Routers and Security

TbirdX · 15 Dec 2006 at 18:52

Have just gone over to a router after using ICS for a long time. Running Sygate personal firewall on my all PC's linked to the router.

My concern is that I'm not passing Symantecs port scan/hack test. It tells me It can get a ping and that I have 3 ports open.

Shields up tells me I'm all stealthed.

PC Flank thingy wouldn't run.

A further bash at Symantec and it appears to be scanning NTL's cache rather than my Ip although it definately wasn't doing that last night.

I can't ping my ip so is Symantec reporting incorrectly or is it picking up an answer through the web proxy or something or do I need to fiddle with my router some more??

Clarkey · 15 Dec 2006 at 19:28

your router will have ports open from the lan side. Forget what symantec bloatware wants to tell you its full of crap, the router wont have any open ports unless you opened them yourself.

benjo plz. · 15 Dec 2006 at 19:29

What router is it?

tolien · 15 Dec 2006 at 19:49

Being able to ping the router from the internet isn't a bad thing. Indeed, it's a good thing.

TbirdX · 15 Dec 2006 at 19:53

It's a safecom SBRU-10100 4 port Cable Router with USB print server.

I did open some ports, for BT and a Ventrillo server but none of the ones I opened were reported as being open. I guess they were pretty high numbers though.

benjo plz. · 15 Dec 2006 at 20:24

Make sure the remote admin ports are closed (it's somewhere in the settings). Safecom routers are well known for coming with them enabled by default.

TbirdX · 15 Dec 2006 at 20:27

There is a setting...

External Admin O Enable O Disable (Port:XXXX)

I have disable ticked.

celliott · 15 Dec 2006 at 21:10

tolien said:
Being able to ping the router from the internet isn't a bad thing. Indeed, it's a good thing.

In terms of security its better if all ports on your router are stealthed, and it automatically rejects all incoming traffic except certain specified ports you may need. i.e. the ventrilo server in this case.

tolien · 15 Dec 2006 at 21:54

celliott said:
In terms of security its better if all ports on your router are stealthed

I didn't question that. ICMP doesn't have ports though, and certainly should be permitted...

and it automatically rejects all incoming traffic except certain specified ports you may need. i.e. the ventrilo server in this case.

Default behaviour with NAT. It's still a good thing to allow a select few ICMP types. The only site that really perpetuates anything else is grc.com, which is a haven of FUD (and so completely worthless as a source of useful information).