dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1595
share rss forum feed


Clutch_Head

join:2002-01-04
up state NJ

[Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Click for full size
hello

i have a DIR-615 (HW C1, FW 3.13NA) which has been great and stable.
just did a steath test at pcflank and it failed the TCP FIN, and TCP XMAS tests.
the router passed GRC's "shields up" test.

is there a way i can get the DIR-615 to full stealth status?
Enable WAN Ping Respond is unchecked BTW.

thanks


NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

1 edit

I just ran that test using three different routers (D-Link DIR655, Linksys RTP300, and Neatgear WNR1000v2). Only the DIR655 failed the TCP FIN and TCP XMAS test segments.

All three routers are configured similarly (no virtual servers or port forwarding, no DMZ enabled, and no custom firewall rules at all) and the same Windows XP SP3 PC was used for all three tests.

Whatever it is, it is probably something endemic to the D-Link DIR series routers. Personally, I'm not worried about it.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.



Clutch_Head

join:2002-01-04
up state NJ

thanks a lot for that. i'm not too concerned either. it' been serving my father
for the last couple of years with no problem whatsoever.

thanks again



BimmerE38FN

join:2002-09-15
Boise, ID
kudos:1
reply to Clutch_Head

If your really concerned about it, I would phone contact DLink support and ask about it. You might ask for Level 2 or higher support.

Good Luck


SCADAGeo

join:2012-11-08
N California
kudos:2

1 recommendation

reply to Clutch_Head

said by Clutch_Head:

i have a DIR-615 (HW C1, FW 3.13NA)

it failed the TCP FIN, and TCP XMAS tests.

is there a way i can get the DIR-615 to full stealth status?

Yes, you can, by using DD-WRT firmware or OpenWRT firmware.


Clutch_Head

join:2002-01-04
up state NJ
reply to Clutch_Head

said by SCADAGeo See Profile

Yes, you can, by using DD-WRT firmware or OpenWRT firmware.
[/bquote :

nice. i'll check em out.

thanks so much


SCADAGeo

join:2012-11-08
N California
kudos:2

You're welcome.



Cartel

join:2006-09-13
Chilliwack, BC
kudos:2

I've been testing this and the dir 615 rev c I can access the router from my WAN IP.
Even though remote admin is disabled.

I don't think this is good news.
My 615 rev b does NOT allow this.



Clutch_Head

join:2002-01-04
up state NJ

said by Cartel:

I've been testing this and the dir 615 rev c I can access the router from my WAN IP.
Even though remote admin is disabled.

I don't think this is good news.
My 615 rev b does NOT allow this.

access from the WAN IP via the web? or accessing the setup pages via LAN using the WAN IP address in your browser address field?

if it's the latter i wouldn't worry about that.

BTW what firmware are you using?


Cartel

join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

1 edit
reply to Clutch_Head

Click for full size
I am using the Russian firmware for the C2
Yes I accessed it from my LAN to my WAN IP with the address bar.
On my REV B this will not work, and I'm kinda happy but on REV C not so happy.
I notice the REV C the logs dont show much at all and on REV B it shows every connection attempt.

I'm not too happy with the REV C and the DDWRT and Openwrt kinda suck worse than factory firmwares.


Cartel

join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

1 edit
reply to Clutch_Head

Click for full size
I just tested the REV B and it passed.
Guess the REV C is going on Craigslist for sale.


Cartel

join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS
reply to Clutch_Head

Click for full size
Click for full size
Click for full size
Also the pcflank seems to lie.
It says on the quick test that ports 135-139 are open but on the Advanced Port Scanner and GRC.com they say stealthed.

SCADAGeo

join:2012-11-08
N California
kudos:2

said by Cartel:

I am using the Russian firmware for the C2
Yes I accessed it from my LAN to my WAN IP with the address bar.
On my REV B this will not work, and I'm kinda happy but on REV C not so happy.
I notice the REV C the logs dont show much at all and on REV B it shows every connection attempt.

I'm not too happy with the REV C and the DDWRT and Openwrt kinda suck worse than factory firmwares.

Sorry, I'm having a little trouble trying to figure this out...

Is this a comparison of the management page access and logging on a DIR-615 HW:B with D-Link firmware against a DIR-615 HW:C1 with D-Link 3.03RU firmware?

Or is this a comparison of the management page access and logging on a DIR-615 HW:C1 with D-Link 3.03RU firmware compared to a DIR-615 HW:C1 with DD-WRT v24 (build 14896) firmware?

DD-WRT uses syslog and klog. To enable logging in DD-WRT, you have to click on:

   Services -> Services
 
   System Log
      Syslogd : Enable
      Remote Server : (optional - enter IP address of remote server if you have one)
   
   Click on Save, then Apply Settings.
   
 
   Security -> Firewall
 
   Log Management
 
      Log : Enable
      Log Level : High
 
   Options
      Dropped : Enable
      Rejected : Enable
      Accepted : Enable
 
   While you're in the Firewall section, double check the following:
 
   SPI Firewall : Enable
 
   Block WAN Requests
      Block Anonymous WAN Requests (ping) - check
      Filter Multicast - check (if you don't use it)
      Filter IDENT - check
 
   Impede DoS/Brutforce
      Limit SSH Access - check
      Limit Telnet Access - check
 
   Click on Save, then Apply Settings.
 

You can read more about DD-WRT logging here.

said by Cartel:

I just tested the REV B and it passed.
Guess the REV C is going on Craigslist for sale.

said by Cartel:

Also the pcflank seems to lie.
It says on the quick test that ports 135-139 are open but on the Advanced Port Scanner and GRC.com they say stealthed.

Nmap is a good tool to test your router, and it will test it more thoroughly than a "click this" post in the security forum. ;)

Disconnect the router from your broadband/dsl modem.

Write down the current WAN settings, then assign a static IP to the WAN side. Save, then Apply settings.

Write down the current network settings for your test computer that contains nmap. Assign a static IP to your test computer (make sure it is in the same network as the router).

Disconnect your test computer from the LAN side and plug it into the WAN port.

Reboot router and test computer, then thoroughly scan your router.

When you are finished with your scans, change the IP of your test system back to its original settings.

Unplug your test system from the WAN port, and plug it back into the LAN port.

Reboot your test system.

Reconfigure your router to its original settings.

Reboot router.

Have fun!