Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to block open ports on a router.....

339 views
Skip to first unread message

Boaby

unread,
Aug 6, 2009, 11:22:49 AM8/6/09
to
Hello folks,

I have a D-Link DIR 655 wireless router with the latest available
firmware from D-Link. Recently I have done a port scan on my router
which displayed the following results:

PORT STATE SERVICE
80/tcp open http
4444/tcp open krb524
8099/tcp open unknown
20005/tcp open btx

Anyone has any ideas on how to closed open ports on a D-Link DIR 655?

Thanks,
Boaby

Boaby

unread,
Aug 6, 2009, 11:35:55 AM8/6/09
to

Wow, did not realize this newsgroup is swamped with advert postings....

Mara

unread,
Aug 6, 2009, 11:52:07 AM8/6/09
to

Where? I don't see them. That's what a good newsfeed does. :)

--
Why can't people set their clocks, reply to the correct poster, test in
a test group, write a coherent question, or keep a question to one thread?
Some people are so far from hitting the nail, it doesn't matter if they
have a hammer or a banana. --trout, 24hshd, c.2002

Aardvark

unread,
Aug 6, 2009, 12:06:50 PM8/6/09
to
On Thu, 06 Aug 2009 16:35:55 +0100, Boaby wrote:

> Wow, did not realize this newsgroup is swamped with advert postings....

Funny, I can't see any.

floffy2

unread,
Aug 6, 2009, 12:04:42 PM8/6/09
to

port 80 = Webpage , Do you have a web page server ??
port 4444 = use for IPV6 <-- this is ok
The 2 other i do not known
go to http://192.168.0.1 or http://192.168.1.1 depend the router
router ask login / password , one of them normaly is : admin
after in goto firewal-> port forward and check of the port below are
list
un list them et voila !


--
floffy

Message has been deleted
Message has been deleted

floffy2

unread,
Aug 6, 2009, 12:14:49 PM8/6/09
to

Me too, i do not see this ADVERT posting....
But i use a Good news server that remove this ADVERT stoff
Use a good news server

--
Via/post http://sub-sys.com/f


--
floffy

Boaby

unread,
Aug 6, 2009, 2:50:09 PM8/6/09
to

Thanks for the suggestion, Floffy2. I can confirm that I have port
forwarding on my router but it does show any ports are set to open?
There does not seem to be an ability to close ports on a D-Link DIR 655
router? I am truly mystified by this?

Boaby

why?

unread,
Aug 6, 2009, 2:59:13 PM8/6/09
to

On Thu, 6 Aug 2009 12:04:42 -0400, floffy2 wrote:

>
>Boaby;3941 Wrote:
>> Hello folks,
>>
>> I have a D-Link DIR 655 wireless router with the latest available
>> firmware from D-Link. Recently I have done a port scan on my router
>> which displayed the following results:
>>
>> PORT STATE SERVICE
>> 80/tcp open http
>> 4444/tcp open krb524
>> 8099/tcp open unknown
>> 20005/tcp open btx
>>
>> Anyone has any ideas on how to closed open ports on a D-Link DIR 655?
>>
>> Thanks,
>> Boaby
>
>port 80 = Webpage , Do you have a web page server ??
>port 4444 = use for IPV6 <-- this is ok

4444 is already confusingly used twice Kerberos v5 to v4 service / NV
Video.

Of course it's likely to be used in IPv6, OP didn't say anything about
IPv6.

If it's an exploit and user isn't using krb524 then it's 50/50 it's okay
or not. Other checks would have to be made.

>The 2 other i do not known

Then you don't know about this maybe?
http://www.iana.org/assignments/port-numbers
although many ports above 1024 are used by anything.

# 8089-8096 Unassigned

openwebnet 20005/tcp OpenWebNet protocol for electric network
openwebnet 20005/udp OpenWebNet protocol for electric network


>go to http://192.168.0.1 or http://192.168.1.1 depend the router
>router ask login / password , one of them normaly is : admin
>after in goto firewal-> port forward and check of the port below are
>list

Depends if user means shutting down the router web / admin or the
through router access to PC ports. OP said they did a port scan on the
router, didn't say if that's what they really meant / understood the
test to be for.

