dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
14

Cartel
Intel inside Your sensitive data outside
Premium Member
join:2006-09-13
Chilliwack, BC

Cartel to Clutch_Head

Premium Member

to Clutch_Head

Re: [Help Me] DIR-615 WAN not stealthed (TCP FIN and TCP XMAS)

Click for full size
Click for full size
Click for full size
Also the pcflank seems to lie.
It says on the quick test that ports 135-139 are open but on the Advanced Port Scanner and GRC.com they say stealthed.
SCADAGeo
Premium Member
join:2012-11-08
N California

SCADAGeo

Premium Member

said by Cartel:

I am using the Russian firmware for the C2
Yes I accessed it from my LAN to my WAN IP with the address bar.
On my REV B this will not work, and I'm kinda happy but on REV C not so happy.
I notice the REV C the logs dont show much at all and on REV B it shows every connection attempt.

I'm not too happy with the REV C and the DDWRT and Openwrt kinda suck worse than factory firmwares.

Sorry, I'm having a little trouble trying to figure this out...

Is this a comparison of the management page access and logging on a DIR-615 HW:B with D-Link firmware against a DIR-615 HW:C1 with D-Link 3.03RU firmware?

Or is this a comparison of the management page access and logging on a DIR-615 HW:C1 with D-Link 3.03RU firmware compared to a DIR-615 HW:C1 with DD-WRT v24 (build 14896) firmware?

DD-WRT uses syslog and klog. To enable logging in DD-WRT, you have to click on:

   Services -> Services
 
   System Log
      Syslogd : Enable
      Remote Server : (optional - enter IP address of remote server if you have one)
   
   Click on Save, then Apply Settings.
   
 
   Security -> Firewall
 
   Log Management
 
      Log : Enable
      Log Level : High
 
   Options
      Dropped : Enable
      Rejected : Enable
      Accepted : Enable
 
   While you're in the Firewall section, double check the following:
 
   SPI Firewall : Enable
 
   Block WAN Requests
      Block Anonymous WAN Requests (ping) - check
      Filter Multicast - check (if you don't use it)
      Filter IDENT - check
 
   Impede DoS/Brutforce
      Limit SSH Access - check
      Limit Telnet Access - check
 
   Click on Save, then Apply Settings.
 

You can read more about DD-WRT logging here.
said by Cartel:

I just tested the REV B and it passed.
Guess the REV C is going on Craigslist for sale.

said by Cartel:

Also the pcflank seems to lie.
It says on the quick test that ports 135-139 are open but on the Advanced Port Scanner and GRC.com they say stealthed.

Nmap is a good tool to test your router, and it will test it more thoroughly than a "click this" post in the security forum. ;)

Disconnect the router from your broadband/dsl modem.

Write down the current WAN settings, then assign a static IP to the WAN side. Save, then Apply settings.

Write down the current network settings for your test computer that contains nmap. Assign a static IP to your test computer (make sure it is in the same network as the router).

Disconnect your test computer from the LAN side and plug it into the WAN port.

Reboot router and test computer, then thoroughly scan your router.

When you are finished with your scans, change the IP of your test system back to its original settings.

Unplug your test system from the WAN port, and plug it back into the LAN port.

Reboot your test system.

Reconfigure your router to its original settings.

Reboot router.

Have fun!