Ports got Opend in grc test

Discussion in 'other firewalls' started by Ranget, Nov 8, 2011.

Thread Status:
Not open for further replies.
  1. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    i try to test my firewall using Grc Sheild'sup

    Now i have port 80 is open and Port 113 is closed

    it used to be all stealth o_O

    what seems to be the problem
    is it the Isp changing things or i just got hacked :ninja:

    router Remote administration is disabled also other non important services

    also i lurked around some underground sites using Live disks
    so is that an outbound attack or just the ISP fault
     
  2. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    So you are testing using a router, remote administration enabled or not? If you want to test your software firewall, you need to bypass your router completely, or it will be the router that is scanned.
     
  3. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    i'm testing the router

    i'm worried that my hardware firewall Got bypassed
    then i got remote attacked o_O
     
  4. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Oh, sorry, then I misunderstood you.

    There are two things I can think of:

    If uPnP enabled in the router? If it is, then a service or program on your computer can open up a port in the router by itself.

    And do you happen to have USB Storage configured for access over the WAN in the router config by any chance?
     
  5. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    i think it's disabled

    didn't understand how a usb storage will access over WAN ??
     
  6. Eiso

    Eiso Registered Member

    Joined:
    Nov 17, 2011
    Posts:
    44
    Mind me asking what router you're using?

    To ensure your router is most secure, login to the IP of your router (usually 192.168.1.1 by default), select advanced if applicable and search for uPnP (Deselect / turn this off) do the same for any feature stating 'USB' (Most mid to high-end range routers nowadays include cloud services to remotely access network shares on your router. This can be used as a vulnerability to exploit).

    Also, you should have Firewall options that would fall under something along the lines of 'Block Services' or 'WAN to LAN Filter'. Under these, make sure you have all unnecessary ports set as a rule. Most users would only require port 80 (HTTP), port 443 (HTTPS SSL) to access the web, everything around that is ideally blocked. Port 113 is an identity service. I would block that. Also make sure you have a very strong password for your Admin account (to login to the router) I would generate a strong password and store it in an encrypted password manager such as KeePass.

    Edit: Also, if your router features wireless, but you don't use this, first turn off 'SSID Broadcast' or 'Radio signal' then disable wireless, either way you should use WEP2-AES as your encryption and also give this a very strong password.

    Hope this helps. :)
     
    Last edited: Nov 20, 2011
  7. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    i tried everything with this router i don't seem to know how to close the port
    i disabled everything rest the default setting
    and now it seems that the router Bricked and started dropping the connection at random times :mad:

    now i tried another Router
    scanned it via GRC it's also has Ports opened :mad: :mad: :mad: :mad:
    that i don't seem to know how to close them


    the second router ports are
    21,22,23 stealth
    80 is opend
    the rest is closed


    what should i do

    are those routers infected Like firmware changed or something o_O?
     
  8. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Hehehehhe

    i called the store that i bought the router from
    He told me to Disable the Firewall :D
     
  9. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Guys Really Need help here i'm Freaking out

    bare with me for a second
    1- Router is small Micro Computer that uses OS to
    2- my router used to be ok everything stealth
    3- after a month i found one port open and the other is closed+

    the firewall have just on/off in it and also if it's blocked that mean it's not stealth that in the first router

    the second router firewall
    have the ddos prevention options
    i tried disabling the firewall in this router the result still the same


    i'm afraid the both router Got hacked someway and the OS on them change
    it's the default manufacturer OS

    Both are DLINK

    also if the Router Firewall is Off
    am i in danger if i was using software firewall

    anything can help in my situation
    Like using a Rubber or something to protect me o_O??
     
  10. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Try Reflashing the Routers Firmware with the latest version

    Like any electronic device, power surges, outages, spikes, can damage or corrupt files and/or components.

    Like any firmware, software, they need to be upgraded to current standards and technology and/or to fix bugs.

    If anything is amiss with the routers firmware, reflashing the routers firmware should resolve it.


    HKEY1952
     
  11. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    thanks

    tried flashing the first One nothing happened just a small change in the Router web site GUI the Firewall stayed the same

    so i send it to a Hardware store
    currently holding on re flushing the other router

    thanks for Help
     
  12. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    i tried Updating firmware and i lost my internet connection so i downgraded to the previous one

    a quick question
    i couldn't close the ports in the First router
    so i made a virtual server with an unused ip and i used those ports on it
    so is that safer o_O?

    so i don't know what to do i tried Looking for a discrete Hardware Firewall
    and the cheapest one i found is 500$ >:|
     
  13. Eiso

    Eiso Registered Member

    Joined:
    Nov 17, 2011
    Posts:
    44
    I use Netgear WNDR3800 as my main router. It features;

    Double firewall protection (SPI and NAT firewall)
    Denial-of-service (DoS) attack prevention
    Business-class Wi-Fi security and firewall

    Best in home wireless routers in my opinion.

    All USB & uPnP features turned off. All ports blocked in 'Block Services' except 53, 80 and 443.

    All ports showup as stealth in GRC tests (which uses a full TCP half-open syn scan), some ports show closed in pcflank's 'basic' scan, but it really is closed. Impossible to open. All ports show up as stealth in Nmap port scanner.

    It's secure.

    Edit: Alternatively there is ASUS RT-N56U which will achieve the same results if configured correctly, is faster, more secure wifi channels (ai radio) and is great for gaming. Plus it also looks amazingly cool! :D
     
  14. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    i really have no need in wireless
    wired router is more than enough for me

    that router Look cool i will look if i'll find something like it that i can afford
    anyway the Main question was why those ports got opened in the first Place !!!
    i flashed the router / reset it a thousand time after
    i played with every setting available in the menu still no use

    anyway i can't afford like a expensive router at the time so i will just have to work with what i have
     
Loading...
Thread Status:
Not open for further replies.