# router security



## frustratedIam (Apr 19, 2005)

I have a d-link broadband router. I wanted to check its security so went to sheilds up and just about ALL ports showed open. Help me please


----------



## johnwill (Sep 26, 2002)

It sounds like you have configured your machine to be in the DMZ, or you have the router installed incorrectly. Do you have the broadband modem running to the WAN port of the router, and your machine connected to one of the LAN ports?


----------



## frustratedIam (Apr 19, 2005)

I have a always on satelite connection to the net and configed it to be a dynamic ip in the router and my pc in the lan port


----------



## johnwill (Sep 26, 2002)

It the satellite connection plugged into the WAN port?


----------



## frustratedIam (Apr 19, 2005)

yes, it is plugged into the wan port


----------



## johnwill (Sep 26, 2002)

How about the model of the router, the version and patch level of Windows, and the output of this:

Open a DOS window and type:

IPCONFIG /ALL >C:\RESULT.TXT

Open C:\RESULT.TXT with Notepad and copy/paste the entire results here.


----------



## frustratedIam (Apr 19, 2005)

router is a d-link DI-604 v.3.51 windows xp media center sp 2

results


Windows IP Configuration



Host Name . . . . . . . . . . . . : SUSIEQ

Primary Dns Suffix . . . . . . . : 

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : anikast.ca



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : anikast.ca

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-11-2F-D6-F9-2F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : September 22, 2005 5:55:05 PM

Lease Expires . . . . . . . . . . : September 29, 2005 5:55:05 PM


----------



## frustratedIam (Apr 19, 2005)

*tearing my hair out!*

I removed the router and connected straight through to the internet. I get the same results as I did with the router. I am so confused. When I had dialup and checked gibsons sheilds up all ports were in stealth. I am using zonealarm pro


----------



## johnwill (Sep 26, 2002)

Well, it makes no sense to me. The only way I can see the router allowing all the ports is that you have the machine in the DMZ, or you have connected the router incorrectly. Have you reset it to factory defaults and tried it?


----------



## frustratedIam (Apr 19, 2005)

I have reset it to factory defaults and am not in dmz. I am going to unhook everything and try again. The funny thing is that when I bypassed the router I didn't have to change how I connect to the internet.


----------



## Resolution (Sep 17, 2005)

Does that router allow you to set firewall rules such as this...

http://support.dlink.com/emulators/di604_reve/adv_firewall.html


----------



## frustratedIam (Apr 19, 2005)

yes, I can do that. I was trying to figure that out


----------



## johnwill (Sep 26, 2002)

The router in it's default configuration should allow very few ports through, 113 is sometimes visible, but little else.

Exactly what ports show up open when you're using the router after a factory reset and do the port scan?


----------



## frustratedIam (Apr 19, 2005)

I rese the router and did a all service ports scan and everyone was open except 20,21,80,137,138,139,443 and 445 are all in stealth. I got the same results from my other computer on the network


----------



## frustratedIam (Apr 19, 2005)

take note as stated in a previous post I get the same results when I bypass the router


----------



## johnwill (Sep 26, 2002)

This is apparently one I'd have to see. I have an SMC and a D-Link router here, and they work as I'd expect, and my ports are all invisible, except for the FTP port, which I have open for my server. Please post your report here when using the router.

GRC Port Authority Report created on UTC: 2005-09-24 at 22:55:58

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 
119, 135, 139, 143, 389, 443, 445, 
1002, 1024-1030, 1720, 5000

0 Ports Open
1 Ports Closed
25 Ports Stealth
---------------------
26 Ports Tested

NO PORTS were found to be OPEN.

The port found to be CLOSED was: 21

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.


----------



## frustratedIam (Apr 19, 2005)

shields up report

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2005-09-24 at 23:34:02

Results from scan of ports: 0-1055

1048 Ports Open
0 Ports Closed
8 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be CLOSED.

Ports found to be STEALTH were: 20, 21, 80, 137, 138, 139, 443, 
445

Other than what is listed above, all ports are OPEN.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.


----------



## Resolution (Sep 17, 2005)

First off, I have never seen a router automagically block ports that are notorious for being hacker targets, and then somehow leave everything else open. Turn off ZoneAlarm and then run the test. See if they differ when using the router and without it.


----------



## frustratedIam (Apr 19, 2005)

zonealarm shut off

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2005-09-25 at 00:01:58

Results from scan of ports: 0-1055

1048 Ports Open
0 Ports Closed
8 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be CLOSED.

Ports found to be STEALTH were: 20, 21, 80, 137, 138, 139, 443, 
445

Other than what is listed above, all ports are OPEN.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.


----------



## frustratedIam (Apr 19, 2005)

I used zonealarm to block all the ports that are open and I still get the same results. Is it possiible shields up is not testing the correct ip?


----------



## Resolution (Sep 17, 2005)

I'm all out of answers. Actually, no, I would get a new router (preferably a Linksys). :smile:


----------



## frustratedIam (Apr 19, 2005)

Hi people
thanks for trying to help me. 1 more question. will the routers log show the shields up testing the ports?


----------



## Resolution (Sep 17, 2005)

If it is functioning correctly, yes.


----------



## frustratedIam (Apr 19, 2005)

ok thanks for your input, it is very much appreciated


----------

