Results 1 to 12 of 12

Thread: how to stealth port no. 513, and 514 in my router

  1. #1
    Junior Member
    Join Date
    Oct 2017
    Posts
    10

    how to stealth port no. 513, and 514 in my router

    Hi, I am having dlink 2730 U router. Now every router is not fully safeguarded from attacks. A check at grc.com, sheilds up revealed that my router ports 513 and 514 are closed but not stealth. Port No.113 details are given in the same page at details.
    How to make those ports stealth. if i stealth those ports, would there be any internet access problem? Now i am more concerned with the router because it is the point of gateway attacks that attackers try without leaving a trace to find .
    Are there any issues, if those are open. I also cannot find which applications are using the port. For your information, i am using google dns server in the router settings. I do not know how to attach a screen shot in this forum

  2. #2
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    9,573
    Blog Entries
    6
    port 113 is for IDENT, you can usually close it from the router's admin interface. Just look for a setting in the WAN/Admin menu to that effect, it is sometimes labeled as follows:
    "Respond to IDENT requests from WAN"
    "Respond to Echo (ping) Request from WAN"
    It is not necessarily that bad to leave this open, some apps may take longer to connect if your end is not pingable.


    Ports 513/514 TCP or UDP? They could be used by some VoIP apps, but also by remote logging, rsh/rcp. I would investigate that.. There is some more info here:
    https://www.speedguide.net/port.php?port=513
    https://www.speedguide.net/port.php?port=514

    I would try to disable any type of system logging and remote administration on the router and test again. We also have a portscan on SG, btw:
    https://www.speedguide.net/scan.php

  3. #3
    Junior Member
    Join Date
    Oct 2017
    Posts
    10
    I checked with your scan link. All the three ports are shown as filtered green. Do i need to bother? Then why Grc.com confuse with their results, i do not know. Should i check.
    How to enclose a file? in your forum?
    Is there any type of router scan available in this , like shields up. I am more concerned about router security. I have taken all precautions to change the admin password. Portforwarding, i did not try for those ports . Are those necessary? (in filter green)
    Does forwarding to non existing port means changing the last 3 octates of the ip? Does that number denotes the no of devices connected for a connection? I mean the no of devices , so the change of octate to higher numbers, knowingly would change the port to stealth?
    I will try to read as much posts in the forum on router security . Thanks and expecting. Kind of you to immediately send reply. The ports TCP connections .

  4. #4
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    9,573
    Blog Entries
    6
    I don't know why there is difference between GRC and SG, I can only vouch for our scan. You may have to make sure they are scanning your correct IP address, especially if you are going through some type of proxy from your ISP.

    Forwarding a port to a non-existing IP address on a LAN means changing the last octet of an IPv4 addresses... as in 192.168.1.5 vs. 192.168.1.222. The last octet does not necessarily signify the number of devices. NAT routers often use the first available IP in the subnet, most often .1 .. Then it assigns IPs depending on how its' "DHCP server range" is set, it could be, for example from .50 to .150, etc. (it can be changed). Using a non existing IP would be setting that last octet to a number not assigned to your router, outside of its DHCP range, and between 1-254. So, yes, higher numbers are usually safer, but not necessarily.

  5. #5
    Junior Member
    Join Date
    Oct 2017
    Posts
    10
    Hi, Thanks Philips.
    The reply is superb. But the problem is , i have tried to pf those three ports , 113,513 and 514 to a same Ip say, xxx.xxx.xxx.250, the scan does not stealth the ports. I also found default port forwarding there for some ports, which include the port no.113. I think, that port 113 is much important port for connectivity and computer network actions.
    If the pool range is 1 to 255, using 250 supposed to be a higher outside my range of devices. I mean, i use only devices less than 10. Is there anything wrong in . But, would a port forwarding consist of any default entries?
    If you give me idea how to attach a jpg file, i will be able to give the screen shot .Please, am a learner and not i t expert.

  6. #6
    Junior Member
    Join Date
    Oct 2017
    Posts
    10
    Hi, I checked with FAQ on posts. But selecting Reply from the thread and going to advanced option does not give me chance to manage attachments. is there any stipulated condition, that one could attach , only if the number of posts exceeds some numbers? Or the attachment is not permitted
    The default page set up
    service protocol wanp lanp
    auth tcp 113 113
    dns udp 53 53
    ftp tcp 21 21
    ipsec udp 500 500
    pop3 tcp 110 110
    ppt3 tcp 1723 1723
    smtp tcp 25 25
    ssh tcp 22 22
    telnet tcp 23 23
    tftp udp 69 69
    web tcp 80 80
    Last edited by jraju; 10-11-17 at 11:44 PM.

  7. #7
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    9,573
    Blog Entries
    6
    Yeah, there are some limits on newer members not being able to post attachments.

