[CLUE-Tech] How secure is a Linksys BEFSR41 with these ports open

grant.johnson at twcable.com grant.johnson at twcable.com
Fri Aug 16 14:40:08 MDT 2002 

Was nmap being run on your machine?  If so, the look of all of this 
would make sense.  You need to ssh to somewhere else, then run nmap from 
there.  As for ports being open, I don't believe it.  I have one of 
these, and I have pretty good control.  Under the advanced tab, and then 
the forwarding, you should be able to set up whatever.  You may not be 
able to turn off ping, as the router itself may be answering, but other 
than that and maybe snmp, it should do nothing you don't tell it to do. 
 The defaults are pretty closed.  Just check port 8080 from outside 
tosee if remote administration is turned on.

The only real problems I have had is occasionally, it stops responding. 
 The little red "diag" light gets stuck on.  A simple power cycle fixes 
it.  I probably have one every 6 months.

bof wrote:

> Hello,
>
> I was seeking a firewall/NAT router for my DSL connection and bought a 
> Linksys BEFSR41. This post is to see if anyone else could check or 
> comment on my experiences with it.
>
> Following its instructions to set up blocking WAN requests (according 
> to their User's Guide, this would deny ping requests to hide the 
> network ports (their words)), I then checked how well it was hidden by 
> running nmap against its IP address.
>
> Here's what I found (the IP address is not shown for privacy and no 
> longer belongs to me anyway, since it was a DCHP allocation):
>
>    ~]#nmap -sT XXX.XXX.XX.XX
>
>    (The 1553 ports scanned but not shown below are in state: closed)
>    Port       State       Service
>    80/tcp     open        http                   
>    [~]#nmap -sS XXX.XXX.XX.XX
>    (The 1553 ports scanned but not shown below are in state: closed)
>    Port       State       Service
>    80/tcp     open        http                   
>    [~]#nmap -sU XXX.XXX.XX.XX
>    (The 1453 ports scanned but not shown below are in state: closed)
>    Port       State       Service
>    53/udp     open        domain                     67/udp     
> open        dhcp                       69/udp     open        
> tftp                       161/udp    open        
> snmp                       520/udp    open        
> route                      5050/udp   open        mmcc                   
>    [~]#nmap -p 1-65535 XXX.XXX.XX.XX
>    (The 65534 ports scanned but not shown below are in state: closed)
>    Port       State       Service
>    80/tcp     open        http                   
>
> This doesn't seem to be very invisible to me, so I called their Tech 
> Support. I never did get a coherent answer about the other ports, but 
> I was told that port 80 was always open, and that there was no way of 
> closing it --- or for that matter, any of the others, because that is 
> the way Linksys wrote its Stateful Packet Inspecting firewall.
>
> I would prefer that my system firewall would be completely invisible 
> to ping requests --- there's no need for any open ports since I don't 
> offer any services to the outside world.
>
> Would anyone comment on level of security with all these open ports?
>
> BOF
>
>
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list