[lug] How secure is a Linksys BEFSR41 with these ports open
j davis
davis_compz at hotmail.com
Thu Aug 15 18:00:03 MDT 2002
hello,
I use dsl , but i have cisco678. I wanted my firewall to log so
i forwaded every port om my router to my firewall. So if you could do this
same thing then it would not matter if you linksys always had open ports..
they would be forwaded to a firewall and there you could do what ever you
want.
when i scan my ip the cisco does not appear to be there...put with closer
inspection using traceroute it could be discoverd...however...you could then
stop ping replies or whatever else you wanted...like snort or logging.
jd
http://www.taproot.bz
>From: bof <bof at pcisys.net>
>Reply-To: lug at lug.boulder.co.us
>To: CLUE-Tech <clue-tech at clue.denver.co.us>, BLUG <lug at lug.boulder.co.us>
>Subject: [lug] How secure is a Linksys BEFSR41 with these ports open
>Date: Thu, 15 Aug 2002 16:59:30 -0600
>
>Hello,
>
>I was seeking a firewall/NAT router for my DSL connection and bought a
>Linksys BEFSR41. This post is to see if anyone else could check or comment
>on my experiences with it.
>
>Following its instructions to set up blocking WAN requests (according to
>their User's Guide, this would deny ping requests to hide the network ports
>(their words)), I then checked how well it was hidden by running nmap
>against its IP address.
>
>Here's what I found (the IP address is not shown for privacy and no longer
>belongs to me anyway, since it was a DCHP allocation):
>
> ~]#nmap -sT XXX.XXX.XX.XX
>
> (The 1553 ports scanned but not shown below are in state: closed)
> Port State Service
> 80/tcp open http
>
> [~]#nmap -sS XXX.XXX.XX.XX
> (The 1553 ports scanned but not shown below are in state: closed)
> Port State Service
> 80/tcp open http
>
> [~]#nmap -sU XXX.XXX.XX.XX
> (The 1453 ports scanned but not shown below are in state: closed)
> Port State Service
> 53/udp open domain 67/udp open
> dhcp 69/udp open tftp
> 161/udp open snmp 520/udp open
> route 5050/udp open mmcc
>
> [~]#nmap -p 1-65535 XXX.XXX.XX.XX
> (The 65534 ports scanned but not shown below are in state: closed)
> Port State Service
> 80/tcp open http
>
>
>This doesn't seem to be very invisible to me, so I called their Tech
>Support. I never did get a coherent answer about the other ports, but I was
>told that port 80 was always open, and that there was no way of closing it
>--- or for that matter, any of the others, because that is the way Linksys
>wrote its Stateful Packet Inspecting firewall.
>
>I would prefer that my system firewall would be completely invisible to
>ping requests --- there's no need for any open ports since I don't offer
>any services to the outside world.
>
>Would anyone comment on level of security with all these open ports?
>
>BOF
>
>
>
>_______________________________________________
>Web Page: http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
thanks,
jd
jd at taproot.bz
http://www.taproot.bz
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
More information about the LUG
mailing list