James G. Sack (jim) wrote:
GRC ShieldsUpRalph Shumaker wrote:
James G. Sack (jim) wrote:
Ralph Shumaker wrote:
..
Well, according to GRC ShieldsUp, my ports 22 (ssh remote login
protocol) and 631 (internet printing protocol) are responding as
closed. (All other ports between 0 and 1055 are not even replying.)
Also, my IP address responds to a ping. According to Gibson, responding
to a ping and responding with "port closed" are security concerns
apparently because they essentially announce my presence to passing
pings and port scans and put me on the bad guys' radars.
I'm afraid I don't picture where you are running this GRC program from
-- is is run from somewhere on the internet outside your DSL modem?
I also don't know precisely what GRC means by "closed". I'm a bit sleepy
at the moment, so I may be missing something, but I would guess I might
want to watch the ethernet wire (eg, with tcpdump) at the GRC end to
see what's happening.
Sorry, look here:
https://www.grc.com/x/ne.dll?bh0bkyd2
Be careful about the difference between disabling ping and turning icmp
off -- ping is just one message type within icmp. It is possible to turn
it off without turning off the rest of icmp -- several parts of icmp are
quite important to allowing other things to work correctly. Sorry I
can't remember just which, at the moment.
I know nothing about icmp. I wouldn't disable ping unless I thought it
would make me more secure and felt reasonably certain that it wouldn't
mess things up.
Due to previous discussions about this here on kplug tho, I don't know
if I should be concerned.
If you mean about ping? I'm inclined to not worry about it provided I
have some confidence in the firewall not letting connections be
initiated from outside.
Understood, but actually, I was referring to ShieldsUp, Gibson (the
author), and ports that respond. Gibson seems to think that merely
having the computer remain unresponsive to pings and port scans, the
computer is significantly hardened against internet attacks.
..
Oh, that is not a private IP address, it is a public one (accessible
from the internet), so you are right to avoid plastering it all around.
It is visible in your email headers -- but there's not anything you can
do about that, I believe.
GRC ShieldsUp saw it in my browser also, tho I doubt that's an issue,
right?
OK, now I ams guessuing that GRC ShieldsUp is something you connect to
via browser, and it maps the IP you are connecting from?
Um..., when you connect to someplace, they have to see your IP so they
can reply! You weren't joking with me, now were you?
Perhaps your meaning is being lost on me, as I am a bit tired now. But
I was not joking.
..
inside your LAN. I would certainly be reluctant to change anything -- I
expect it was all configured by an ISP technician?
I got it from UPS (FedEx?), plugged it in, turned it on, and was
surfing. I don't think I had to do anything else.
You bought it from a third party? Or dslextreme? I suppose the latter,
and the technical settings either came preconfigured, or you had to
configure with a windows setup operation?
No windows, that much I *do* remember. And yes, it came from
dslextreme. I just plugged it in and it worked. I don't remember
having to do anything for setup. I didn't even need to talk to anyone
at dslextreme.
..
..It does look
like the checkboxes you show are allowing external access via HTTP,
SNMP, TELNET, and TFTP protocols to your LAN (yikes on TELNET and TFTP).
==> I would recommend immediately turning all of them off (except the
icmp, which you indicated cannot be changed, anyway).
Whoops! Doing this broke my connection and ability to reconnect to the
DSL modem configuration. It says "The connection to the server was
reset while the page was loading." and "Try Again" just refreshes the
message.
I think most of these modems, and residential gateways reboot when you
do _anything_ that requires a "save". they usually take 30 to 60 secs
to come alive again.
I just now checked. Still blocked. And the block was *immediate* when
I made the change.
If you cannot ever reconnect to 192.168.1.1, then I am dumfounded! (and
apologetic). There is probably a hardware reset feature, but I wouldn't
do that because it might mess up the preset dsl params (the strange bits
in the advanced configuration pages).
There is a power button and a power cord. There may even be a reset
button, tho I don't want to pull it out to look. I reach back and use
the power button on the rare (but non-zero) occasion that it stops
working. So I will have to get this thing back on track before that
happens again, or I won't even have kplug support to get me thru it.
I'm still permitted to surf the web tho. So it didn't _completely_
cripple me.
I would feel better if you can reconnect to the administrative interface
-- maybe you have to close and reopen your browser if you haven't done
that since the reset.
I don't recall, but I don't think I have. I'll try that...
Nope. That didn't work. Still cannot reconnect to the admin interface.
RAM is a bit fragmented (caused by leaving things like fireFox open too
long). Sometimes that causes weird problems. I'll have to restart soon.
--
... Only tyrants can take a nation to war without the consent of the
people. The planned war against Iraq without a Declaration of War is
illegal. It is unwise because of many unforeseen consequences that are
likely to result ...
--Congressman Ron Paul 2002-03-01
--
KPLUG-List@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