    Like I said before, port 113 is ident, and I wouldn't worry about it being closed instead of stealth.
    As to ports 513/514, you will have to go through all your router "Advanced/Diagnostics/Management" menu settings, and make sure they do not enable some type of remote logging, or remote admin access on those ports. some VoIP phones may be using the port as well. Just see what service may be using it on your router first.

    Also, if the SG scan shows them stealth already I am not sure what is with the GRC scan.

  8. #8
    Junior Member
    Join Date
    Oct 2017
    Posts
    10
    Hi, Could you say alternative way to enclose screenshots of the problem.
    Thanks. I did find a tr069 configuration page, having default url and admin pw, but not in enabled stage. This is using the port No. 7547,and i do not see that it is enabled . The box is left unchecked.
    There are some tick found in the NAT alg. Can i remove those, i do not know. The settings by default enabled with the following
    IPSec Pass-Through Enable
    L2TP Pass-Through Enable
    PPTP Pass-Through Enable
    FTP Enable
    H.323 Enable
    SIP Enable
    RTSP Enable
    ICQ Enable
    MSN Enable
    Can i uncheck those ?
    The trs 069 configuration page default settings It is not enabled
    Other than that there is no settings is enabled. I enabled DOS denial of service attacks for security.Did not touch DMZ.
    Where is remote administration menu? I could not find anywhere in the router settings easily.If i know, i will disable it

  9. #9
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    9,573
    Blog Entries
    6
    Leave the IPSec/L2TP/PPTP pass-throughs enabled.

    The H.323/SIP Enable settings -- those may be opening ports 513/514, not sure. Are you using some type of VoIP behind this router? Disabling may cause issues with telephone service.

    RTSP - usually uses port 554, streaming video, you can uncheck it.
    ISQ/MSN enable -- those can probably be unchecked.

  10. #10
    Junior Member
    Join Date
    Oct 2017
    Posts
    10
    Hi, I disabled all the things and checked and same result in GRC. You have touched upon all the things except, ftp, should it be enabled? I get the alarm that solicited tcp pockets received /failed. The GRC check all ports show, 113 in Green , ie., stealth. But , showing the 513 and 514 ports as closed. But , in scan on ordinary ports scan, (not all ports scan in GRC), 113 is shown as closed. The problematic port is listed as 113 and some suggestions are given.
    May i ask you , can i capture which applications are using the closed ports in netstat or in other commands.? Since, netstat -ano list all the listening and open ports, i do not seem to find the applications that are using the closed ports say my 513 and 514 .
    Elsewhere in some threads , i see that 113 auth, port is set as default start port in the router, by router makers to get proper connections over ports. If i see that again, i will enclose that.
    Regarding tr069 port, the url if deleted does not allow me to save the settings with different , error messages. I disaabled auto execution during start , but still i do not know, why the url is there. It is default set by dlink router, the admin user and pw shown as rtk, i do not know, why those entries are present there.
    I asked for alternative ways of enclosing the images to this forum, as that would easily help you to give the exact solutions and the exact problems i am facing... Sorry for delayed response, as i was otherwise engaged. Thanks Philips and still expect.
    I do not use any Voip services. I heard that using some satelite services. No.
    Last edited by jraju; 10-15-17 at 09:18 AM. Reason: add extra point

  11. #11
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    9,573
    Blog Entries
    6
    The ports could be open by your router. Commands like "netstat -ano" and others on your PC would only show ports on that particular client PC, not other clients or the router. That is why I said to look over the settings on the router more carefully, those "H.323" and "SIP" settings could be setting ports 513/514 to closed instead of stealth.

    Getting a result for a port as "closed" still does not allow connections to it. It only shows that you exist, they can only be used to potentially identify that your IP is online, and running certain OS... But they are still not accepting connections, so it may be a mute point. Like I said before, I wouldn't worry about the IDENT port 113 showing as closed, that may actually be a good thing.

  12. #12
    Junior Member
    Join Date
    Oct 2017
    Posts
    10
    Hi, thanks for reply. You mean, it is by default by dlink router for their routers. I just left ftp enabled and still the same results.
    i checked every settings . I will try still to probe the router https://ibb.co/iXROD6
    [IMG]
    Last edited by jraju; Yesterday at 09:28 PM.

Similar Threads

  1. Making Port 23 to be Stealth! how
    By John_84syd in forum Network Security
    Replies: 1
    Last Post: 07-28-04, 09:57 AM
  2. How to stealth port 113 on a DI-604 router
    By MadDoctor in forum Network Security
    Replies: 9
    Last Post: 05-25-04, 08:54 AM
  3. How do I stealth port 443?
    By scabbo in forum Network Security
    Replies: 10
    Last Post: 01-27-04, 06:01 PM
  4. Replies: 17
    Last Post: 02-15-01, 12:15 AM
  5. Replies: 4
    Last Post: 11-21-00, 11:55 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •