Ubiquiti & ShieldsUp

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Ubiquiti & ShieldsUp

IcI

328 posts

Ultimate Geek
+1 received by user: 66

Trusted

Topic # 214603 20-May-2017 00:56

For those who expose their Ubiquity router to the Internet, please run a Shields Up scan against your own device and post the results.

I'd like to know how yours compares to mine. Maybe a bit more tweaking via the CLI is required on my side.

michaelmurfy

6285 posts

Uber Geek
+1 received by user: 2735

Moderator

Trusted

Subscriber

Reply # 1785010 20-May-2017 08:56

Yeah you've got something a wee bit iffy with your firewall configuration:

Did you follow the guide in my signature?

Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router Guide | Electric Kiwi | Community UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial

Djmixerdomo

179 posts

Master Geek
+1 received by user: 32

Reply # 1785016 20-May-2017 09:21

Mine looks fine, although I was following a guide from the best

nas

166 posts

Master Geek
+1 received by user: 70

Reply # 1785020 20-May-2017 09:32

No issues with my ERL

RossT

8 posts

Wannabe Geek

Reply # 1785135 20-May-2017 13:43

All green and good - ERL and only using the default WAN rules from the intial setup.

"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests."

vulcannz

142 posts

Master Geek
+1 received by user: 15

Reply # 1785769 22-May-2017 09:27

I don't know what you're worried about/testing for - packet filter firewall tests are relevant to the 1990s - not the present.

jnimmo

What does this tag do
839 posts

Ultimate Geek
+1 received by user: 153

Subscriber

Reply # 1785798 22-May-2017 09:52

vulcannz:

I don't know what you're worried about/testing for - packet filter firewall tests are relevant to the 1990s - not the present.

Sorry but that is a broad sweeping statement. If more people used ShieldsUp we wouldn't have seen the rapid spread of WannaCrypt, or security cameras sitting on the public internet, etc etc.

surfisup1000

3068 posts

Uber Geek
+1 received by user: 824

Reply # 1785810 22-May-2017 10:16

vulcannz:
I don't know what you're worried about/testing for - packet filter firewall tests are relevant to the 1990s - not the present.

Can you explain why?

The way routers can shield the internal network hasnt really changed for several decades.

Do you mean ipv6 negates security as devices are exposed to the internet?

vulcannz

142 posts

Master Geek
+1 received by user: 15

Reply # 1785849 22-May-2017 10:42

jnimmo:

vulcannz:

I don't know what you're worried about/testing for - packet filter firewall tests are relevant to the 1990s - not the present.

Sorry but that is a broad sweeping statement. If more people used ShieldsUp we wouldn't have seen the rapid spread of WannaCrypt, or security cameras sitting on the public internet, etc etc.

Wannacrypt spread primarily by email phishing attacks. Users clicks an email and that links to a dropped, dropper brings in malware. The IPS portion of wannacrypt was based on an SMB attack that usually happened once a PC within a network was infected.

vulcannz

142 posts

Master Geek
+1 received by user: 15

Reply # 1785854 22-May-2017 10:50

surfisup1000:
vulcannz:

I don't know what you're worried about/testing for - packet filter firewall tests are relevant to the 1990s - not the present.

Can you explain why?

The way routers can shield the internal network hasnt really changed for several decades.

Do you mean ipv6 negates security as devices are exposed to the internet?

No, I mean most of attacks have transitioned from packet/port attacks into the data payload. Having a router that does packet filtering is all fine and dandy, but the bad guys have moved on from that type of attack (well except for DoS/DDoS's which is still going to kill a packet filter). Shieldsup is nice to check for open ports, but if you use it to give you any sense of network security you're greatly mistaken.

A typical attack will involve phishing, a dropper, then they bring in their malware. All this is usually happening over SSL encrypted sessions.

jnimmo

What does this tag do
839 posts

Ultimate Geek
+1 received by user: 153

Subscriber

Reply # 1785860 22-May-2017 11:00

I don't think anyone was trying to use it as a measure of network security, but an indicator of insecurity. It is still important to know what ports are open, that you're not exposing management web interface or remote management ports.

vulcannz

142 posts

Master Geek
+1 received by user: 15

Reply # 1785861 22-May-2017 11:03

jnimmo:

I don't think anyone was trying to use it as a measure of network security, but an indicator of insecurity. It is still important to know what ports are open, that you're not exposing management web interface or remote management ports.

Yeah that I understand, but still you did say "If more people used ShieldsUp we wouldn't have seen the rapid spread of WannaCrypt"

chevrolux

3038 posts

Uber Geek
+1 received by user: 858

Subscriber

Reply # 1785996 22-May-2017 14:53

I think it's great a novice is at least checking their work. And shields up is a great tool to check all the basics... key things being open dns or ntp on routers getting used in amplification attacks.
Extremely relevant these days!