Topic 'Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)' in forum 'D-Link' - dslreports.com

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Fri, 14 Dec 2012 23:21:53 EDT

SCADAGeo posted :

said by Cartel:

I am using the Russian firmware for the C2
Yes I accessed it from my LAN to my WAN IP with the address bar.
On my REV B this will not work, and I'm kinda happy but on REV C not so happy.
I notice the REV C the logs dont show much at all and on REV B it shows every connection attempt.

I'm not too happy with the REV C and the DDWRT and Openwrt kinda suck worse than factory firmwares.

Sorry, I'm having a little trouble trying to figure this out...

Is this a comparison of the management page access and logging on a DIR-615 HW:B with D-Link firmware against a DIR-615 HW:C1 with D-Link 3.03RU firmware?

Or is this a comparison of the management page access and logging on a DIR-615 HW:C1 with D-Link 3.03RU firmware compared to a DIR-615 HW:C1 with DD-WRT v24 (build 14896) firmware?

DD-WRT uses syslog and klog. To enable logging in DD-WRT, you have to click on:

   Services -> Services    System Log      Syslogd : Enable      Remote Server : (optional - enter IP address of remote server if you have one)      Click on Save, then Apply Settings.       Security -> Firewall    Log Management       Log : Enable      Log Level : High    Options      Dropped : Enable      Rejected : Enable      Accepted : Enable    While you're in the Firewall section, double check the following:    SPI Firewall : Enable    Block WAN Requests      Block Anonymous WAN Requests (ping) - check      Filter Multicast - check (if you don't use it)      Filter IDENT - check    Impede DoS/Brutforce      Limit SSH Access - check      Limit Telnet Access - check    Click on Save, then Apply Settings.

said by Cartel:

I just tested the REV B and it passed.
Guess the REV C is going on Craigslist for sale.

said by Cartel:

Also the pcflank seems to lie.
It says on the quick test that ports 135-139 are open but on the Advanced Port Scanner and GRC.com they say stealthed.

Nmap is a good tool to test your router, and it will test it more thoroughly than a "click this" post in the security forum. ;)

Disconnect the router from your broadband/dsl modem.

Write down the current WAN settings, then assign a static IP to the WAN side. Save, then Apply settings.

Write down the current network settings for your test computer that contains nmap. Assign a static IP to your test computer (make sure it is in the same network as the router).

Disconnect your test computer from the LAN side and plug it into the WAN port.

Reboot router and test computer, then thoroughly scan your router.

When you are finished with your scans, change the IP of your test system back to its original settings.

Unplug your test system from the WAN port, and plug it back into the LAN port.

Reboot your test system.

Reconfigure your router to its original settings.

Reboot router.

Have fun!

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Thu, 13 Dec 2012 16:02:28 EDT

Cartel posted : Also the pcflank seems to lie.
It says on the quick test that ports 135-139 are open but on the Advanced Port Scanner and GRC.com they say stealthed.

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Thu, 13 Dec 2012 15:36:17 EDT

Cartel posted : I just tested the REV B and it passed.
Guess the REV C is going on Craigslist for sale.

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Thu, 13 Dec 2012 15:04:53 EDT

Cartel posted : I am using the Russian firmware for the C2
Yes I accessed it from my LAN to my WAN IP with the address bar.
On my REV B this will not work, and I'm kinda happy but on REV C not so happy.
I notice the REV C the logs dont show much at all and on REV B it shows every connection attempt.

I'm not too happy with the REV C and the DDWRT and Openwrt kinda suck worse than factory firmwares.

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Thu, 13 Dec 2012 14:52:19 EDT

Clutch_Head posted :

said by Cartel:

I've been testing this and the dir 615 rev c I can access the router from my WAN IP.
Even though remote admin is disabled.

I don't think this is good news.
My 615 rev b does NOT allow this.

access from the WAN IP via the web? or accessing the setup pages via LAN using the WAN IP address in your browser address field?

if it's the latter i wouldn't worry about that.

BTW what firmware are you using?

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Thu, 13 Dec 2012 13:57:36 EDT

Cartel posted : I've been testing this and the dir 615 rev c I can access the router from my WAN IP.
Even though remote admin is disabled.

I don't think this is good news.
My 615 rev b does NOT allow this.

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Wed, 12 Dec 2012 02:56:03 EDT

SCADAGeo posted : You're welcome. :)

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Mon, 10 Dec 2012 23:06:17 EDT

Clutch_Head posted :

said by SCADAGeo

Yes, you can, by using DD-WRT firmware or OpenWRT firmware.
[/bquote :

nice. i'll check em out.

thanks so much :D

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Mon, 10 Dec 2012 15:45:27 EDT

SCADAGeo posted :

said by Clutch_Head:

i have a DIR-615 (HW C1, FW 3.13NA)

it failed the TCP FIN, and TCP XMAS tests.

is there a way i can get the DIR-615 to full stealth status?

Yes, you can, by using DD-WRT firmware or OpenWRT firmware.

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Sat, 08 Dec 2012 15:07:27 EDT

BimmerE38FN posted : If your really concerned about it, I would phone contact DLink support and ask about it. You might ask for Level 2 or higher support.

Good Luck

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Sat, 08 Dec 2012 06:09:54 EDT

Clutch_Head posted : thanks a lot for that. i'm not too concerned either. it' been serving my father
for the last couple of years with no problem whatsoever.

thanks again :)

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Sat, 08 Dec 2012 00:00:13 EDT

NetFixer posted : I just ran that test using three different routers (D-Link DIR655, Linksys RTP300, and Neatgear WNR1000v2). Only the DIR655 failed the TCP FIN and TCP XMAS test segments.

All three routers are configured similarly (no virtual servers or port forwarding, no DMZ enabled, and no custom firewall rules at all) and the same Windows XP SP3 PC was used for all three tests.

Whatever it is, it is probably something endemic to the D-Link DIR series routers. Personally, I'm not worried about it.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

[Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Fri, 07 Dec 2012 20:17:00 EDT

Clutch_Head posted : hello

i have a DIR-615 (HW C1, FW 3.13NA) which has been great and stable.
just did a steath test at pcflank and it failed the TCP FIN, and TCP XMAS tests.
the router passed GRC's "shields up" test.

is there a way i can get the DIR-615 to full stealth status?
Enable WAN Ping Respond is unchecked BTW.

thanks