• March 28, 2024, 10:34:20 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2] 3

Author Topic: DIR-655 Rev B1 2.00 NA - fails Port Scan 0 and 1 (closed instead of stealth)  (Read 29732 times)

Cobra

  • Level 4 Member
  • ****
  • Posts: 477

You do realize it is only the router responding to this not the computer.

In other words I am saying your computer is safe and if you want to test this out.

Unplug the router so your are connected straight to the modem.

Make sure your software firewall is on then run the test and you should get all stealth.

GRC is flawed as it just reports "responses" and not what the real source is.
Logged

DCIFRTHS

  • Level 2 Member
  • **
  • Posts: 99

taekwon3dan: Thanks for keeping us updated. Please continue to do so.

« Last Edit: October 10, 2010, 10:01:44 PM by DCIFRTHS »
Logged

DCIFRTHS

  • Level 2 Member
  • **
  • Posts: 99

You do realize it is only the router responding to this not the computer. ...

I am under the impression that the router responding is the problem.
« Last Edit: October 10, 2010, 10:00:44 PM by DCIFRTHS »
Logged

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494

Looks like some trojans do use ports 0 and 1:

http://www.speedguide.net/port.php?port=0

http://www.speedguide.net/port.php?port=1

Sent D-link an inquiry - still no answer.


Trojans use all kinds op ports, 1 and 0 are no an exception to that phenomenon. The fact that a connection test reports responses on ports depends on the client behind the router. Routers do not have (and are not suppose to have)  permanently closed ports, they only manage (through their firewall) the use of ports. Unless you buy a specific firewall router which is manageable.

So I really don;t see what answer D-link should provide, since you seem to inquire after a feature that is not there. IMHO, you're chasing a ghost here.
Logged
DIR-655 H/W: A2 FW: 1.33

taekwon3dan

  • Level 2 Member
  • **
  • Posts: 26

First of all, I don't have a modem but instead a FIOS router which, if I use as a primary router, passes the test.  It is impossible to connect my computer to ethernet ONT without a router.

All the other routers I have tested (Netgear, Linksys, Buffalo, FIOS Actiontec) all pass the test as stealthed, so providing this feature is RUDIMENTARY and BASIC.

Indeed, the previous versions of DIR-655, as I understand from other posters, PASS this test, so there is no reason why REV B1 should NOT pass.  D-Link can certainly get the job done if they want to....EASILY.

One of the primary reasons for using a router is as a first defense firewall device.  If it cannot provide a basic feature, then I must wonder about D-Link as a reputable router manufacturer.

I have a case open with tech support.  Their initial reaction has been one of DENIAL.  That it SHOULD pass and I am not doing something right.  They will test at their end and get back to me.
« Last Edit: October 11, 2010, 08:13:36 AM by taekwon3dan »
Logged

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494


One of the primary reasons for using a router is as a first defense firewall device.  If it cannot provide a basic feature, then I must wonder about D-Link as a reputable router manufacturer.


Wrong. The primary task is...routing. The added features (SPI, anti spoof etc) are merely very basic 'firewall' features. I think you would rather have bought a true firewall/router, because expecting firewall perfomance from these basic features in the DIR655 really is uncalled for.
Logged
DIR-655 H/W: A2 FW: 1.33

taekwon3dan

  • Level 2 Member
  • **
  • Posts: 26

Wrong. The primary task is...routing. The added features (SPI, anti spoof etc) are merely very basic 'firewall' features. I think you would rather have bought a true firewall/router, because expecting firewall perfomance from these basic features in the DIR655 really is uncalled for.

Again, you don't read all the words!  I don't disagree with your assessment that ONE OF the primary functions/reasons of using a router is routing.

Re desiring a basic firewall feature is "uncalled for" -- Oh really?!?!  How come all the other home routers on the market, including previous versions of dir-655 have this feature??  

Notice this "accolade" of a feature touted in D-Link's own website!:
"To prevent possible attacks from the Internet, the DIR-655 uses dual active firewalls (SPI & NAT) to help protect your valuable data. Below is a list of DIR-655 features...
•Dual active firewall protection (SPI & NAT) helps block malicious attacks on networks from the Internet "

I find your statement baseless.
« Last Edit: October 11, 2010, 02:06:35 PM by taekwon3dan »
Logged

EddieZ

  • Level 10 Member
  • *****
  • Posts: 2494

Those are the most basic firewall functions available, a bit how (let's say) MAC address restrictions comapre to WPA2. And even more: they have nothing to do with the issues discussed here, their function is very different from that.
Logged
DIR-655 H/W: A2 FW: 1.33

Cobra

  • Level 4 Member
  • ****
  • Posts: 477

First of all, I don't have a modem but instead a FIOS router

So you are using two routers.

Like this?: Fios router > dir 655 > device


Logged

taekwon3dan

  • Level 2 Member
  • **
  • Posts: 26

So you are using two routers.

Like this?: Fios router > dir 655 > device




No, di-655 >> LAn/WLAN devices
Actiontec (FIOS) WAN connected to dir-655 LAN port (bridge for TVs)
Logged

taekwon3dan

  • Level 2 Member
  • **
  • Posts: 26

Cobra,

The workaround I have in mind is to use Actiontec as a primary router (connected to ethernet FIOS ONT) and then connect the WAN port of the dir-655 to a LAN port  on the Actiontec.  They are on different subnets.

I am reluctant to do because the Actiontec has low-end CPU and only 100MB ports, so it is slower than dir-655.
Logged

Cobra

  • Level 4 Member
  • ****
  • Posts: 477

Have you tried setting the 655 to bridge mode?
Logged

taekwon3dan

  • Level 2 Member
  • **
  • Posts: 26

Have you tried setting the 655 to bridge mode?

Yes, that is another option.

That would subject the clients under 655 to only 1 NAT right (i.e., the NAT subject to Actiontec)?  So bridge to Actiontec (LAN-LAN connection) with 655 in bridge mode and use 655 as an WAP, right?

Wouldn't I be subject to the poor WAN-LAN throughput of the Actiontec?

Thanks.
Logged

stevefoobar

  • Level 1 Member
  • *
  • Posts: 9

First of all, I don't have a modem but instead a FIOS router which, if I use as a primary router, passes the test.  It is impossible to connect my computer to ethernet ONT without a router.

All the other routers I have tested (Netgear, Linksys, Buffalo, FIOS Actiontec) all pass the test as stealthed, so providing this feature is RUDIMENTARY and BASIC.

Indeed, the previous versions of DIR-655, as I understand from other posters, PASS this test, so there is no reason why REV B1 should NOT pass.  D-Link can certainly get the job done if they want to....EASILY.

One of the primary reasons for using a router is as a first defense firewall device.  If it cannot provide a basic feature, then I must wonder about D-Link as a reputable router manufacturer.

I have a case open with tech support.  Their initial reaction has been one of DENIAL.  That it SHOULD pass and I am not doing something right.  They will test at their end and get back to me.

I agree completely.  I just posted a similar question on this forum about why my new DIR-601 router fails a stealth test and shows ports 0 and 1 as closed instead of stealthed!  Very disappointing.
Logged
Steve V.
California, USA

kthaddock

  • Level 3 Member
  • ***
  • Posts: 263

Try to forward port 0 (zero) to a ip-number outside your ip range.
That would solve your problem
Logged
ASUS RT-N16  FW: DD-WRT v24 17140-vpn M NEWD-2 K2.6 -kong.
DIR-655 H/W: A3 FW: 1.31EUB02 This FW is working !
Never argue with a burk. They drag you down to their level and then beat you with experience
Di-624+ FW: 2.10
Pages: 1 [2] 3