pcalvert
join:2001-07-28
Potomac, MD
1 edit |  [DW6000] Port scan: all TCP ports open?
Hi,
I have a DW6000 Professional version (with a static IP), and am using an Apple Airport Extreme Base station as the NAT router to establish a mixed Mac OS X and Windows XP wireless home network.
I have the built-in Unix software firewalls on each of the Mac workstations configured to close most TCP ports. When I run the Port scan on DSLReports from any Mac workstation, I get no UDP responsiveness, but ALL of the TCP ports are seen to be open. Is that the DW6000 itself responding on all ports? Is this a problem, given that I have a static IP, if all the workstations have a software firewall running? Can I close the TCP ports on the DW6000 that I don't need open? Do I need to install a software firewall on the XP workstations for safety?
Thanks in advance to the gurus; I didn't see the answer in the FAQ or a search of the message base.
Preston
--
DW6000 Apple Airport Extreme |
|
BigCreek
God Is Good.
Premium
join:2002-06-25
Heber Springs, AR
| This has been discussed several times. PetDude did some testing and the ports appear open due to the way the gateways are set up at the NOC. The ports really aren't open at your network or at your DW6000. Adding more layers of firewalls won't help because the ports aren't really open. We suspect the NOC is doing this in order to "spoof" the first TCP connect attempt and thereby improve performance.
It isn't anything to worry about; the only downside appears to be that it renders the "security scanner" tools essentially useless.
--
Bragging: DirecWay SRS BE Satmex5 117 1250 MHz, v4.2.1, Via EPIA Mini-ITX 533 MHz 512MB, Win2k Server SP4, WinRoute Pro, Red Hat Linux, Mozilla browser, OpenOffice.org; terrific wife & kids, live on a farm by Big Creek. |
|
PetDude
Premium,Mod
join:2001-02-20
Annapolis, MD
clubs:
Host:
Speakeasy
Philadelphia & Nor..
HughesNet Satellite
WildBlue Satellite
Other Satellite
| reply to pcalvert
said by pcalvert  :
I didn't see the answer in the FAQ
Sorry about that...that's the one I never finished. Thanks for the reminder. 
--
Why must I feel like that? Why must I chase the cat? Nothin' but the dog in me. |
|
pcalvert
join:2001-07-28
Potomac, MD
|  Thanks to both of you for the quick responses! I think I understand, and at least I understand that it sounds like I don't need to worry about it. Did your testing, PetDude include testing with the static IP version of the DW6000 setup? Is that equally secure?
BTW, the FAQ is great, and I refer to it all the time; I know it is a bear to keep it updated with the minutiae that are important to running these systems properly. I appreciate your doing it.
Preston
--
DW6000 Apple Airport Extreme |
|
BigCreek
God Is Good.
Premium
join:2002-06-25
Heber Springs, AR
| said by pcalvert :
Did your testing, PetDude include testing with the static IP version of the DW6000 setup? Is that equally secure?
Apologies for answering for PetDude ... the testing only included the static IP version. The consumer version (non static IP) is behind Hughes NAT servers so it is essentially impossible for it to have open ports.
--
Bragging: DirecWay SRS BE Satmex5 117 1250 MHz, v4.2.1, Via EPIA Mini-ITX 533 MHz 512MB, Win2k Server SP4, WinRoute Pro, Red Hat Linux, Mozilla browser, OpenOffice.org; terrific wife & kids, live on a farm by Big Creek. |
|
jombo0
Lost In The Country
join:2002-10-10
Zephyrhills, FL
| reply to pcalvert
yea that same thing spooked me in the 1st 30 secs on dway lol. just have to trust the router/firewalls. it sorta sux not knowing for sure tho when your a paranoid like me.
and even weirder is the fact i have a couple ports routed and they still show stealthed at grc. but the routed ports are fine really.
and i found your post on this petdude and your quite right i was on irc unplugged the 6000 and stayed alive pingable on irc for about 3 mins not even connected lol
if fact i plugged the 6000 back in and was still there never even pinged out.
--
from the weathered lips of an ole hippie spilled these words of nonsense DW6000pe,G3C,1420 MHz,XP Pro,linux,Win98,Linksys befsr41 |
|
