What's new

(solved) Block port 389 in ACL

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

GikaH

New Around Here
Hi!

I've been attacked (DDOS etc) I'm looking for possibility to block port 389 (used by LDAP). After researching this a little in web I found that there is only a guide for Cisco routers etc.

So I checked whole RT-AC87U GUI but found nothing.
After that I just added a firewall rule to filter 389 port there, but when I checking this port on my IP i can see:
Host is up.
PORT STATE SERVICE
389/tcp filtered ldap

So it's not closed just filtered.

Is there an option to close (not just filter) this particular port on Asus router? Can be SSH/Telnet/Web.

Thanks for reply!
 
You don't need to do anything. All incoming ports are blocked by default.

The nmap result of "filtered" is what you want. It means that there was no response from that port so nmap can't determine whether there's anything there or not. A response of "closed" would mean that your router had actually replied to the probe with "I'm closed at the moment", which is not what you want.
 
This reputable site can scan your ports to see how they respond:
https://www.grc.com/x/ne.dll?bh0bkyd2

Here is the text summary from scanning my port 389:

GRC Port Authority Report created on UTC: 2018-08-21 at 16:21:00

Results from probe of port: 389

0 Ports Open
0 Ports Closed
1 Ports Stealth
---------------------
1 Ports Tested

THE PORT tested was found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

OE
 
Thank you ColinTaylor and OzarkEdge for answers.
I asked for these, because after DoS attack some guy in ISP support center told me that 389 port should be "closed" in my environment.

I checked my IP on page provided by OzarkEdge and whole ports are in "Stealth" mode so I'm very glad :)

Thank you again - it's solved.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top