as well add main screen while i'm bloating this thread with screenies :D




    I dont think that guy will ring back anymore :D :D :D :D :D
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.