Good day all,

I was trying to "harden" my security a bit of my ER7206 router in combination with the OC200 controller. I did a portscan via grc.com and saw the following results:

The above scan was n't a big surprise: My ports 80 an 443 are indeed open. The shown "stealth" ports might be a default implementation and the closed ports makes sense, as this is the default response if a port is not reachable.

However, my goal is to have as much "stealthed" ports as possible, so in my case, only port 80 and 443 should be open, the rest should be "stealth". As the firewall doesn't seem to have an option not to respond to ports without services, I tried a "trick": Set a DMZ which is pointing to an IP address which is not in use:

The result was as follows after doing a portscan:

Althought the results are slightly better, why are some ports still reported as "closed"? I have three NAT rules: 1 for port 80, 1 for port 443 and the DMZ rule shown above.

Things got weirder after starting a second portscan with the DMZ set to purgatory (so still the same IP address which was not in use):

The results are different: some ports which were reported stealth previously are now reported closed and vice versa. A third scan showed -again- different results. How is that possible? It seems that there is a flaw in the DMZ implementation of this router.

Is anyone having the same issue? I have tried different firmware versions, but this problem exists in all versions.

My wish would be that there would be an option in the firewall to drop unsollicited traffic (and not report as "closed"). Secondly, this might also be possible with the DMZ trick, but then the above findings should be fixed in my opinion, so that all non NAT-ed ports are reported as stealth instead of closed.