?
Solved

PPTP Port 1723 Security Scan port as open

Posted on 2004-04-23
5
Medium Priority
?
6,641 Views
Last Modified: 2008-01-09
I went to the symantec site and used their Security Scan program to scan my network to see if it was safe. The program results said my port 1723 is open and could be used for an attack. Now I need this port open so I can VPN into my server. I am using a Linksys router BEFSR41 to forward the port to my VPN server. How can I stealth or hide this port and still be able to use it?
0
Comment
Question by:Djrobluv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 10

Expert Comment

by:snerkel
ID: 10903902
Simple answer you can't.

If you stop the VPN server but leave the port forwarding instruction then the port becomes stealthed.

If the VPN server is running then in order for you to connect the port will respond as open.
0
 
LVL 11

Expert Comment

by:PennGwyn
ID: 10905035
Presumably, a client trying to use the VPN must not only connect to the port, but then negotiate encryption and authenticate.  IF you've configured your VPN well (Symantec has no way to check that!) then you've very little to worry about.

0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10906790
You can't stealth it as it NEEDS to be open for PPTP VPN users.  I wouldn't worry too much about it.
The worse that could happen is that an intruder could find out your username and brute-force your password, so make sure you have two-factor authenitication in place (RSA SecurID / Alladin) and ensure you're logs are set to log all login attempts, and alert you if you start getting suspicious activity.
0
 
LVL 7

Expert Comment

by:shahrial
ID: 10920183
Ensure you use a strong password...minimum 8 character(alphanumeric, uppercase / lowercase combination & use of special characters)...that should make it complex....
0
 
LVL 1

Accepted Solution

by:
axelt earned 1000 total points
ID: 10956658
All TCP communication start with a three way handshake:

First: a SYN packet from the source. "Hello, are you there?"
Second: a SYN_ACK packet from the destination is sent back to the source. "Yes, I'm here"
Third: an ACK packet from the source: "Let's talk"

You can see what state communcations are in by running the netstat command.
Most port scanning is done by sending SYN packets to all ports on the server. All open ports will reply with a SYN_ACK packet. And the scanner sees the port as open. If the scanner wants too, he can also completely connect to the port to see more information about the port.

But you can increase security:
If you only VPN in from a permanent/semi-permanent location you can stop all incoming VPN from other locations.

F.ex lets say you work from time to time from home. You do not have a static ip address at home, but the ISP gives you addresses in 130.45.x.x range
Add a filter to your router/firewall only allowing 1723 access from 130.45.0.0 mask 255.255.0.0 and 99.9% of the internet is blocked....
If you have a static ip - you could add only that ip - much more secure.

Another option is using L2TP/IPSec instead of PPTP - That way you can use a sertificate installed on the machine you use to connect to VPN.
If you use windows 2000 and use nat on the router, see this link http://support.microsoft.com/default.aspx?scid=kb;en-us;818043

I would recommend you use a separate account without admin-rights and strong password + account lockout after f.ex 3 tries to connect to your VPN.

If you want access from all over the world, using any machine. Not much you can do except using a strong password. Security and ease of use go in opposite directions.... :)
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question