November 25th, 2003, 03:54 PM
This question might get me "flamed", however, I hope there will be some forgiveness as I am a newbie...I also did a search thru AO and didn't find what I need; plus I googled my subject (also went to the d-link site), and I've asked around...and still couldn't find what I need to know in plain English without the computer speak (yep, not really computer literate) - so that's why I'm asking here!! Hopefully someone will be able to enlighten me...
I would like to know about TCP ports and how to secure them on a D-Link router so that everything runs in stealth...and WHICH ports I should close or leave in stealth mode. Are there ports I should leave alone? I don't play on-line games, just MSN. I have gotten different answers from different people on the port security issue - I've even been told by a techie to just leave the ping open. Could someone please give me the basics on the ports, and how they work, and what to close or leave in stealth?
November 25th, 2003, 04:17 PM
I also have a D-Link router with a built-in firewall. This was the default settings on the firewall:
I'm assuming that is the settings on your firewall. It sounds to me like you don't have anything that
Allow Allow to Ping WAN port WAN,* LAN,192.168.0.1 ICMP,8 edit
Deny Default *,* LAN,* IP (0),*
Allow Default LAN,* *,* IP (0),*
requires opening a port, so I would suggest leaving it at the default settings which doesn't allow
anything to connect to you only you to connect to them. One thing you might change is to deny
ping. This was found under the tools tab under misc. in the web admin center:
You want that to be disabled. Then click apply. I am assuming that you have about the same setup
Block WAN Ping
When you "Block WAN Ping", you are causing the public WAN IP address on the DI-614+ to not
respond to ping commands. Pinging public WAN IP addresses is a common method used by
hackers to test whether your WAN IP address is valid.
Discard PING from WAN side Enabled Disabled
as me with the web admin interface. To get to it you just type in your LAN ip in the address bar of the browser. I think yours is probably either
http://192.168.0.1 or http://192.168.1.1 . If you don't know the username and password,
consult the manual, which you should do anyway because it will help you. Hope this helped.
November 25th, 2003, 04:20 PM
If you put your DLink router in place with it's default configuration you should be able to do everything you want to do and still have all your ports "stealthed". If you have been messing with port settings then consult the manual on how to return it to default and do so.
The DLink works as a filter that prevents any packets from reaching your machine that are not in response to packets sent from your machine. Thus, if you visit my website and ask to see my index.html page the DLink will allow my server to return the information you requested because it was you who asked for it. OTOH, if my server tries to send you the page unsolicited the DLink will drop the packets because you didn't ask for them. That's a rather oversimplified version of the "truth" but it's all english......
As for the ping on or off.... I prefer to be off. If your machine replies to nothing then you effectively just disappeared off the face of the earth. If you don't appear to exist the liklihood that anyone will attack you is remote.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides