Cannot stealth ports with CFP3 or router.

[Guest]

[Vettetech]

You can add a Linksys router for cheap.

[sded]

So switching to "full feature" didn't do anything?    Had hopes, since your other detailed diagram looks like a port forwarding setup for use with stealthed ports.  Oh well, closed ports will make you a lot more popular with the hackers trying to find an entry.  Or a Linksys is REALLY cheap on eBay if you don't want wireless. 

[Vettetech]

http://www.bestbuy.com/site/olspage.jsp?skuId=5250774&st=linksys&type=product&id=1051384663529

[Comofo]

Thanks Vet,
 That's exactly the one I currently residing in my drawer right here...and this one here:

http://www.speedguide.net/read_reviews.php?id=106

If there's a way to stealth - it's not discussed in the manual, and I just don't quite get port/address filtering yet -  I just read the whole thing twice.
I DO however now possess a better understanding of what LAN,WAN, and NAT actually are and their fundamentals.
I will post results of new config/status.

 

[Comofo]

Well, I'm done. It seems that EL hands me (the Zyxel) a new ip address every time (so it's not really "me" being scanned) and drops all unsolicited inbound packets anyways, so the port scan is a wash since I'm secured on this side of the router.
Everything that does come through is then subjected to the Comodo rules, and I'm comfortable with that.
Between that, D+ HIPS, realtime antivirus/antispy-adware, frequent rk/hjt scans...and to top it off, I usually type with one hand while training a .38 at my modem with the other. 

[sded]

Other than knowing you are there (FUD popularized by GRC, who claim to have invented the "stealth" term, in violation of the TCP/IP standard) you should be perfectly safe.  Your "new"address may be the same as your old address a lot of the time, but if you leave it off for a while will change.  The way to think of it is that your internet IP is that of your router, not your computer.  Your computer IP is the LAN IP on that side of the router, protected externally by NAT, internally by CFP3.  But "stealth" has become so popular in the media that everyone wants it.    Users do not want to hear that closed works just fine.  And that open is usually not  a problem either unless something is listening that can do you some damage.

[Comofo]

Thank you Sded,
That is precisely the conclusion that I came to over my last few days of reading/research. The red "Failed" stamps at Shields Up had my panties in a bunch, but rather than give in to panic, I actually took the time to try to learn what was happening - and it's no big deal. Hell, every other time I log in this forum my addy's different - did a geo-IP trace and apparently I'm out in Santa Monica, Ca (but I'm not really...teehee ).

Thank you very much for bearing with me here...worse comes to worse I still have those extra routers.

 

[Comofo]

Thank you guys, here's the latest:

GRC Port Authority Report created on UTC: 2008-04-10 at 05:26:58

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                            119, 135, 139, 143, 389, 443, 445,
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

...oh yeah...

[Vettetech]

Woohoo......................it only took you 20 tries. LOL. Just teasing bud. I love my 2Wire Gateway DSL modem. Its set to full lock down.

[Comofo]

Dude, I'm totally stoked.

I searched and searched for more info regarding that little Zyxel and it's security restrictions but came up with very little in the way of hard information. It was sded's remark about the crippled firmware that got me concerned, as the thing is rather pathetic. So...after tightening it up again, I bridged it to a Linksys WRT54G and then...well, you know the rest. Btw, the wireless sig coming off of that little guy is great - I'm trying to find a place in my house where it gets below Very Good and can't seem to do it.

My only concern now is that my old laptop doesn't have WAP and I must therefore use WEP in this neighborhood of many networks (there are over 20 available from my bedroom) but I did use the MAC restrictions so maybe I'm okay...

[Vettetech]

Just be sure you use a good password. Nothing related to you. My password that use for most logins and email accounts has absolutely nothing to do with me or my or anything. I bet no one could ever figure it out.

[Comofo]

Is it "password"? 

[Vettetech]

No the password is 123456789.........................

[Comofo]

Am I correct in assuming that I should disable "block anonymous requests" when I torrent?

[Comofo]

Tonight I had a most emotional experience; while flashing my WRT54G with DD-WRT I bricked it.

Followed the guide to the letter and read every Wiki I could Google.

This was a little tricky, as I was flashing a bridged machine and the addresses have to be exact.

Almost finished I attempted to tftp the .bin file and - no go.

Went to take a peek at the Linksys and not even a power light on it.

Couldn't ping it, nothing - brick central, right?

Wrong.

I actually fixed it, and am running RC5 at this very moment.

Gonna write a tutorial for other idiots like myself when I get a sec...damn, I'm really awesome...

[Tags:]