I have a Linksys BEFSR41 Firewall/Router. Normally, if I were to go to www.grc.com and run the "Shileds Up" test, all of my ports show up as "Stealth". BUT...

I got an IRC related virus, it put IRC on my pc and also did something to the Linksys box. I have reinstalled the firmware on the router, but when I do a test on www.grc.com the IDENT port 113 shows now as "Closed" versus "Stealth". Linksys has no response.

I can get to the internet as always, but I have this one port as showing as described above. No viruses I can speak of, I have scanned with Norton, Ontrack, and also Housecall.

Do I dare do more research on the IRC related virus? Could it have done something to my hardware firewall?

I thank you all in advance, the Linksys firmware is the December 13th, 2002.

Housecall and Norton etc are not trojan hunters.. you need www.anti-trojan.net see what that says.

Make sure you set it to check within zipped/compressed files.


(:p )

Zippers and Trojans and Housecalls, oh my!

:p

gotta take the comma off the end of that link NooNoo;)

or you could just post it again in a different reply..one closer to 9000:D

My issue is more of the fact that my port 113 shows as closed when for the first year of ownership it showed as stealth. I can only associate the port change due to some IRC trash that had "briefly" infected my homeLAN.

NooNoo, congrats on 9000! Someday I too will be there....that day is far away, but someday.


Tests at www.grc.com and also www.dslreports.com show my setup as secure, but I am just an anal person.

Originally posted by trippinfool
My issue is more of the fact that my port 113 shows as closed when for the first year of ownership it showed as stealth. I can only associate the port change due to some IRC trash that had "briefly" infected my homeLAN.

NooNoo, congrats on 9000! Someday I too will be there....that day is far away, but someday.


Tests at www.grc.com and also www.dslreports.com show my setup as secure, but I am just an anal person.

Either that or maybe the guys at grc have found a way to unstealth it and show it as closed (like the little disclaimer thing says after you've scanned) Maybe try contacing them and see if it's a common exploit or something.

Update on my own issue:

I tried the 1.4.2.6 firmware, ran a scan at www.grc.com and all ports were stealth.

Redid the 1.4.4.2 firmware, did another grc.com scan, port 113 was closed.

It was the firmware, thank you to all that were involved!

I went back the the 1.4.4.2 version on my BEFRS41, speed and ping seemed to be faster with this one!

Unless you have all your other ports stealthed, there's not a whole lot of reason to worry about ident being stealthed also. If they can see anything on that IP, they know something's there... It's gotten to the point where some people don't evne consider an open ident port to give away any useful information.

Also, stealthing ident can cause delays. Some servers request ident information when you make a connection. If the port is closed, it immediately sends back a "Nope, I'm not telling you." response and the connection goes on its way. If it's stealthed, all incoming packets are simply ignored. The server will keep waiting for a response until the connection times out. This can cause a delay before the useful part of the connection can continue.

FYI, Steve Gibson is quite sensationalistic. grc.com is a good quick test, but don't accept everything he says as gospel or anything. http://www.grcsucks.com/

Originally posted by InvisiBill
Unless you have all your other ports stealthed, there's not a whole lot of reason to worry about ident being stealthed also. If they can see anything on that IP, they know something's there... It's gotten to the point where some people don't evne consider an open ident port to give away any useful information.

Also, stealthing ident can cause delays. Some servers request ident information when you make a connection. If the port is closed, it immediately sends back a "Nope, I'm not telling you." response and the connection goes on its way. If it's stealthed, all incoming packets are simply ignored. The server will keep waiting for a response until the connection times out. This can cause a delay before the useful part of the connection can continue.

FYI, Steve Gibson is quite sensationalistic. grc.com is a good quick test, but don't accept everything he says as gospel or anything. http://www.grcsucks.com/

every site, no matter where it is, needs to be taken with a grain of salt. I've read the material at both sites, and i believe the Steve does know a LOT about networking and security. Do i take everything he has to say seriously? no. But then again, I don't take everything here as the word of gospel either. If you don't like that site, fine, don't let that color your judgement and turn other people off the usefull information that CAN be found there.