Bookmark and Share

Author Topic: Is there any fix to stealth the closed ports  (Read 2654 times)

0 Members and 1 Guest are viewing this topic.

Offline trpted

  • PcWinTech Guru
  • ******
  • Join Date: Sep 2011
  • Posts: 1,136
  • Karma: 37
Re: Is there any fix to stealth the closed ports
« Reply #30 on: January 04, 2018, 12:53:30 PM »
Ok.

Let us try something there.

#1 Rule Action = Deny

#2 Protocol = TCP

#3 Direction = DownStream

#4 DSPort = 513 and 514. Put the first one on the top and put the last one on the bottom.

#5 Enable = True/checked

#6 Press Apply Changes

#7

a) Does that work or does the NAT router bark at you - for something?

If so, for what missing?

c) If that works in the NAT router, does it fix the issue?
Private messages (PM) are not for support questions or for hints to not yet answered topics. The PMs are basically for confident conversation between the users, off the forum.

PcWinTech.com Forums

Re: Is there any fix to stealth the closed ports
« Reply #30 on: January 04, 2018, 12:53:30 PM »

Offline jraju

  • PcWinTech Full Member
  • **
  • Join Date: Jan 2016
  • Posts: 48
  • Karma: 0
Re: Is there any fix to stealth the closed ports
« Reply #31 on: January 05, 2018, 04:10:20 AM »
will try and report back.But what about the 113 port that was shown as having problems. Is that connected with 513 and 514 ports.
I tried and found the same closed ports with 113 port alert , as was before.
Did you try at your end about those ports ?
Are they shown as stealth?
« Last Edit: January 05, 2018, 04:34:25 AM by jraju »

Offline trpted

  • PcWinTech Guru
  • ******
  • Join Date: Sep 2011
  • Posts: 1,136
  • Karma: 37
Re: Is there any fix to stealth the closed ports
« Reply #32 on: January 05, 2018, 09:06:28 AM »
Odd.

Let us try this.

#1 Start a telnet client on your computer.

#2 Since you appear to be on Windows 7, you will first have to do this if you have not already

-> https://www.wikihow.com/Activate-Telnet-in-Windows-7 <-

!

#3 Connect via telnet to the router.

#4 Log-in info appears to be found at http://www.s3cur1ty.de/node/707

#5 Once in, try iptables -L -n

#6 Copy the output from that command if it works, and show it here.

This is mine on my computer.

Code: [Select]
user-name@pc-name:~$ iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_public (2 references)
target     prot opt source               destination         
FWDI_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination         

Chain FWDI_public_deny (1 references)
target     prot opt source               destination         

Chain FWDI_public_log (1 references)
target     prot opt source               destination         

Chain FWDO_public (2 references)
target     prot opt source               destination         
FWDO_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination         

Chain FWDO_public_deny (1 references)
target     prot opt source               destination         

Chain FWDO_public_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]
IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_public (2 references)
target     prot opt source               destination         
IN_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
IN_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
IN_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
target     prot opt source               destination         

Chain IN_public_deny (1 references)
target     prot opt source               destination         

Chain IN_public_log (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         
user-name@pc-name:~$

This is mine from my NAT router.
Code: [Select]
user-name@pc-name:~$ telnet
telnet> o 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
TomatoUSB login: root
Password:


Tomato v1.28.0510 MIPSR2Toastman-RT-N K26 USB Nocat-VPN
 ========================================================
 Welcome to the Linksys E4200 v1 [TomatoUSB]
 Uptime:  12:11:25 up 8 days,  3:15
 Load average: 0.00, 0.00, 0.00
 Mem usage: 19.2% (used 11.52 of 59.96 MB)
 WAN : 24.229.*.*/24 @ 58:6D:8F:*:*:*
 LAN : 192.168.1.1/24 @ DHCP: 192.168.1.100 - 192.168.1.149
 WL0 : SSID-here @ channel: 6 @ 58:6D:8F:*:*:*
 WL1 : SSID-here @ channel: 40 @ 58:6D:8F:*:*:*
 ========================================================

