Fritz!Box 3490 Port 113 Closed (Not in Stealth)

[UK Sentinel]

Ok, So I plugged back in my Fritz!Box 3490 yesterday and it is running the latest firmware (07.01) and have run a GRC SHIELDSUP (https://www.grc.com) test on the router to see if all ports are in Stealth mode, I was surprised to find that port 113 is CLOSED, but not in Stealth mode.

I thought I had run this test in the past, maybe with an older firmware, and the GRC Shields up test reported all ports where in Stealth mode?

Port 113 is associated with the IDENT Service and my Fritz!Box is running dual IPv4 and IPv6 setup, so maybe something I have missed , cannot seem to find a way to fully stealth this specific port, or find the associated service using port 113?

For those reading this thinking, maybe port 113 should be CLOSED and not STEALTHED, I have heard the discussions, I raised this thread as the Friz!box has a very specific setting called ‘Firewall in Stealth Mode’, which can be toggled On or Off, hence my original question .

 

 

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

Liked by:

You need to login in order to vote

[Francis Grizzly Smit]

yep on a fitz!box 7590 how do I stealth this port

Share the knowledge

You need to login in order to vote

[UK Sentinel]

Francis Grizzly Smit wrote:

yep on a fitz!box 7590 how do I stealth this port

Well officially via AVM ‘No’ – but have a read of this thread as some have tried this option with success, make sure you test all your ports afterwards just to make sure ?

Stealthing port 113 on NAT routers

https://www.grc.com/port_113.htm

———

In Brief:

In theory to configure a NAT routers to full stealth. The trick is to use the router’s own
“port forwarding” configuration options to forward just port 113 into Very high ip address.

i.e.

Set the router to forward port 113 packets to a completely non-existent IP address, one way up at the end of your router’s internal address range. The router will then NOT return a port closed status. It will simply forward the port 113 packet “nowhere” . . . and your network will be returned to full stealth (in theory)

Never tried this but does sound feasible.

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Francis Grizzly Smit]

tried the forward port way up high to nothing did not work on my fritz!box 7590

Share the knowledge

You need to login in order to vote

[UK Sentinel]

Francis Grizzly Smit wrote:

tried the forward port way up high to nothing did not work on my fritz!box 7590

Can you show us the configuration you used and how are you testing if Port 113 is OPEN/Stealth etc ?

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Francis Grizzly Smit]

I used Inernet->Permit Access->Add Device For Sharing...
then I chose

1. Device: Enter the IP address manually
2. IPv4 address: 192.168.188.254
3. clicked New sharing...

then I added

1. Application: Other application
2. name: Null
3. Protocol: TCP
4. Port to Device: 113
5. through… : 113
6. Port requested: externally: 113

then

1. OK
2. Apply
3. and Apply again to get the green bubble.

   then I tested with  shields up on https://www.grc.com/x/ne.dll?rh1dkyd2 using both Common ports and probing just 133 using User Specified custom port Probe

tried doing UDP as well still the same result Closed but not Stealth

 

most disappointing

Share the knowledge

You need to login in order to vote

[Grisu]

Not working with your workaround on my 7590 either.

Share the knowledge

Liked by:

You need to login in order to vote

[UK Sentinel]

Can 192.168.188.254 be replaced with say 254.254.254.230 ?

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Francis Grizzly Smit]

that’s completely outside my NAT’s range I might try it

 

Share the knowledge

Liked by:

You need to login in order to vote

[Francis Grizzly Smit]

An error occurred.

Error description: The IP address is not located in a permissible FRITZ!Box network.

Share the knowledge

You need to login in order to vote

[UK Sentinel]

Oh well, worth a try, so seems my suggestion does not work

Edit: can both TCP and UDP be forwarded as you have originally (2 rules) ?

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Grisu]

You cant forward to an address outside your home subnet (must result in a failure)!

Of course I tried setting the rule for both UDP and TCP, each in a seperate rule and for IPv4 and IPv6.

Share the knowledge

You need to login in order to vote

[UK Sentinel]

Oh well, seems port 113 for Fritz!box cannot be put into Stealth, only Closed or Open ?

 

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Francis Grizzly Smit]

Wish they would tell us why it cannot be stealthed and why I cannot turn of ICMP ping

 

Share the knowledge

You need to login in order to vote

[UK Sentinel]

I wonder if @Grisu has any contacts for AVM ? or good information

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Author]

Posts