'port forward and check of the port below are list' , means what?

>un list them et voila !

More likely it's enable / disable.

Me

nobody >

unread,
Aug 6, 2009, 4:55:06 PM8/6/09
to

Those open ports may not be an issue.

Run "Shields Up" from Steve Gibson's GRC.
https://www.grc.com/x/ne.dll?bh0bkyd2
That site will test your router and PC for vulnerability from the
outside. It will give you a report and explain what ports are seen from
the outside and a description of what they do and possible problems.

Steve Gibson is kind of a nutcase, but he does write good code. "Shields
Up" is very,very good.

§ñühw¤£f

unread,
Aug 6, 2009, 5:17:55 PM8/6/09
to

Often its way easier than making port by port decisions.
Under the routers firewall tab should be some choices like "high" "medium"
"low" and "none".

The suggestion to go to the SheildsUp! website is always good.


--
Proof of Americas 3rd world status:
http://www.ramusa.org/
"I believe there are more instances of the abridgement of freedom of the people
by gradual and silent encroachments by those in power than by violent and
sudden usurpations.... The means of defense against foreign danger historically
have become the instruments of tyranny at home."
-James Madison

Steve

unread,
Aug 6, 2009, 7:36:52 PM8/6/09
to
In article <2009080616355516807-nothanks@spamtvnet>, noth...@spam.tv.net says...

What advert posts? Don't see any here. Anyway, you should find out what computers
and programs are using those ports before doing any blocking.


s

NormanM

unread,
Aug 6, 2009, 11:38:42 PM8/6/09
to

Can't be done, considering that the DIR-655 doesn't open any ports without
user intervention.

Have you done a 'netstat' scan from inside of your LAN?

My scan results against my DIR-655, from the outside:

| ----------------------------------------------------------------------
|
| GRC Port Authority Report created on UTC: 2009-08-07 at 03:32:02
|
| Results from scan of ports: 80, 4444, 8099, 20005
|
| 1 Ports Open
| 0 Ports Closed
| 3 Ports Stealth
| ---------------------
| 4 Ports Tested
|
| NO PORTS were found to be CLOSED.
|
| The port found to be OPEN was: 80
|
| Other than what is listed above, all ports are STEALTH.
|
| TruStealth: FAILED - NOT all tested ports were STEALTH,
| - NO unsolicited packets were received,
| - A PING REPLY (ICMP Echo) WAS RECEIVED.
|
| ----------------------------------------------------------------------

My 'netstat' scan, in part:

| C:\utils\ns_bench>netstat -aon
|
| Active Connections
|
| Proto Local Address Foreign Address State PID
| TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 524

Ports 4444, 8099, and 200005 do not show up as either "listening"
('netstat'), or "open" (GRC ShieldsUP!).

Port 80 is both because I am running Apache, and set up a port 80 pinhole in
my router.

I have no clue how Blueyonder configures their customers. There is always
the possibility that they have some kind of proxy between your CPE and the
Internet; in which case, you are scanning their equipment, not yours.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

Boaby

unread,
Aug 7, 2009, 10:10:54 AM8/7/09
to

Just want to thank everyone with their responses so far. I have tried
the shields up website to test my router's port detection. Shields up
gave a resounding score of 100% success of no open ports.

The site explains this:


Your system has achieved a perfect "TruStealth" rating. Not a single
packet — solicited or otherwise — was received from your system as a
result of our security probing tests. Your system ignored and refused
to reply to repeated Pings (ICMP Echo Requests). From the standpoint of
the passing probes of any hacker, this machine does not exist on the
Internet. Some questionable personal security systems expose their
users by attempting to "counter-probe the prober", thus revealing
themselves. But your system wisely remained silent in every way. Very
nice.

