As NJH mentioned, just have one option available for remote accesss as I do, i.e. only HTTPS.

I would still change all the common ports though for HTTP, FTP, Telnet etc even for your local side....

You can still then have remote manaagement available and at the same time be classed a stealth.....

you can't have an open port and be classed as stealth. that defeats the point. how can a listening port ie https receive connections if its not listening or blocked?
as mentioned above, you can:
1. move off the standard ports (not brilliant)
2. connect via vpn
3. limit ip ranges to the listening ports

Stealth from the common ports I should have said.

If someone wants to scan every 'out-of-the-ordinary' ports then crack on..... if you have decent security practices in place, then you should be okay............[/quote]

Hi,

Just reading this post with interest. I fail with "port 0" being open.

Any suggestions to how I block this please ?

Yockers.

I had this issue once before and it was something to do with when I installed new firmware.

To remedy it, I had to re-install the firmware with the version that factory resets the unit and then set the unit up from scratch.. This solved the problem for me.....

I would recommend making a backup of your setup first, then do the firmware, then run the test....

Hope this helps

Fixed it. For everyone's reference, it's mentioned in the Advanced Section of the Draytek FAQ's@

http://www.draytek.com/user/SupportFAQDetail.php?ID=347

Thanks for replies though.

I now need to understand if I'm better off showing my zero, so to speak, or not ! As the description to the DoS checkbox looks like something I'd like to be doing, even though it's a little vague:

"Block TCP packets with irregular flags to avoid the security hole exploring outside."