Thread: Virgin SuperHub2 and DMZ setting
View Single Post
  #4   Report Post  
Posted to uk.comp.homebuilt,uk.d-i-y
David.WE.Roberts David.WE.Roberts is offline
external usenet poster
  
Posts: 569
Default Virgin SuperHub2 and DMZ setting
On Sat, 15 Feb 2014 12:01:06 +0000, Adrian C wrote:

On 15/02/2014 11:09, David.WE.Roberts wrote:
I now have my Virgin SuperHub2 set to accept incoming calls to a DMZ
(RPi running a VPN server).

I used 'shields up' to check what the ports were doing.

Now without DMZ turned on everything is stealthed.

With DMZ turned on Port 22 (ssh) and Post 1723 (pptpd for VPN) are both
opened automatically.

The rest go to 'closed' instead of 'stealthed'.

The opening of the two ports seems reasonable for an instant DMZ, but I
am puzzled why the other ports now show as 'closed'.
AFAIK a 'closed' port will show up on a port scan by 'bad people'
whereas a 'stealthed' one will not.

OTOH is I have 22 and 1723 open the router must be standing out like a
sore thumb anyway.


Don't put SSH in DMZ, use port forwarding with some other chosen number
instead, disable password authentication in SSH (or they'll be brute
forcing that) and enforce the use of private key certificates instead.

DMZ is a bit of a wildcard for web facing services where you don't want
those users also trawling through your local network (hence closed).

Best services of your LAN stays stealthed, and get a bit devious about
the use of 'standard' port numbers.

Thanks for the reminder about brute forcing SSH - have closed that port on
the firewall.

I haven't found a 'stealth' option in the firewall on the SuperHub2 though.

Now looking at alternative hardware and will start a new thread.

Cheers

Dave R
Reply With QuoteReply With Quote