[lug] How secure is a Linksys BEFSR41 with these ports open

j davis davis_compz at hotmail.com
Thu Aug 15 18:00:03 MDT 2002 

hello,
  I use dsl , but i have cisco678. I wanted my firewall to log so
i forwaded every port om my router to my firewall. So if you could do this
same thing then it would not matter if you linksys always had open ports..
they would be forwaded to a firewall and there you could do what ever you 
want.
when i scan my ip the cisco does not appear to be there...put with closer
inspection using traceroute it could be discoverd...however...you could then
stop ping replies or whatever else you wanted...like snort or logging.

jd
http://www.taproot.bz

>From: bof <bof at pcisys.net>
>Reply-To: lug at lug.boulder.co.us
>To: CLUE-Tech <clue-tech at clue.denver.co.us>, BLUG <lug at lug.boulder.co.us>
>Subject: [lug] How secure is a Linksys BEFSR41 with these ports open
>Date: Thu, 15 Aug 2002 16:59:30 -0600
>
>Hello,
>
>I was seeking a firewall/NAT router for my DSL connection and bought a 
>Linksys BEFSR41. This post is to see if anyone else could check or comment 
>on my experiences with it.
>
>Following its instructions to set up blocking WAN requests (according to 
>their User's Guide, this would deny ping requests to hide the network ports 
>(their words)), I then checked how well it was hidden by running nmap 
>against its IP address.
>
>Here's what I found (the IP address is not shown for privacy and no longer 
>belongs to me anyway, since it was a DCHP allocation):
>
>    ~]#nmap -sT XXX.XXX.XX.XX
>
>    (The 1553 ports scanned but not shown below are in state: closed)
>    Port       State       Service
>    80/tcp     open        http
>
>    [~]#nmap -sS XXX.XXX.XX.XX
>    (The 1553 ports scanned but not shown below are in state: closed)
>    Port       State       Service
>    80/tcp     open        http
>
>    [~]#nmap -sU XXX.XXX.XX.XX
>    (The 1453 ports scanned but not shown below are in state: closed)
>    Port       State       Service
>    53/udp     open        domain                     67/udp     open       
>  dhcp                       69/udp     open        tftp                    
>    161/udp    open        snmp                       520/udp    open       
>  route                      5050/udp   open        mmcc
>
>    [~]#nmap -p 1-65535 XXX.XXX.XX.XX
>    (The 65534 ports scanned but not shown below are in state: closed)
>    Port       State       Service
>    80/tcp     open        http
>
>
>This doesn't seem to be very invisible to me, so I called their Tech 
>Support. I never did get a coherent answer about the other ports, but I was 
>told that port 80 was always open, and that there was no way of closing it 
>--- or for that matter, any of the others, because that is the way Linksys 
>wrote its Stateful Packet Inspecting firewall.
>
>I would prefer that my system firewall would be completely invisible to 
>ping requests --- there's no need for any open ports since I don't offer 
>any services to the outside world.
>
>Would anyone comment on level of security with all these open ports?
>
>BOF
>
>
>
>_______________________________________________
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>Join us on IRC: lug.boulder.co.us port=6667 channel=#colug


thanks,
jd

jd at taproot.bz
http://www.taproot.bz

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

More information about the LUG mailing list