A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Making UPnP port invisible on Alcatel Speedtouch 510 router...



 
 
Thread Tools Display Modes
  #1  
Old July 30th 03, 06:20 PM posted to uk.telecom.broadband
Lee J.
external usenet poster
 
Posts: 2
Default Making UPnP port invisible on Alcatel Speedtouch 510 router...

Anybody know if it's possible to make this 'invisible'? Ie.
Described as 'stealth' instead of 'closed' by Shields Up? It's
the only port that indicates any presence to passing port
scanners yet it's also quite useless. I'd rather it were
invisible.

I changed the following config line:

config upnp=on

...to...

config upnp=off

....but it made no difference after a reboot.
--
Lee J.
  #2  
Old July 30th 03, 06:38 PM posted to uk.telecom.broadband
Mcploppy
external usenet poster
 
Posts: 28
Default Making UPnP port invisible on Alcatel Speedtouch 510 router...


Lee J. bashed at the keyboard and said:

Anybody know if it's possible to make this 'invisible'? Ie.
Described as 'stealth' instead of 'closed' by Shields Up? It's
the only port that indicates any presence to passing port
scanners yet it's also quite useless. I'd rather it were
invisible.

I changed the following config line:

config upnp=on

..to...

config upnp=off

...but it made no difference after a reboot.


Download and install UPNP from http://grc.com/unpnp/unpnp.htm


  #3  
Old July 30th 03, 08:33 PM posted to uk.telecom.broadband
Mcploppy
external usenet poster
 
Posts: 28
Default Making UPnP port invisible on Alcatel Speedtouch 510 router...


Lee J. bashed at the keyboard and said:

Meanwhile in the Korova Milkbar, Mcploppy's rassoodock was made
up and bolshy yarblockos were golossed:


snip

I'm after a hardware (router configuration) solution, not a
software solution. Particularly not windows software solutions
because all machines plugged into my LAN are Gentoo Linux or Mac
OSX powered.

Besides, it's the router (not any computer behind it) indicating
that the UPnP port exists but is closed. So it wouldn't work
even if I was running Winders.


Sorry only trying to help !!!!


  #4  
Old July 30th 03, 09:12 PM posted to uk.telecom.broadband
Martin Cooper
external usenet poster
 
Posts: 119
Default Making UPnP port invisible on Alcatel Speedtouch 510 router...

"Lee J." wrote:

Anybody know if it's possible to make this 'invisible'? Ie.
Described as 'stealth' instead of 'closed' by Shields Up? It's
the only port that indicates any presence to passing port
scanners yet it's also quite useless. I'd rather it were
invisible.

I changed the following config line:

config upnp=on

..to...

config upnp=off

...but it made no difference after a reboot.


Hi,
telnet into your router, and login using the same login name / password
as you use for the web interface. You will need to create a new firewall
rule to drop all incoming connections to TCP port 5000. So firstly, you
need to see how your firewall is setup. so follow these steps :-

=firewall
[firewall]=rule list chain=sink

If this returns details of existing rules in this chain, then you can just
add an additional rule at the start of the sink chain (for packets coming
into the router from the WAN). Use the following rule to stealth port 5000
:-

rule create chain=sink index=0 srcintfgrp=wan prot=tcp dstport=5000
action=drop

If the sink chain does not exist, then you will need to use these commands
instead to create the chain :-

[firewall]=rule create chain=sink index=0 srcintfgrp=wan prot=tcp
dstport=5000 action=drop

[firewall]=assign hook=sink chain=sink

Note that these will work only if you are at the firewall level, so make
sure you type 'firewall' on a line by itself before any of these commands.
For your info, the firewall has 3 hooks called sink, source and forward.
Each hook can have a single chain attached, and you can create a large
number of rules on each chain. Using an index of 0 will insert a rule at
the start of the chain. sink is the hook for data coming into the router
itself, source is for data from the router and forward is for traffic
passing through the router to the LAN. See
http://www.sdharris.com/speedtouch510/basic.htm for more info on using the
speedtouch firewall.

--

Martin
  #5  
Old July 30th 03, 09:37 PM posted to uk.telecom.broadband
Lee J.
external usenet poster
 
Posts: 2
Default Making UPnP port invisible on Alcatel Speedtouch 510 router...

