New G router opens port 113 if "deny ping" is enabled

[ThePiston]

I just bought a Belkin Wireless G router. I scanned the firewall using "Shields Up!" at www.grc.com and it wasn't stealth even though all of the ports were "stealth" so I checked the text of the test and it said my router was accepting ping requests. I shut off the ping request in the router settings. Now when I scan the firewall it shows port 113 as being "closed" and not "stealth". Anyone know how to close this port for good AND deny ping requests?? My old Netgear B router did this...

 

[ThePiston]

Nevermind... I found the answer and I'll post it in case anyone searches for this later-

"The good news is . . . it is possible to configure NAT routers to return them to full stealth. The trick is to use the router's own "port forwarding" configuration options to forward just port 113 into the wild blue yonder. Just tell the router to forward port 113 packets to a completely non-existent IP address, one way up at the end of your router's internal address range. The router will then NOT return a port closed status. It will simply forward the port 113 packet "nowhere" . . . and your network will be returned to full stealth status."

 

[n0cmonkey]

Ping isn't evil, "stealth" is a waste of time.

 

[StormRider]

Thanks for the post. I have a wireless Belkin HSM G Router and this tidbit will probably be useful later on.

 

[ThePiston]

well, i've pinged someone just to see if they were online before... now no one can do that to me.

 

[Mark R]

Indeed, and port 113 is also frequently used by various services like e-mail, IRC, etc. as part of an optional authentication process.

With the port closed, a server pinging you on this port will know the port is closed and carry on. With the port stealthed, the server will think it's just a bad connection, and waste time repeatedly trying to contact you - which delays processing your request.

113 is so frequently used in the background that some routers don't block it by default because it can cause seemingly unrelated and difficult to trace problems.

 

[n0cmonkey]

Originally posted by: ThePiston
well, i've pinged someone just to see if they were online before... now no one can do that to me.

Instead all packets disappear, and they know you're online. :roll: