-
March 28th, 2003, 12:41 AM
#1
Linksys IDENT 113 Issue
I have a Linksys BEFSR41 Firewall/Router. Normally, if I were to go to www.grc.com and run the "Shileds Up" test, all of my ports show up as "Stealth". BUT...
I got an IRC related virus, it put IRC on my pc and also did something to the Linksys box. I have reinstalled the firmware on the router, but when I do a test on www.grc.com the IDENT port 113 shows now as "Closed" versus "Stealth". Linksys has no response.
I can get to the internet as always, but I have this one port as showing as described above. No viruses I can speak of, I have scanned with Norton, Ontrack, and also Housecall.
Do I dare do more research on the IRC related virus? Could it have done something to my hardware firewall?
I thank you all in advance, the Linksys firmware is the December 13th, 2002.
-
March 28th, 2003, 08:07 AM
#2
Driver Terrier
Housecall and Norton etc are not trojan hunters.. you need www.anti-trojan.net see what that says.
Make sure you set it to check within zipped/compressed files.
( )
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
March 28th, 2003, 08:37 AM
#3
Registered User
Zippers and Trojans and Housecalls, oh my!
Deliver me from Swedish furniture!
-
March 28th, 2003, 09:48 AM
#4
Registered User
gotta take the comma off the end of that link NooNoo
or you could just post it again in a different reply..one closer to 9000
-
March 28th, 2003, 11:09 AM
#5
My issue is more of the fact that my port 113 shows as closed when for the first year of ownership it showed as stealth. I can only associate the port change due to some IRC trash that had "briefly" infected my homeLAN.
NooNoo, congrats on 9000! Someday I too will be there....that day is far away, but someday.
Tests at www.grc.com and also www.dslreports.com show my setup as secure, but I am just an anal person.
-
March 28th, 2003, 11:56 AM
#6
Registered User
Originally posted by trippinfool
My issue is more of the fact that my port 113 shows as closed when for the first year of ownership it showed as stealth. I can only associate the port change due to some IRC trash that had "briefly" infected my homeLAN.
NooNoo, congrats on 9000! Someday I too will be there....that day is far away, but someday.
Tests at www.grc.com and also www.dslreports.com show my setup as secure, but I am just an anal person.
Either that or maybe the guys at grc have found a way to unstealth it and show it as closed (like the little disclaimer thing says after you've scanned) Maybe try contacing them and see if it's a common exploit or something.
"I feel like one of those mass murderers on death row. I never understood how the hell they got more chicks than I did. Now I know. They sold crap on eBay." -- Anonymous ebayer
"I figured out what's wrong with life: it's other people." -- Dilbert
-
April 9th, 2003, 08:48 PM
#7
Update on my own issue:
I tried the 1.4.2.6 firmware, ran a scan at www.grc.com and all ports were stealth.
Redid the 1.4.4.2 firmware, did another grc.com scan, port 113 was closed.
It was the firmware, thank you to all that were involved!
I went back the the 1.4.4.2 version on my BEFRS41, speed and ping seemed to be faster with this one!
-
April 11th, 2003, 12:08 PM
#8
Unless you have all your other ports stealthed, there's not a whole lot of reason to worry about ident being stealthed also. If they can see anything on that IP, they know something's there... It's gotten to the point where some people don't evne consider an open ident port to give away any useful information.
Also, stealthing ident can cause delays. Some servers request ident information when you make a connection. If the port is closed, it immediately sends back a "Nope, I'm not telling you." response and the connection goes on its way. If it's stealthed, all incoming packets are simply ignored. The server will keep waiting for a response until the connection times out. This can cause a delay before the useful part of the connection can continue.
FYI, Steve Gibson is quite sensationalistic. grc.com is a good quick test, but don't accept everything he says as gospel or anything. http://www.grcsucks.com/
-
April 12th, 2003, 08:33 AM
#9
Chat Operator
Originally posted by InvisiBill
Unless you have all your other ports stealthed, there's not a whole lot of reason to worry about ident being stealthed also. If they can see anything on that IP, they know something's there... It's gotten to the point where some people don't evne consider an open ident port to give away any useful information.
Also, stealthing ident can cause delays. Some servers request ident information when you make a connection. If the port is closed, it immediately sends back a "Nope, I'm not telling you." response and the connection goes on its way. If it's stealthed, all incoming packets are simply ignored. The server will keep waiting for a response until the connection times out. This can cause a delay before the useful part of the connection can continue.
FYI, Steve Gibson is quite sensationalistic. grc.com is a good quick test, but don't accept everything he says as gospel or anything. http://www.grcsucks.com/
every site, no matter where it is, needs to be taken with a grain of salt. I've read the material at both sites, and i believe the Steve does know a LOT about networking and security. Do i take everything he has to say seriously? no. But then again, I don't take everything here as the word of gospel either. If you don't like that site, fine, don't let that color your judgement and turn other people off the usefull information that CAN be found there.
<Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
-----------------------
Windows 7 Pro x64
Asus P5QL Deluxe
Intel Q6600
nVidia 8800 GTS 320
6 gigs of Ram
2x60 gig OCZ Vertex SSD (raid 0)
WD Black 750 gig
Antec Tri power 750 Watt PSU
Lots of fans
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks