cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how to "stealth" a Zyxel NBG-417N

hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

how to "stealth" a Zyxel NBG-417N

‎30-12-2010 10:40 PM

Hi
Plusnet has very kindly let me have one of these to try, and it seems to be working fine, but according to Shields Up, the network is still visible.  How can I put it in "stealth" mode? Any ideas?
John
Message 1 of 18
(5,983 Views)
0 Thanks
17 REPLIES 17
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

‎30-12-2010 10:45 PM

You just need to tell it not to respond to PING most likely.
Message 2 of 18
(1,254 Views)
0 Thanks
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

‎30-12-2010 10:58 PM

Chapter 13.5 on pages 136 and 137 of your user manual, describe what to do.
Under Security >Firewall > Services select "do not respond to requests for unauthorised services" and also set "Respond to PING on" to "LAN"
Message 3 of 18
(1,254 Views)
0 Thanks
hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

‎31-12-2010 1:02 AM

I have that already set . But as I said Shields Up shows the ports as closed, not stealthed. I had a look at the manual on line and had found this
Quote
Note that the probing packets must first traverse the NBG-417N's firewall mechanism before reaching this anti-probing mechanism.
Therefore if the firewall mechanism blocks a probing packet, the NBG- 417N reacts based on the firewall policy, which by default, is to send a
TCP reset packet for a blocked TCP packet. You can use the command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall
mechanism blocks

But I'm afraid in my ignorance, it doesn't help much.
John
Message 4 of 18
(1,254 Views)
0 Thanks
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

‎31-12-2010 1:09 AM

If you have selected "do not respond to requests for unauthorised services" and you have set PING to only respond on the LAN, then in Sheilds Up parlance you are stealthed, if Shields up says you are not stealthed, then either you have not selected those options or your NBG-417N is faulty.
Message 5 of 18
(1,254 Views)
0 Thanks
hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

‎31-12-2010 1:32 AM

Those options are the ones chosen, but I've attached the screen shot from Shields Up - Sorry about the resolution, but basically it says, that although the ports are closed, a hacker would still know there was a computer there.
According to the bit I quoted from the manual, it appears that the default is to send a response, if the probe is stopped at the firewall. It gives the command to prevent it, but I don't know how to set that command.
John
Message 6 of 18
(1,254 Views)
0 Thanks
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

‎31-12-2010 2:02 AM

Well the page and chapter numbers I quoted from the manual say quite clearly that selecting those options disables the default behaviour and stops all responses.
If its not working you need to contact Zyxel and query what the problem is.
Message 7 of 18
(1,254 Views)
0 Thanks
knowdice
Rising Star
Posts: 381
Thanks: 19
Registered: ‎25-04-2008

Re: how to "stealth" a Zyxel NBG-417N

‎31-12-2010 10:13 AM

Quote
Note that the probing packets must first traverse the NBG-417N's firewall mechanism before reaching this anti-probing mechanism.
Therefore if the firewall mechanism blocks a probing packet, the NBG- 417N reacts based on the firewall policy, which by default, is to send a
TCP reset packet for a blocked TCP packet. You can use the command "sys firewall tcprst rst [on|off]" to change this policy. When the firewall
mechanism blocks

Have you tried TELNET to issue this command?


Message 8 of 18
(1,254 Views)
0 Thanks
hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

‎31-12-2010 10:40 AM

@ fourfourdice - That's where the quote came from, and it appears to say that the firewall sends a response as default, and the only way to change the default is with that command.
@ knowdice - I guessed that's what I needed to do, but how do I do that? I can run telnet of course, but how do I access the router and give it the command?
John
Message 9 of 18
(1,254 Views)
0 Thanks
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

‎31-12-2010 11:05 AM

Given that the manual says you can do it through the web interface, and its apparently not working, I would still recommend you contact Zyxel since there is obviously a fault.
Message 10 of 18
(1,254 Views)
0 Thanks
knowdice
Rising Star
Posts: 381
Thanks: 19
Registered: ‎25-04-2008

Re: how to "stealth" a Zyxel NBG-417N

‎31-12-2010 11:43 AM

Have just tried to telnet into mine and it doesn't seem to support telnet, so maybe an email to Zyxel tech support and see what they have to say...
Most if not all Zyxel routers I have tried in the past have allowed telnet, you just get prompted for the password then enter the command at the prompt.
Message 11 of 18
(1,254 Views)
0 Thanks
hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

‎31-12-2010 1:18 PM

I dropped a message to Zyxel earlier. I'll post back their response  Undecided
John
Message 12 of 18
(1,254 Views)
0 Thanks
hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

‎01-01-2011 1:26 PM

Got a response:
Quote
Thanks for contacting. You can block ICMP traffic using the firewall, but for any advanced security features you will need to upgrade to our professional security devices.

So being able to stealth ports is a "professional" security issue  Sad
John
Message 13 of 18
(1,254 Views)
0 Thanks
fourfourdevon
Grafter
Posts: 1,101
Thanks: 2
Registered: ‎10-09-2010

Re: how to "stealth" a Zyxel NBG-417N

‎01-01-2011 2:28 PM

Hmmmm, never had good experience of Zyxel, they seem to paint themselves as supplying sophisticated professional equipment, but I've found it to be buggy an often no more feature laden than cheap Netgear and no where near as good as cheap hardware solution running one of the open source router BIOS's.
Not responding on closed ports is quite frankly the norm today, there is nothing professional about it and being asked to pay extra for this would lead me straight to another supplier.
Message 14 of 18
(1,254 Views)
0 Thanks
hulls
Grafter
Posts: 1,699
Registered: ‎30-07-2007

Re: how to "stealth" a Zyxel NBG-417N

‎01-01-2011 3:25 PM

I agree.  Something for PN to think about (I can't complain really, since PN provided it for me to try out on the FTTC trial)  Wink
John
Message 15 of 18
(1,254 Views)
0 Thanks