root@TomatoUSB:/tmp/home/root# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination         
restrict   udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
DROP       all  --  0.0.0.0/0            24.229.*.*     
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
shlimit    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 state NEW
shlimit    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:23 state NEW
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           limit: avg 1/sec burst 5
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpts:33434:33534 limit: avg 5/sec burst 5
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68
logdrop    all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP)
target     prot opt source               destination         
           all  --  0.0.0.0/0            0.0.0.0/0           account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
restrict   all  --  0.0.0.0/0            0.0.0.0/0           
L7in       all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
wanin      all  --  0.0.0.0/0            0.0.0.0/0           
wanout     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain L7in (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto skypetoskype
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto skypeout
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto youtube-2012
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto httpvideo
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto flash
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto rtp
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto rtmp
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto shoutcast
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto rtmpt
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto irc

Chain logdrop (2 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0           state NEW limit: avg 1/sec burst 5 LOG flags 39 level 4 prefix `DROP '
DROP       all  --  0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
target     prot opt source               destination         
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 1/sec burst 5 LOG flags 39 level 4 prefix `REJECT '
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset

Chain restrict (2 references)
target     prot opt source               destination         
rres00     all  --  0.0.0.0/0            0.0.0.0/0           
rres01     all  --  0.0.0.0/0            0.0.0.0/0           
rres02     all  --  0.0.0.0/0            0.0.0.0/0           

Chain rres00 (1 references)
target     prot opt source               destination         
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:1900
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:5000

Chain rres01 (1 references)
target     prot opt source               destination         
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 135
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 135

Chain rres02 (1 references)
target     prot opt source               destination         
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 137
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 137
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 138
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 138
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 139
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 139
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 445
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 445

Chain shlimit (2 references)
target     prot opt source               destination         
           all  --  0.0.0.0/0            0.0.0.0/0           recent: SET name: shlimit side: source
logdrop    all  --  0.0.0.0/0            0.0.0.0/0           recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source

Chain wanin (1 references)
target     prot opt source               destination         

Chain wanout (1 references)
target     prot opt source               destination         
root@TomatoUSB:/tmp/home/root#

« Last Edit: January 05, 2018, 09:24:08 AM by trpted »
Private messages (PM) are not for support questions or for hints to not yet answered topics. The PMs are basically for confident conversation between the users, off the forum.

Offline jraju

  • PcWinTech Full Member
  • **
  • Join Date: Jan 2016
  • Posts: 48
  • Karma: 0
Re: Is there any fix to stealth the closed ports
« Reply #33 on: January 05, 2018, 07:33:36 PM »
3 Connect via telnet to the router.
HOw to ? please
where to try the command table?
Please also tell me how to enclose text in box , as you did in the previous post. What those denotes , two boxes, is it the contents from the command
« Last Edit: January 05, 2018, 07:42:53 PM by jraju »

Offline trpted

  • PcWinTech Guru
  • ******
  • Join Date: Sep 2011
  • Posts: 1,136
  • Karma: 37
Re: Is there any fix to stealth the closed ports
« Reply #34 on: January 06, 2018, 12:32:36 PM »
#1
Quote
Connect via telnet to the router.

Also at

https://www.wikihow.com/Activate-Telnet-in-Windows-7

is how to connect via telnet to the NAT router.

IP 192.168.1.1 default port 23

#2
Quote
where to try the command table?

Just after logging into the router, in the telnet client.

#3
Quote
Please also tell me how to enclose text in box , as you did in the previous post. What those denotes , two boxes, is it the contents from the comman

To quote someone, besides clicking quote you can also do this - minus the extra space between [ and quote  as well as minus the extra space between and the /quote. So like so...

Quote
[ quote]
This is what you are quoting
[ /quote]
This is your comment/command
^

To show code, replace the word quote with the word code, so for example...

