Uber Broadband letting pings through - worrying or who cares?

Forums › New Zealand Broadband › Uber Broadband letting pings through - worrying or who cares?

dmshimself

43 posts

Geek

#311552 26-Jan-2024 12:46

I began using Uber NZ for broadband ages ago and my early tests showed the router was very secure and let very little, if any traffic through to my home network. The support staff are excellent - best I've found.

Recently I've found Uber allow anyone to ping an Uber router and get a positive acknowledgement. As an ex IT person with a strong security background, my first reaction was to jump and ask to get that changed, but apparently they cannot as it is used for 'security and monitoring' purposes. That sounded not quite right to me as the ISP should be able to use their own infrastructure for such checks, not the public IP. And pings didn't used to get through.

This issue does allow a bad actor to know there is an active router and perhaps crank up some more action.

In the short term I've put a pfsense firewall up between the router and my network and I can see a fair amount of port scanning going on and a few other locations with bad IP reputations having a stab at me from time to time.

Any other Uber customers around with observations?

Anyway, should I be concerned? Opinions valued!!

UberOverLord

9 posts

Wannabe Geek
+1 received by user: 1

Uber Group

#3186779 26-Jan-2024 12:59

Hey there.

So we've always let ICMP "through" to our CPE onsite. There are no circumstances where the CPE wouldn't be 'pingable' externally. The reasons for this are many (pmtu comes to mind) and it has never been the case, in our 20 odd years, otherwise.

With respect to the port scanning you're seeing on pfsense; reach out to me directly with logs if you like. We do quite a lot from a security perspective and a small amount will be normal, a large amount not so much.

Cheers

UberOverLord

9 posts

Wannabe Geek
+1 received by user: 1

Uber Group

#3186782 26-Jan-2024 13:08

3 further points;

icmp is not being forwarded to your router; it is the CPE under our control that is replying.
unless you have a DMZ to your pfsense device, there is no way for any port scans coming in our interface to get to you

check any vpn's you're running. Are you sure the traffic of concern is not coming in on those interfaces? Logs will show.

dmshimself

43 posts

Geek

#3186924 26-Jan-2024 15:41

That is extremely helpful. A couple of thoughts from me. When I first got the Uber router, the Gibson Shields Up! gave a perfect result. I know its not a professional tool, but has always given me a good starting point. I should have taken a screenshot! From my unreliable memory this ping-ability only started this year, so from what you have said it seems to be much more likely to be something I have put in place. The things changed by me this year are pretty minor. The first significant thought is Tailscale and I'll take a look at that being the culprit.

Thanks for the offer to look at the pfsense logs and I'll do some homework first, but I might well pass them on.

I'm leaning towards the 'who cares' answer rather than my initial jumping to worrying.

Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified

Trusted

Lifetime subscriber

#3187028 26-Jan-2024 18:04

dmshimself:

Anyway, should I be concerned? Opinions valued!!

No.. However you may not value my opinion because it involves taking people who like to disable ping into a dark alleyway and applying percussive maintenance to them.

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

UberOverLord

9 posts

Wannabe Geek
+1 received by user: 1

Uber Group

#3187036 26-Jan-2024 19:02

This made me laugh entirely too much.