UDP non-Stealthed

Discussion in 'LnS English Forum' started by AAP, Oct 24, 2003.

Thread Status:
Not open for further replies.
  1. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hello,To all

    Well here i go again back to L&S ran a test
    on it all was great but for this one here

    UDP non-Stealthed Huh any help at all please

    Good luck :D

    Hey,Paul ;)
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey AAP

    You can E-mail the rule-set to me and i can take a look for yea and e-mail back with the information on the culprit rule if you like...
     
  3. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hi, Phant0m

    Thanks where do i send it or how i don't see
    an E-Mail anywhere let me know please but i
    am safe for now Yes/No :rolleyes: & do i copy &
    send you the rules

    Thank you
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey AAP

    My E-mail is in my wilders profile (Phant0m@wilderssecurity.info)...

    You can send me the entire rule-set file and i'll take a gander at it for yea...
     
  5. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hi,Phant0m

    Ok thanks send it now by AAPlus

    on it's way

    Good luck :D
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey AAP

    Where did you get "UDP non-Stealthed" from?
    I checked the rule-set and there is no rule except for the DHCP rule which doesn't specify the DHCP server.
     
  7. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hi,Phant0m

    It was at PC Flank


    Packet' type Status
    TCP "ping" stealthed
    TCP NULL stealthed
    TCP FIN stealthed
    TCP XMAS stealthed
    UDP non-stealthed

    i hope this helps you or i should say help me hehe

    Good luck :D
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey AAP

    The EnhancedRulesSet.rls (Default rule-set) you've sent me blocks these types of packets, "Block : All other packets" rule in the rule-set at the very bottom catches these packets...

    Regards,
     
  9. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,Phant0m

    I also did a scan at Shields-up & the only
    thing i got was 113 IDENT which i think is
    from using Avast for scaning my E-Mail

    then all is ok

    Thanks
     
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey AAP

    For the identd rule have you configured the Identd Application for it?
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Also perhaps you should configure the Identd rule with the specific E-mail server… ;)
     
  12. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hi,Phant0m

    I have no idea how to do this hehe
    any help with that please

    Good luck :D
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Do you have an identd rule Enabled?

    In EnhancedRulesSet.rls the rule "TCP : Authorize Identification", is this Enabled or Disabled? Or did you create additional rules for Identd purposes?
     
  14. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    hi,Phant0m

    I think it is Disabled as far as i can tell
    sorry not good at this

    Good luck :D
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    What type of connection you have?
    You have Network?
    And are you using Router?
     
  16. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    I am using Cable & yes i'm on a Router

    Good luck :D
     
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Maybe the router is listening on identd port, or possibly another computer with identd listening?

    Otherwise the Online web-scan is displaying false reading, which is very common…
    Try re-doing the Online Scan few times or try alternative Online web-scans…
     
  18. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Unless you have forwarded any traffic through to systems behind the router, it is the router being tested by the online scans.

    The port 113/Ident showing as closed is normal for a number of different routers. It is also not unusual for routers to have the UDP results you did. As long as nothing is showing up in your LnS logs on the system behind the router, nothing is getting through.

    Depending on your router, there are usually workarounds to stealth port 113 if "stealth" is something you feel you need. As for the UDP, check your configuration options for the router and if you are runnng the current firmware.

    Regards,

    CrazyM
     
  19. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,Phant0m & CrazyM

    Ok going nut's here have no idea why this is going on
    i am gething the same thing for all 7 puters all of them
    give me the same thing how can this bee here it is again

    on all 7 @ PC Flank


    Packet' type Status
    TCP "ping" stealthed
    TCP NULL stealthed
    TCP FIN stealthed
    TCP XMAS stealthed
    UDP non-stealthed

    & @ Shields Up all 7 i get that
    113 IDENT

    oh why did i have my Boy's add this Router thing
    should i just remove it or is there a way around this

    now i think the UDP is a F/P you tell me guy's

    Thanks have a good one
     
  20. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey AAP

    Is Look ‘n’ Stop Installed on all the Network Computers?
    If so you can activate the EnhancedRulesSet.rls rule labelled "TCP : Authorize Identification" and configure block & warn Flag on-it. And re-run the online web-scan and keep an eye on that rule display in Look ‘n’ Stop’s Log screen, if you see them then you are getting the Ident packets otherwise you arent...

    You may just need to access the Router and check out its configurations and make modifications...
     
  21. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    AAP you using Windows XP on any of the Network Machines?
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I suppose just be easier to Forward those ident packets to Non-existing IP in your Network…

    There is a bit of Information about Routers at http://www.fasttrackhelp.com/development/ftfakes/kanat/kanaten.html. For Port Forwarding Info you should visit http://www.fasttrackhelp.com/development/ftfakes/kanat/portfwen.html.
     
  23. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hi,Phant0m

    No i just have L & S on 3 of the puters i think
    the problem is on my end like you just said
    i may need to check the Router i need to get this
    done before they go & install some other toy

    each time the add something it's more work
    for dad not good well you have a great weekend
    i am on my way to that link you posted then
    have a look at the config of that Router thing oh boy

    Thanks for all your time & help

    Hey,Paul
     
  24. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,Phant0m

    I got it fixed i just had a look at that link
    you posted for me & did as was said &
    all is good now you have a great weekend

    & once again thanks for all the help

    Good luck :D
     
  25. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,Phant0m

    There is one thing i forgot to add why am i
    not gething a Logfile when i look at the option
    for Log in L & S

    Thank you
     
Thread Status:
Not open for further replies.