Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1712
Views
0
Helpful
6
Replies

Stealth Router

harris-ross
Level 1
Level 1

‎11-29-2004 11:48 AM - edited ‎03-02-2019 08:16 PM

I have a 831 router, how do i configure it so that it does not respond to probes on the internet? At the moment it responds by saying port is closed but by doing so giving the game away. I want to block ports but also to make sure router is dead silence and does not respond by saying port is closed?

Any help would be kindly appreciated.

Thank you

Tony

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎11-29-2004 11:58 AM

The interface command "no ip unreachable" placed on the outbound interface will suppress those messages.

HTH

Rick

HTH

Rick
0 Helpful

harris-ross
Level 1
Level 1
In response to Richard Burts

‎11-29-2004 02:05 PM

Rick

Thanks for your reply; but I already have that command placed on the outbound (WAN)interface, and when I test my router it is still replying saying the ports are blocked??

How dyou disable or stop the replies coming from my router, my thinking is if it replies with ports closed it makes itself visible?

cheers

Tony

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to harris-ross

‎11-30-2004 06:24 AM

If you have no ip unreachable configured on the outbound interface then the router should not be generating messages that ports are blocked.

But I wonder if I understood correctly what the problem really is. Is it the router that is being probed and responding about port blocked or is it that something in the network behind the router is being probed and is generating the responses. If something else is generating the responses then no ip unreachable will not solve your problem. If it is something else generating the response and the router is forwarding the message then you will need a different solution. Probably you will want to have an access list which denies icmp unreachable messages (which are icmp type 3 messages) from being forwarded out the outbound interface.

Note that if you deny all icmp type 3 messages from being sent it will break Path MTU Discovery which relies on the icmp undreachable fragmentation needed and DF set which is icmp type 3 code 4. So your access list should permit icmp type 3 code 4 and then deny icmp type 3.

HTH

Rick

HTH

Rick
0 Helpful

harris-ross
Level 1
Level 1
In response to Richard Burts

‎11-30-2004 08:44 PM

Yes, I am probing the router and it is generating replies with "port blocked" and it is right the ports being probed are indeed blocked by an access-list? But what I was hoping to do was tell the router to drop any probe packets aimed at blocked ports if you see what I mean. Just to clarify e.g if I block port 23 on the router with an in coming access-list and then somebody probes port 23, I want the router to drop that packet rather than reply with a port blocked message??

Any ideas greatly appreciated

Tony

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to harris-ross

‎12-01-2004 09:13 AM

Perhaps it would help if you would post the configuration of the router.

HTH

Rick

HTH

Rick
0 Helpful

harris-ross
Level 1
Level 1
In response to Richard Burts

‎12-01-2004 10:38 AM

Rick

Please find attached the running config of the router. thanks

Preview file
6 KB
0 Helpful
Customers Also Viewed These Support Documents