Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Ubiquiti & ShieldsUp
ANglEAUT

2322 posts

Uber Geek

Trusted
Lifetime subscriber

#214603 20-May-2017 00:56
Send private message

For those who expose their Ubiquity router to the Internet, please run a Shields Up scan against your own device and post the results.

 

I'd like to know how yours compares to mine. Maybe a bit more tweaking via the CLI is required on my side.

 

Click to see full size

 

 




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

Create new topic
michaelmurfy
meow
13244 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1785010 20-May-2017 08:56
Send private message

Yeah you've got something a wee bit iffy with your firewall configuration:

 

 

Did you follow the guide in my signature?




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



Djmixerdomo
255 posts

Ultimate Geek


  #1785016 20-May-2017 09:21
Send private message

Mine looks fine, although I was following a guide from the best wink

 




PC: 5800X3D/32GB/RTX3070

 

Car: Toyota Celica GT-Four ST205

dfnt
1512 posts

Uber Geek

Lifetime subscriber

  #1785020 20-May-2017 09:32
Send private message

No issues with my ERL

 



RossT
9 posts

Wannabe Geek


  #1785135 20-May-2017 13:43
Send private message

All green and good - ERL and only using the default WAN rules from the intial setup.

 

"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests."

vulcannz
436 posts

Ultimate Geek
Inactive user


  #1785769 22-May-2017 09:27
Send private message

I don't know what you're worried about/testing for - packet filter firewall tests are relevant to the 1990s - not the present.

jnimmo
1097 posts

Uber Geek


  #1785798 22-May-2017 09:52
Send private message

vulcannz:

 

I don't know what you're worried about/testing for - packet filter firewall tests are relevant to the 1990s - not the present.

 

 

Sorry but that is a broad sweeping statement. If more people used ShieldsUp we wouldn't have seen the rapid spread of WannaCrypt, or security cameras sitting on the public internet, etc etc.

surfisup1000
5288 posts

Uber Geek


  #1785810 22-May-2017 10:16
Send private message

vulcannz:

I don't know what you're worried about/testing for - packet filter firewall tests are relevant to the 1990s - not the present.



Can you explain why?

The way routers can shield the internal network hasnt really changed for several decades.

Do you mean ipv6 negates security as devices are exposed to the internet?

 
 
 
 

Free kids accounts - trade shares and funds (NZ, US) with Sharesies (affiliate link).
vulcannz
436 posts

Ultimate Geek
Inactive user


  #1785849 22-May-2017 10:42
Send private message

jnimmo:

 

vulcannz:

 

I don't know what you're worried about/testing for - packet filter firewall tests are relevant to the 1990s - not the present.

 

 

Sorry but that is a broad sweeping statement. If more people used ShieldsUp we wouldn't have seen the rapid spread of WannaCrypt, or security cameras sitting on the public internet, etc etc.

 

 

 

 

Wannacrypt spread primarily by email phishing attacks. Users clicks an email and that links to a dropped, dropper brings in malware. The IPS portion of wannacrypt was based on an SMB attack that usually happened once a PC within a network was infected.

 

 

vulcannz
436 posts

Ultimate Geek
Inactive user


  #1785854 22-May-2017 10:50
Send private message

surfisup1000:
vulcannz:

 

I don't know what you're worried about/testing for - packet filter firewall tests are relevant to the 1990s - not the present.

 



Can you explain why?

The way routers can shield the internal network hasnt really changed for several decades.

Do you mean ipv6 negates security as devices are exposed to the internet?


 

No, I mean most of attacks have transitioned from packet/port attacks into the data payload. Having a router that does packet filtering is all fine and dandy, but the bad guys have moved on from that type of attack (well except for DoS/DDoS's which is still going to kill a packet filter). Shieldsup is nice to check for open ports, but if you use it to give you any sense of network security you're greatly mistaken.

 

A typical attack will involve phishing, a dropper, then they bring in their malware. All this is usually happening over SSL encrypted sessions.

 

 

 

 

 

 

jnimmo
1097 posts

Uber Geek


  #1785860 22-May-2017 11:00
Send private message

I don't think anyone was trying to use it as a measure of network security, but an indicator of insecurity. It is still important to know what ports are open, that you're not exposing management web interface or remote management ports.


vulcannz
436 posts

Ultimate Geek
Inactive user


  #1785861 22-May-2017 11:03
Send private message

jnimmo:

 

I don't think anyone was trying to use it as a measure of network security, but an indicator of insecurity. It is still important to know what ports are open, that you're not exposing management web interface or remote management ports.

 

 

 

 

Yeah that I understand, but still you did say "If more people used ShieldsUp we wouldn't have seen the rapid spread of WannaCrypt"

 

 

 

 

chevrolux
4962 posts

Uber Geek
Inactive user


  #1785996 22-May-2017 14:53
Send private message

I think it's great a novice is at least checking their work. And shields up is a great tool to check all the basics... key things being open dns or ntp on routers getting used in amplification attacks.
Extremely relevant these days!

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright