[CLUE-Tech] How secure is a Linksys BEFSR41 with these ports open
grant.johnson at twcable.com
grant.johnson at twcable.com
Fri Aug 16 14:40:08 MDT 2002
Was nmap being run on your machine? If so, the look of all of this
would make sense. You need to ssh to somewhere else, then run nmap from
there. As for ports being open, I don't believe it. I have one of
these, and I have pretty good control. Under the advanced tab, and then
the forwarding, you should be able to set up whatever. You may not be
able to turn off ping, as the router itself may be answering, but other
than that and maybe snmp, it should do nothing you don't tell it to do.
The defaults are pretty closed. Just check port 8080 from outside
tosee if remote administration is turned on.
The only real problems I have had is occasionally, it stops responding.
The little red "diag" light gets stuck on. A simple power cycle fixes
it. I probably have one every 6 months.
bof wrote:
> Hello,
>
> I was seeking a firewall/NAT router for my DSL connection and bought a
> Linksys BEFSR41. This post is to see if anyone else could check or
> comment on my experiences with it.
>
> Following its instructions to set up blocking WAN requests (according
> to their User's Guide, this would deny ping requests to hide the
> network ports (their words)), I then checked how well it was hidden by
> running nmap against its IP address.
>
> Here's what I found (the IP address is not shown for privacy and no
> longer belongs to me anyway, since it was a DCHP allocation):
>
> ~]#nmap -sT XXX.XXX.XX.XX
>
> (The 1553 ports scanned but not shown below are in state: closed)
> Port State Service
> 80/tcp open http
> [~]#nmap -sS XXX.XXX.XX.XX
> (The 1553 ports scanned but not shown below are in state: closed)
> Port State Service
> 80/tcp open http
> [~]#nmap -sU XXX.XXX.XX.XX
> (The 1453 ports scanned but not shown below are in state: closed)
> Port State Service
> 53/udp open domain 67/udp
> open dhcp 69/udp open
> tftp 161/udp open
> snmp 520/udp open
> route 5050/udp open mmcc
> [~]#nmap -p 1-65535 XXX.XXX.XX.XX
> (The 65534 ports scanned but not shown below are in state: closed)
> Port State Service
> 80/tcp open http
>
> This doesn't seem to be very invisible to me, so I called their Tech
> Support. I never did get a coherent answer about the other ports, but
> I was told that port 80 was always open, and that there was no way of
> closing it --- or for that matter, any of the others, because that is
> the way Linksys wrote its Stateful Packet Inspecting firewall.
>
> I would prefer that my system firewall would be completely invisible
> to ping requests --- there's no need for any open ports since I don't
> offer any services to the outside world.
>
> Would anyone comment on level of security with all these open ports?
>
> BOF
>
>
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list