So is that a good thing?

Once again thanks for the advice and links.

Boaby


why?

unread,
Aug 8, 2009, 7:16:21 AM8/8/09
to

On Thu, 06 Aug 2009 15:17:55 -0600, ���hw��f wrote:

>In message <f98m759m9enjq2p9a...@4ax.com>, why? wrote:
>>
>> On Thu, 6 Aug 2009 12:04:42 -0400, floffy2 wrote:
>>
>> >
>> >Boaby;3941 Wrote:
>> >> Hello folks,
>> >>
>> >> I have a D-Link DIR 655 wireless router with the latest available
>> >> firmware from D-Link. Recently I have done a port scan on my router
>> >> which displayed the following results:
>> >>
>> >> PORT STATE SERVICE
>> >> 80/tcp open http
>> >> 4444/tcp open krb524
>> >> 8099/tcp open unknown
>> >> 20005/tcp open btx

<snip>

>> >> Boaby
>> >
>> >port 80 = Webpage , Do you have a web page server ??
>> >port 4444 = use for IPV6 <-- this is ok
>>
>> 4444 is already confusingly used twice Kerberos v5 to v4 service / NV
>> Video.
>>
>> Of course it's likely to be used in IPv6, OP didn't say anything about
>> IPv6.
>>
>> If it's an exploit and user isn't using krb524 then it's 50/50 it's okay
>> or not. Other checks would have to be made.

<snip>

>> 'port forward and check of the port below are list' , means what?
>>
>> >un list them et voila !
>>
>> More likely it's enable / disable.
>>
>> Me
>
>Often its way easier than making port by port decisions.
>Under the routers firewall tab should be some choices like "high" "medium"
>"low" and "none".

That as well, although I prefer the port/application rule at a time. I
go by what's logged as blocked and add a rule as required.

>The suggestion to go to the SheildsUp! website is always good.

That and 1 or 2 others at the same time to make sure.

Me

why?

unread,
Aug 8, 2009, 7:17:48 AM8/8/09
to
On Fri, 7 Aug 2009 15:10:54 +0100, in 24hoursupport.helpdesk you wrote:

>On 2009-08-07 04:38:42 +0100, NormanM <spamme...@immoral.invalid> said:
>
>> On Thu, 6 Aug 2009 16:22:49 +0100, Boaby wrote:
>>
>>> Hello folks,
>>>
>>> I have a D-Link DIR 655 wireless router with the latest available
>>> firmware from D-Link. Recently I have done a port scan on my router
>>> which displayed the following results:
>>>
>>> PORT STATE SERVICE
>>> 80/tcp open http
>>> 4444/tcp open krb524
>>> 8099/tcp open unknown
>>> 20005/tcp open btx

<snip>

>Just want to thank everyone with their responses so far. I have tried
>the shields up website to test my router's port detection. Shields up
>gave a resounding score of 100% success of no open ports.

BY/VM say they don't block ports except the NetBIOS filesharing ports.
Check old posts / ask in the ng - virginmedia.users.self-help.security

>The site explains this:
>
>
>Your system has achieved a perfect "TruStealth" rating. Not a single
>packet � solicited or otherwise � was received from your system as a
>result of our security probing tests. Your system ignored and refused
>to reply to repeated Pings (ICMP Echo Requests). From the standpoint of
>the passing probes of any hacker, this machine does not exist on the
>Internet. Some questionable personal security systems expose their
>users by attempting to "counter-probe the prober", thus revealing
>themselves. But your system wisely remained silent in every way. Very
>nice.
>
>So is that a good thing?

Depends on your point of view. The strict? intrepretaion of the RFCs
http://en.wikipedia.org/wiki/Request_for_Comments
says certain traffic should be allowed. Setting stealth on
router/firewall breaks the basic operation.

You can google for the above ( using port stealth rfc blocking) and see
the various points of view for yourself.

>Once again thanks for the advice and links.
>
>Boaby

Me

0 new messages