Quote

This is mine on my computer.

[ code]
user-name@pc-name:~$ iptables -L -n
Chain INPUT (policy ACCEPT)
[ /code]

but minus the extra space between [ and the word code and minus the extra space between [ and /code
Private messages (PM) are not for support questions or for hints to not yet answered topics. The PMs are basically for confident conversation between the users, off the forum.

Offline jraju

  • PcWinTech Full Member
  • **
  • Join Date: Jan 2016
  • Posts: 48
  • Karma: 0
Re: Is there any fix to stealth the closed ports
« Reply #35 on: January 06, 2018, 09:22:39 PM »
Hi, I already enabled telnet.
Now, i saw the link for extra and noted the contents
I tried telnet gateway
It asked for user name
i could type user name
I typed the pw, but it was shown as blank
and after Entering it shows as a kind of dollor sign.
I issued your table l n command, i get error. Please say how to proceed from the S sign

Offline jraju

  • PcWinTech Full Member
  • **
  • Join Date: Jan 2016
  • Posts: 48
  • Karma: 0
Re: Is there any fix to stealth the closed ports
« Reply #36 on: January 06, 2018, 09:44:18 PM »
hi, please find the S prompt,
If after S, i type iptable -L -n, i get error

Offline trpted

  • PcWinTech Guru
  • ******
  • Join Date: Sep 2011
  • Posts: 1,136
  • Karma: 37
Re: Is there any fix to stealth the closed ports
« Reply #37 on: January 08, 2018, 06:51:48 PM »
After logging in via telnet, let us try ls this time and report what it says back.
Private messages (PM) are not for support questions or for hints to not yet answered topics. The PMs are basically for confident conversation between the users, off the forum.

Offline jraju

  • PcWinTech Full Member
  • **
  • Join Date: Jan 2016
  • Posts: 48
  • Karma: 0
Re: Is there any fix to stealth the closed ports
« Reply #38 on: January 09, 2018, 02:21:03 AM »
Hi, see this enclosure for your reference

Offline trpted

  • PcWinTech Guru
  • ******
  • Join Date: Sep 2011
  • Posts: 1,136
  • Karma: 37
Re: Is there any fix to stealth the closed ports
« Reply #39 on: January 09, 2018, 07:39:32 AM »
Ok.

How about the output from

#1 show

#2 debug

#3 config

#4 diagnostic

#5 and sh

?
Private messages (PM) are not for support questions or for hints to not yet answered topics. The PMs are basically for confident conversation between the users, off the forum.

Offline jraju

  • PcWinTech Full Member
  • **
  • Join Date: Jan 2016
  • Posts: 48
  • Karma: 0
Re: Is there any fix to stealth the closed ports
« Reply #40 on: January 09, 2018, 11:01:32 PM »
Out of it, show command gives particulars. Others i do not know.sh...i do not know.
What is the information required from show command

Offline trpted

  • PcWinTech Guru
  • ******
  • Join Date: Sep 2011
  • Posts: 1,136
  • Karma: 37
Re: Is there any fix to stealth the closed ports
« Reply #41 on: January 10, 2018, 12:49:23 PM »
Ok.

In the router's command line over network (Telnet/SSH)..

#1 Show interface

#2 Show status

#3 Show wan

#4 Show acl

#5 Show ipportfilter

#6 Show portforward

#7 If you give the command debug, after logging in to the router's command line over network (Telnet/SSH), can you issue any commands that tell you what the other commands are?

For example of a few of them that I thought of:

a) ? <enter>

b) help <enter>

#8 And if so, what about config, diagnostic, or sh?
« Last Edit: January 10, 2018, 12:56:11 PM by trpted »
Private messages (PM) are not for support questions or for hints to not yet answered topics. The PMs are basically for confident conversation between the users, off the forum.

PcWinTech.com Forums

Re: Is there any fix to stealth the closed ports
« Reply #41 on: January 10, 2018, 12:49:23 PM »

 

email