How to block Specific Ports? D-Link 3780 Router.

[Thelps]

Does anyone know how to block specific Ports on a D-Link 3780 Router?

I can't find instructions on how to block individual, specific ports, both inbound and outbound.

Software Firewall on the computer isn't effective - blocking needs to be done from the Router's onboard software but I can't seem to find where to block specific ports.

Is anyone familiar with this router and can tell me how?

 

[Ian]

I can't find much information on that router, so it looks like it's one of the bundled ones for ISPs like TalkTalk. It may be that they've crippled the interface to limit users from creating problems with their own router (i.e. removing Firewall features). You may be able to re-flash it with DD-WRT or OpenWRT and gain access to these features.

As you've got an interest in OS Security, etc... perhaps consider setting up a PFSense (https://www.pfsense.org) firewall on something like a Raspberry Pi. It's really cheap and easy to do, plus gives you enterprise level of control over your firewall.

 

[Tim Locke]

I think a cheapo 2nd hand Intel PC would be easier than a Raspberry Pi for pfsense as the Pi does not really have the bandwith internally for 2 fast ethernet ports. And there is some doubt if the pfsense ARM implementation is really available and maintained.

 

[Ian]

I think a cheapo 2nd hand Intel PC would be easier than a Raspberry Pi for pfsense as the Pi does not really have the bandwith internally for 2 fast ethernet ports. And there is some doubt if the pfsense ARM implementation is really available and maintained.

Yep, that would be a better plan - I completely forgot that the RPi is only 10/100Mbps.

 

[Tim Locke]

Thelps. From what I could find out about that router it is an integrated ADSL modem, router and WiFi access point. And it is old.
My suggestions are.

1: Get Talk-Talk to supply you with a separate ADSL modem and provide your own router.

2. If the privacy thing is your main concern, buy a cheap old PC ( XP vintage would be about right) and a second Ethernet card and if you want Wifi a Wifi card. Both should be cheap. If you need more than one Ethernet port then also get a simple unmanaged Ethernet switch. Download PFsense and learn how to install it and set it up.
If the privacy thing is only secondary buy a modern name brand router. If you can find a second hand one on the DD-WRT compatibility list ( which would probably NOT be D-link, most likely a Linksys) even better. You can run just the router and replace the frmware with DD-WRT later.

3. Let the ADSL modem drive either of the solutions above.

Either way you'll end up with more cables festooning your computer set up...but thems the breaks.

 

[Thelps]

I think the problem is more serious than those who ascribe to 'Retail Therapy' can effectively remedy...

I could use some advice as to how to deal with connections listed as a result of the 'Netstat -ano' command.

Many of them begin with the Local Address field as follows:

Local Address

0.0.0.0: PortNumber

OR

[::]: PortNumber

The processes associated with the attached PIDs are almost always 'essential' windows services or services that cannot be disabled via the services.msc window.

I initially assumed that these were connections that were being redirected to a 'NULL' virtual port on the Router or NIC but have been advised elsewhere that they are effectively 'Broadcast' Ports that search for any and all available ports on which to broadcast data.

How can I disable activity on these ports given that my Firewall doesn't block this activity even when given accurate, enabled rules that specify protocol and port?

I'm still convinced there's malicious third-party activity here. The vast majority of people wouldn't want their computer broadcasting its activity.

It's also interesting to note that the IPs I've listed above output as when written on these forums.

 

[Thelps]

So, any further ideas?

I know, this looks like an elaborate trolling attempt, but this is the problem as I have it.

The overall goal is to render myself as completely hack-proof as possible, or so wholly time/cost-ineffective to hack as to only be made a target by those who wouldn't be allowed access to a computer for medical reasons and the general advancement of humanity as a species.

 

[Tim Locke]

Whatever you may think about 'retail therapy' a full scale commercial firewall will do the job...except of course for people who can sneak up to your computer(s) when you are not there. You might be better to have a separate computer that is air-gapped from the internet or any in home network and one that is connected .

 

[Thelps]

Oh, it might be (MIGHT BE) really simple.

I've got the attached image appearing in my system folders and other critical system files.

How do I disable this file-sharing feature?

I assumed my configuration of such options was accurate according to the instructions in Control Panel.

Maybe I've misunderstood something.

 

[Tim Locke]

I can reproduce that shared thing.

 

[Thelps]

Any ideas?

 

[Ian]

If you run "fsmgmt.msc" you can view all active shares (and remove them) - but there will be some default admin shares that can't be removed (but aren't publicly shared). This tool will also list any active connections.

 

[Thelps]

What should I do about this icon-like picture that displays in Windows 10's critical system folders?

It indicates that they're shared but obviously, as a private, non-corporate user I'm not governed by a corporation's policies on my usage of Windows. Particularly with a view towards maintaining privacy and my own interests as an individual Windows user.

I have no interests sharing the contents of my hard-drive with anyone whatsoever at this time and am very capable of uploading files, as the above image suggests.

The real question being: How can I disable all methods of remote access to my computer that represent data exchanges that, under the purview of common-sense, if nothing else, aren't authorised by myself or anyone else who uses this computer. But specifically: how do I disable all these network shares?

It seems Windows is configured in such a way as to blur the lines of who owns the computer. That must irrevocably damage the marketability of what is still the most advanced, secure OS on the market today.