Meanwhile in the Korova Milkbar, Martin's rassoodock was made up
and bolshy yarblockos were golossed:
[..]

rule create chain=sink index=0 srcintfgrp=wan prot=tcp
dstport=5000 action=drop


I appreciate your help, but it doesn't work. The firewall is
on, there is a sink chain, I can add that and it does store
itself as the first (0) index. I saved the settings and
rebooted. That data hadn't erased but the UPnP port is still
visible to the outside, albeit closed.

You can see the CLI output below:

[firewall]=rule list chain=sink
:firewall rule create chain=sink index=0 srcintfgrp=wan prot=tcp dstport=5000 action=drop
:firewall rule create chain=sink index=1 srcintf=eth0 srcbridgeport=1 action=accept
:firewall rule create chain=sink index=2 srcintfgrp=!wan action=accept
:firewall rule create chain=sink index=3 prot=udp dstport=dns action=accept
:firewall rule create chain=sink index=4 prot=udp dstport=68 action=accept
:firewall rule create chain=sink index=5 action=drop

I'm wondering if this a hardware issue. Because UPnP is a
feature of the router, perhaps - for whatever bizarre reason -
it always bypasses the firewall; even when the port is closed.

But then maybe my speculation is unfounded guff. ;-)

(Also: apologies to the other poster. I didn't mean to offend,
but to explain why an .exe was a bad solution. I'll enroll in
diplomatic school in September. grin)
--
Lee J. Moore
  #6  
Old July 30th 03, 10:06 PM posted to uk.telecom.broadband
Martin Cooper
external usenet poster
 
Posts: 119
Default Making UPnP port invisible on Alcatel Speedtouch 510 router...

"Lee J." wrote:

Meanwhile in the Korova Milkbar, Martin's rassoodock was made up
and bolshy yarblockos were golossed:
[..]

rule create chain=sink index=0 srcintfgrp=wan prot=tcp
dstport=5000 action=drop


I appreciate your help, but it doesn't work. The firewall is
on, there is a sink chain, I can add that and it does store
itself as the first (0) index. I saved the settings and
rebooted. That data hadn't erased but the UPnP port is still
visible to the outside, albeit closed.

You can see the CLI output below:

[firewall]=rule list chain=sink
:firewall rule create chain=sink index=0 srcintfgrp=wan prot=tcp

dstport=5000 action=drop
:firewall rule create chain=sink index=1 srcintf=eth0 srcbridgeport=1

action=accept
:firewall rule create chain=sink index=2 srcintfgrp=!wan action=accept
:firewall rule create chain=sink index=3 prot=udp dstport=dns

action=accept
:firewall rule create chain=sink index=4 prot=udp dstport=68 action=accept
:firewall rule create chain=sink index=5 action=drop

I'm wondering if this a hardware issue. Because UPnP is a
feature of the router, perhaps - for whatever bizarre reason -
it always bypasses the firewall; even when the port is closed.

But then maybe my speculation is unfounded guff. ;-)

(Also: apologies to the other poster. I didn't mean to offend,
but to explain why an .exe was a bad solution. I'll enroll in
diplomatic school in September. grin)


Thats odd, as the rule works fine on my speedtouch. However, I also have
the rule :-

rule create chain=forward index=0 srcintfgrp=wan prot=tcp dstport=5000
action=drop

in the forward chain. Might be worth adding that, but I would only expect
that to have any effect if you had real IP's behind the router. Are you
using routed static IP's by any chance ?

--

Martin
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Multi-port router or router plus hub? Old Codger uk.telecom.broadband (UK broadband) 7 July 28th 03 04:27 PM
Ebuyer ADSL modems with 1x 10 Mbps port Master Card fomerly Jon Mitchell uk.telecom.broadband (UK broadband) 0 July 26th 03 04:08 PM
Port scan Maximilian K. uk.telecom.broadband (UK broadband) 0 July 26th 03 12:50 AM
Netgear 824m - UPnP support David Wade uk.telecom.broadband (UK broadband) 1 July 21st 03 08:07 PM
Port Blocking on BTBroadband ? Destinations Couriers uk.telecom.broadband (UK broadband) 2 July 4th 03 04:25 PM


All times are GMT +1. The time now is 07:21 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2020 BroadbanterBanter.
The comments are property of their posters.