Accessibility Resource Center Skip to main content
Get it fast with In-store & curbside pickup or same day delivery.

How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Reply
ssking
Contributor
Contributor
Posts: 4
Registered: ‎10-07-2010

How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Message 1 of 13
(5,779 Views)

Hello..

 

I have FIOS with MI424WR-GEN2 Rev E and I'm trying to stealth the ports while running a web/ftp server on one of my private IP systems.

 

Please advise router/ firewall settings. 

 

Thanks much,

 

Steve

12 REPLIES 12
jumpin68ny
Gold Contributor VII
Gold Contributor VII
Posts: 1,778
Registered: ‎05-14-2009

Re: How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Message 2 of 13
(5,727 Views)

What do you mean by "stealth" a port?

ssking
Contributor
Contributor
Posts: 4
Registered: ‎10-07-2010

Re: How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Message 3 of 13
(5,714 Views)

I was told that the MI-424 will let me use port forwarding to run an FTP server on a private IP/NAT system..  and that  port 21 will pass a port scan test by looking like its closed to the port scan service like  grc.com Shields Up, etc..  so I guess "stealth" in this case means the port will not ping, etc.  but is still accessible to external computers with the right credentials.. 

 

thanks!   Steve

jumpin68ny
Gold Contributor VII
Gold Contributor VII
Posts: 1,778
Registered: ‎05-14-2009

Re: How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Message 4 of 13
(5,707 Views)

So if you go into the router by pointing your browser to:

 

192.168.1.1

 

Once you logon select Firewall Settings

See which one you have enabled.  By default it should be Typical (Medium)

 

Now Select remote Administration from the left.

Under Diagnotisc Tools uncheck both boxes

 

Now select Port Forwarding from the left menu

Select the PC which will accept the FTP traffic and then select Application to forward and choose FTP.

 

Is that you are looking to do?

 

 

Anti-Phish
Gold Contributor III
Gold Contributor III
Posts: 1,122
Registered: ‎12-04-2009

Re: How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Message 5 of 13
(5,660 Views)

@ssking wrote:

I was told that the MI-424 will let me use port forwarding to run an FTP server on a private IP/NAT system..  and that  port 21 will pass a port scan test by looking like its closed to the port scan service like  grc.com Shields Up, etc..   


You can't have it both ways.  If you forward a port to a server (e.g. FTP) and the server is listening, then the port is open.

Otherwise, you wouldn't be able to establish a connection to it from an FTP client on the internet. 

 

One thing you can do however, if you are connecting to your FTP server only from specific places, is to create an advanced filtering rule that only allows inbound packets on port 21 from those specific IP addresses.

 

BTW, you can't ping a port.  Ping is to an IP address, not a specific port.

 

ssking
Contributor
Contributor
Posts: 4
Registered: ‎10-07-2010

Re: How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Message 6 of 13
(5,643 Views)

Great points.. thanks..

 

I guess this boils down to 2 issues:

 

1) protect the FTP server's ports from denial of service attacks

2) protect the FTP server from ID/password guesses by hackers

 

Not sure what the server  (Userv) does about item 1)....  maybe some

sort of throttling of requests it processes

 

for item 2),  I can't be sure my users will be at a specific IP or MAC address but

the server blocks hackers if they connect more than 3 times in 30 seconds

which should adress second issue..  ?

 

I want to turn on the secure login (SSH I think) feature .. which should help

if the server requires a certificate for connection..

 

any other thoughts are most welcome

 

thanks much, steve

 

 

 

viafax999
Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 2,159
Registered: ‎11-10-2009

Re: How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Message 7 of 13
(5,624 Views)

Set your servers to use non standard ports and then share those port numbers with the users you want to allow access to.  That will cut down hacking attempts a lot.

Use port triggering to temporarily open ports

 Use port forwarding to non standard ports in combination with port triggering.

prisaz
Platinum Contributor III
Platinum Contributor III
Posts: 6,820
Registered: ‎08-23-2008

Re: How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Message 8 of 13
(5,603 Views)

 


@viafax999 wrote:

Set your servers to use non standard ports and then share those port numbers with the users you want to allow access to.  That will cut down hacking attempts a lot.

Use port triggering to temporarily open ports

 Use port forwarding to non standard ports in combination with port triggering.


That works some times, but I thought I would comment. My work slammed the door on none standard ports. So I set my SSH server to run on port 21 and not 22. My connect work until I tried a file trasfer through WinSCP in my SSH session. I am not sure what software they are running but they don't like it when it can't read a 2048bit encrypted connection. It seems like I am working for the NSA since they have gotten so tight. The network seems like it sets outbound firewall settings based on user account, because some can run WinSCP over SSH. Or perhaps I need to find out what port they want used.

 

Also depending on what the OP is running for a Web/FTP server.  I would not have my primary system set up as one, and then the one running the server would only have none critical content. They are inherently not very secure unless it is a very good product set up 100% correctly. That is why I was running SSH with WinSCP.

 

viafax999
Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 2,159
Registered: ‎11-10-2009

Re: How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Message 9 of 13
(5,587 Views)

Yes, had some of the same issues.

We have a commercial product that connects from a pc to a mainframe product using appc on a vpn connection.

Configured by default to use port 80 as most commercial sites allow port 80 access then ran into the issues of traffic scanners that were rejecting the port 80 traffic as non http so had to open another listener on our end on a non standard port.

ssking
Contributor
Contributor
Posts: 4
Registered: ‎10-07-2010

Re: How can I stealth my MI424WR-GEN2 ports with a web/ftp server running?

Message 10 of 13
(5,564 Views)

>>Also depending on what the OP is running for a Web/FTP server.  I would not have my primary system set up as one, and then the one running the server would only have none critical content. They are inherently not very secure unless it is a very good product set up 100% correctly. That is why I was running SSH with WinSCP.

 

good stuff..  IMO this is the other key aspect of hardening.. ie.. isolating the public facing app.. if poss.. run it in a sandbox with minimal rights.. etc etc..

 

thanx much.. I'm on it

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Have a spare Fios-G1100?Learn how to bridge it into your network
Get Started


Covid19

Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.