FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
385 views 12 comments
by anonymous

Hi, I've recently purchased the RUT360 and RUTX11 for clients. I know one of them will check the Shields Up scanner at grc.com. I'm setting the RUTX11 up right now and can see that the IDENT port 113, is showing as 'closed'. This is fine, but I'd like it to be 'stealthed' if possible? Can anyone help advise please?

This is my first time using Teltonika equipment and my usual preferred vendor is stealthed out of the box. I'm hoping that Teltonika might become my preferred vendor in the future. Any help appreciated.

I have tried the following in the Firewall, without success:

  • Drop invalid packets is set to 'ON'
  • Automatic helper assignment is set to 'OFF'
  • INPUT=Drop, OUTPUT=Drop, FORWARD=Drop
  • Zone Forwarding on WAN is set to INPUT=Drop, OUTPUT=Drop, FORWARD=Drop 
  • Disabled all Traffic rules
  • SYN FLOOD PROTECTION=ON
  • REMOTE ICMP REQUESTS=OFF
  • SSH ATTACK PREVENTION=ON
  • HTTP ATTACK PREVENTION=ON
  • HTTPS ATTACK PREVENTION=ON
  •  PORT SCAN=ON

1 Answer

0 votes
by anonymous
Hello,

  

Thank you for reaching out!

Could you clarify why this would be needed? I'm not very familiar with GRC, but from what I sound online, a "stealth" port is just a port, that does not reply with a "rejected" message but rather drops the packet. It does not help with the security of the system in any way.

It seems like the status of this port is controlled by the system and cannot be overwritten by the user very easily. However if you can explain to me why this is needed, I might be able to find a better solution on how to achieve it.

Awaiting your response!

  

Best regards,
DaumantasG
by anonymous
Strange. What is the output of iptables -n -L |  grep 113 ?
by anonymous
It's empty, there are no rules visible that would indicate that this port is closed, but when all of the ports are opened, grc.com still shows port 113 as closed for some reason.
by anonymous

If there is no iptables rule to drop incoming 113/UDP packets they reach the udp layer, and as the port is closed the kernel replies with an ICMP port unreachable error.

So a workaround would be to drop this ICMP reply:

iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP

 

by anonymous
Thank you flebourse, but the scan still shows port 113 as 'closed'... It seems there is no way to alter the config for this port, which is disappointing.
by anonymous

but the scan still shows port 113 as 'closed'

How did you do this "scan" ? Did you have the initial filter rule set ? The workaround active ?

Could you take a tcpdump on the RUT during the scan : tcpdump -i any -n -v 'icmp or port 113'