EH-Net

Hi,

I have a Linksys home router WRT54G V.5 with firmware v1.02.2.  Behind it, wired, an XP SP2 and Fedora4 scan box.

When I scan something on the Internet with nmap, I don't get back all of the ports that are actually open.  For instance, here's the results when I scan a buddy's IP from either Fedora or XP...

>nmap -P0 x.x.x.x

PORT   STATE SERVICE
25/tcp open  smtp

I get the exact same result whether the scanning box is in a DMZ or not.

Here's what it looks like when I connect the scan box directly to my cable modem with the same nmap command on either scan box...

PORT     STATE SERVICE
25/tcp   open  smtp
110/tcp  open  pop3
111/tcp  open  rpcbind
8000/tcp open  http-alt

What gives? What's Linksys doing to corrupt the scan, is it NAT? I scan through a NAT connection at work [granted a more sophisticated router :-)]but we don't get weird results like this.

Can anyone recommend a home router that they know doesn't interfere with scanning?

Thanks,

-Sean

Strange, because I have scanned through the same router with no problem. Make sure you turn off the firewall in the router and you allow port forwarding if needed.  Or just do what you are doing by passing the router. Remember that when you are scanning or exploiting the less security and crap you have to go through to connect the better off you will be.

I disabled the firewall settings in the router and tried nmap again with the two scanners either in a DMZ or not, but still messes up nmap results.  Physically bypassing the router is a pain, and it prevents my other computers from using the Internet so it looks like I'll buy another router (Linksys hasn't had a firmware update for my model for a long time).  I'll post what I eventually get and the results.

Yes please keep us posted. I should have qualified that my router had some linux hacks. If I can find what I did a while back I will post it. It made not only a difference in my control of the router but also on my range.

Oh really? HHmmm, maybe I'l look into that first. Sounds like fun!

Maybbe u shouldforward or trigger the ports.

Well, it turns out mine is the unhackable VXworks version... :-(

http://www.seattlewireless.net/index.cgi/LinksysWrt54g

http://www.linuxelectrons.com/features/howto/consolidated-hacking-guide-linksys-wrt54gl

Well, it turns out that it may be possible after all...

http://www.bitsum.com/openwiking/owbase/ow.asp?WRT54G5%5FCFE#h6

gonna try this tonight I think.

Hey thats cool and good luck with it.

OK, I killed two birds with one stone after all. See:

http://www.linuxquestions.org/questions/linux-networking-3/wpa-configuration-for-ubuntu-7.10-600289/

Anyway, flashing my Linksys WRT54G v.5 with the was going great until the last step.

http://www.scorpiontek.org/portal/content/view/27/36/1/3/

It never rebooted by itself after at least 30 minutes, so I power cycled.  After that it stopped responding altogether. Now I have an expensive 4-port switch.  :-(

So, thinking that I'll get myself a a WRT54GL at some point later, I needed something to keep me going for a while.  I got the cheapest wireless router I could find today, Trendnet TEW-452BRP, will cost $10 after when the rebates come in in a few months.  It of course was a pain to set up, you HAVE to use the Windows installation CD and move cables and power cycle stuff in exact order and exactly when the stupid software tells you to... BUT

I nmapped a few addresses connected directly to the router, then did the same ones connected to the router... and the results were exactly the same! Not to mention this new "cheap piece of crap" router solved my Linux wireless problems too... the signal even carries up two floors in my house very well!

 Amazing when the cheap hardware performs better than the overpriced name brand stuff, but I have run into that also.
  Good job on keeping with it until you solved your issue. Sounds like your good to go. To paraphrase an old saying, "there are few problems in hacking that persistence cant solve". Be a little careful about going to wild with scanning blindly over the net. Some ISPs monitor that and will cut your connection.

Er, typo, should be directly connected to modem, then through router...


Your're right, I don't, I happen to work for an ISP too!  :-)