cancel
Showing results for 
Search instead for 
Did you mean: 

how to "stealth" a Zyxel NBG-417N

Community Veteran
Posts: 1,699
Registered: 30-07-2007

how to "stealth" a Zyxel NBG-417N

Hi
Plusnet has very kindly let me have one of these to try, and it seems to be working fine, but according to Shields Up, the network is still visible.  How can I put it in "stealth" mode? Any ideas?
John
17 REPLIES
Community Veteran
Posts: 1,101
Registered: 10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

You just need to tell it not to respond to PING most likely.
Community Veteran
Posts: 1,101
Registered: 10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

Chapter 13.5 on pages 136 and 137 of your user manual, describe what to do.
Under Security >Firewall > Services select "do not respond to requests for unauthorised services" and also set "Respond to PING on" to "LAN"
Community Veteran
Posts: 1,699
Registered: 30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

I have that already set . But as I said Shields Up shows the ports as closed, not stealthed. I had a look at the manual on line and had found this
Quote
Note that the probing packets must first traverse the NBG-417N's firewall mechanism before reaching this anti-probing mechanism.
Therefore if the firewall mechanism blocks a probing packet, the NBG- 417N reacts based on the firewall policy, which by default, is to send a
TCP reset packet for a blocked TCP packet. You can use the command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall
mechanism blocks

But I'm afraid in my ignorance, it doesn't help much.
John
Community Veteran
Posts: 1,101
Registered: 10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

If you have selected "do not respond to requests for unauthorised services" and you have set PING to only respond on the LAN, then in Sheilds Up parlance you are stealthed, if Shields up says you are not stealthed, then either you have not selected those options or your NBG-417N is faulty.
Community Veteran
Posts: 1,699
Registered: 30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

Those options are the ones chosen, but I've attached the screen shot from Shields Up - Sorry about the resolution, but basically it says, that although the ports are closed, a hacker would still know there was a computer there.
According to the bit I quoted from the manual, it appears that the default is to send a response, if the probe is stopped at the firewall. It gives the command to prevent it, but I don't know how to set that command.
John
Community Veteran
Posts: 1,101
Registered: 10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

Well the page and chapter numbers I quoted from the manual say quite clearly that selecting those options disables the default behaviour and stops all responses.
If its not working you need to contact Zyxel and query what the problem is.
knowdice
Grafter
Posts: 328
Registered: 25-04-2008

Re: how to "stealth" a Zyxel NBG-417N

Quote
Note that the probing packets must first traverse the NBG-417N's firewall mechanism before reaching this anti-probing mechanism.
Therefore if the firewall mechanism blocks a probing packet, the NBG- 417N reacts based on the firewall policy, which by default, is to send a
TCP reset packet for a blocked TCP packet. You can use the command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall
mechanism blocks

Have you tried TELNET to issue this command?


Community Veteran
Posts: 1,699
Registered: 30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

@ fourfourdice - That's where the quote came from, and it appears to say that the firewall sends a response as default, and the only way to change the default is with that command.
@ knowdice - I guessed that's what I needed to do, but how do I do that? I can run telnet of course, but how do I access the router and give it the command?
John
Community Veteran
Posts: 1,101
Registered: 10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

Given that the manual says you can do it through the web interface, and its apparently not working, I would still recommend you contact Zyxel since there is obviously a fault.
knowdice
Grafter
Posts: 328
Registered: 25-04-2008

Re: how to "stealth" a Zyxel NBG-417N

Have just tried to telnet into mine and it doesn't seem to support telnet, so maybe an email to Zyxel tech support and see what they have to say...
Most if not all Zyxel routers I have tried in the past have allowed telnet, you just get prompted for the password then enter the command at the prompt.
Community Veteran
Posts: 1,699
Registered: 30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

I dropped a message to Zyxel earlier. I'll post back their response  Undecided
John
Community Veteran
Posts: 1,699
Registered: 30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

Got a response:
Quote
Thanks for contacting. You can block ICMP traffic using the firewall, but for any advanced security features you will need to upgrade to our professional security devices.

So being able to stealth ports is a "professional" security issue  Sad
John
Community Veteran
Posts: 1,101
Registered: 10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

Hmmmm, never had good experience of Zyxel, they seem to paint themselves as supplying sophisticated professional equipment, but I've found it to be buggy an often no more feature laden than cheap Netgear and no where near as good as cheap hardware solution running one of the open source router BIOS's.
Not responding on closed ports is quite frankly the norm today, there is nothing professional about it and being asked to pay extra for this would lead me straight to another supplier.
Community Veteran
Posts: 1,699
Registered: 30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

I agree.  Something for PN to think about (I can't complain really, since PN provided it for me to try out on the FTTC trial)  Wink
John