On 13/12/2018 00:01, Martin Gregorie wrote:
> On Wed, 12 Dec 2018 22:37:56 +0000, mm0fmf wrote:
>
>> On 12/12/2018 11:44, Martin Gregorie wrote:
>>> As another, slightly paranoid, precaution I have my ADSL router locked
>>> up really tightly. Its configured to reject all attempts to connect
>>> through it from the outside. In fact it can't be seen at all from
>>> outside: this is checked periodically with Gibson Lab's ShieldsUp tool.
>>
>> And have you checked for "port knocking"?
>
> Yep  -there are three sites I routinely use to check my IP from the
> outside:
>
> 1) GRC ShieldsUp! reports all to be locked up and invisible. It sends UPnP
> Simple Service Discovery Protocol (SSDP) M-SEARCH UDP packets to your
> address and reportes no responses returned.
>
> 2) yashy - http://www.crypto.yashy.com/nmap.php - doesn't do anything,
> but, as it has done bugger all each time I've used it over the last few
> years, its not obvious whether it is broken, abandoned or simply stalls
> forever if it gets no response from the IP its hitting on.
>
> 3) What's my IP - http://www.whatsmyip.org/ - runs a set of tests against
> the requesting site: scans four different sets of ports, runs a
> traceroute, tests your browser's HTTP compression, pings the requesting IP
> and runs whois, reports DNS, reverse DNS, and SPF info.
>
> None of the port scans, traceroute and pings etc get any answer from my
> IP while whois, reverse DNS and SPF reveal only what I've allowed my
> domain host to show.
>
> host lookups and reverse lookups only reveal the name of my broadband
> provider. The only other thing I can think is mail headers, which will
> show who my ISP is - but thats the nature of email and I can live with
> that: the main thing is that my IP acts exactly the same from the outside
> regardless of whether my ADSL router is up and running or shut down and
> powered off.
>
> So, yep I reckon my home IP is locked down fairly well.
>
>
So you don't know what port knocking is then!

Port knocking is when you access an apparent random set of ports in a
specific order on the WAN side and the router software opens up an
inbound port to the LAN side or gains root access to the firmware.
Typically used by ISPs et al. to adjust user router configurations.
Again, after the port knock sequence the magic access will close itself
off if you don't access the opened port in time or when you disconnect.
It allows completely invisible access to those who know the knock sequence.

The result is people run a GRC test (which is useful) see all green
stealthy ports and think they are safe. It is the primary reason never
to use a router provided by your ISP. For those of us on things like
Virgin Cable where the modem and router are provided, you always run the
Virgin box in modem mode only and hang another cable router on the
output. Virgin can play to their heart's content with the modem but they
can't do anything to the LAN side due to another firewall/NAT box etc.

The point being, if you don't know and control the software in the thing
connects you to the internet then you are nowhere near as secure as you
may think you are irrespective of what you have done to the user
accessible features.

--- SoupGate-Win32 v1.05