Results 1 to 4 of 4

Thread: WISP and port scans

  1. #1
    orion_canuk Guest

    Default WISP and port scans

    I have recently signed up with a Wireless ISP and have the connection shared via a wired Linksys router to a 2nd pc. After the system was setup, I ran a port scan at GRC that showed I was stealth but for one Closed port. However, the WISP recently did an upgrade of their system and installed a new router. A re-scan showed I had one Open port (Telnet) and all the others were Closed -- no more stealth. This caused a little panic! I have no idea why their hardware change would have affected me in this manner. My IP is currently static (switching to dynamic soon) and I felt like I was walking around the 'Net with my pants around my ankles.

    After reading several threads here on the subject, I discovered that the port scan was scanning the router, not my pc. I am curious as to why the router itself isn't stealth -- is this normal or is this something I should address?

    Also, while poking around ZoneAlarm Pro's settings I noticed under 'Blocked Zone Security' > 'Advanced' under 'Internet Connection Sharing', 'This computer is NOT on an ICS/NAT gateway running ZoneAlarm Pro' was selected. Umm, I have a 2-user gateway license and the key was required to set up the router. I have changed that setting to 'This computer IS a client of an ICS/NAT gateway running ZoneAlarm Pro'. Is this correct? Isn't this where I should be?

    Windows XP Pro/SP2 (and all subsequent Critical Updates)
    ZoneAlarm PRo 6.1.737
    Windows Firewall > Disabled
    Nod32, etc., etc.

    ~Thanks in advance~

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.0

  2. #2
    ad_hock Guest

    Default Re: WISP and port scans

    Hi Orion_canuk
    About the first issue is indeed your external ip of he router that is scanned and not your computer, so you are defended from incoming intrusions as you have a private ip not scannable from the outside internet. About the fact that the router answers to solicitations the consequence is it indicates that at that ip something exists and encourage scanners to scan that ip. Anyway they don't get your computer but your router. However contact your ISP (I think you said is the supplier of the router) to see if there are ways to stealth completly the router.
    About the second point those settings are for a ICS connection which is not your case, so the first option seems to me to be the more correct.
    Best regards

  3. #3
    orion_canuk Guest

    Default Re: WISP and port scans

    Hello and thanks for the response.

    My router wasn't actually supplied by the ISP, its a 3-yr old 'never used' job I was given gratis. (Would I be better off with a newer one, or a firmware update maybe?)

    This WISP is a small-town, two-man enterprise -- so new they are still trying to catch up with installation orders. I did contact them first about the GRC results and ... well, they had never heard of GRC, couldn't vouch for the test reliability and weren't at all concerned that their results were the same as mine. Their motto is "It is the responsibility of each user to provide their own firewall and security." so it would seem that I am on my own as far as this router goes.

    I haven't the first clue as to how to go about stealthing a router -- but I am convinced that my current state is not good and I am on the hunt for a solution. I've checked the firewall settings on the router and its engaged (Enforcement Level is 'Conservative') ... but why isn't it Stealth just as a matter of course? Any tips as to how I can make it so?


    Thank you again for your time.

  4. #4
    ad_hock Guest

    Default Re: WISP and port scans

    Hi Orion/canuk
    I don't know yur router although as information I run the WTR54G from Linkys and I'm completely stealthed to the most common tests in the internet, namely shields up from GRC that I consider the best (I just trust this one, sygate and dslreports and exceptionaly pcflank). THe best chance you have is to read the router's manual or the web site and see if you find a reference to how to stealth the ports. Older routers normally are more difficult to stealth and there are also ports more difficult then others (port 113 is a classical example and you may find the explanation in www.grc.com). It's very common for instance the routers answer to pings (ICMP). As I said they see that in that external ip is a "computer" but they don't get your internal or private ip easily (it may happen however that the router leaks,which is not very normal). But as you are in wireless the bigger danger with old routers is that people in the range of your router signal suceed to connect to your router (one more reason to have a software firewall in the computer)as the only encryption that is safe is WPA that old routers and old computers also doesn't support. At least use WEP 128 bits that is better then nothing, disable SSID broadcast and enable MacAddress filtering, but I insist only WPA is reliable.
    Best regards

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •