Kitz Forum
Computer Software => Security => Topic started by: Weaver on August 04, 2015, 08:01:51 PM
-
Would anyone be willing to help penetration test my router? That is, scan it and try to break in to it for me.
I realise any helpful kitizen might want some reassurance, which I would need to work out for you, somehow, not quite sure how to do that? Any suggestions?
Actually, failing that I wonder if there are any online services out there that are actually any good. The ones I've tried have been very basic and not very useful in inspiring confidence.
-
I bet I can break it, I have a few large hammers :P
Have you tried Shields Up (https://www.grc.com/x/ne.dll?bh0bkyd2)
-
I have used Shields Up, yes. A decent tool.
-
b*cat has, in the past, when requested, run nmap scans on fellow Kitizens' lines. :)
-
Burakkucat, would you be willing to test <IPv4 & IPv6 available on req> ? = my firebrick
much appreciated
-
A sneaky, ping-less, scan of all 65536 software ports of your IPv4 address is currently in progress. ;)
-
Not great, certainly not stealthed:
Host is up (0.070s latency).
Not shown: 65527 closed ports
PORT STATE SERVICE VERSION
25/tcp filtered smtp
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
3544/tcp filtered unknown
Too many fingerprints match this host to give specific OS details
Network Distance: 12 hops
-
@underzone - thanks for that, does "filtered" mean that icmp error packets are coming back related to those ports?
-
No, the report is just showing that ports are accessible. Hackers would then try to exploit such ports. A more advanced firewall would be able to stealth any open ports to an IP port scan. Really you want to be invisible. So when port scanned you would appear 'Down'.
Initiating Ping Scan at 22:21
Scanning 81.??.??.?? [7 ports]
Completed Ping Scan at 22:21, 0.09s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 22:21
Completed Parallel DNS resolution of 1 host. at 22:21, 0.01s elapsed
Initiating SYN Stealth Scan at 22:21
Scanning ??.??.81.in-addr.arpa (81.??.??) [1000 ports]
Completed SYN Stealth Scan at 22:21, 3.20s elapsed (1000 total ports)
Initiating UDP Scan at 22:21
Scanning [1000 ports]
Discovered open port 500/udp on 81.??.??
Completed UDP Scan at 22:21, 5.51s elapsed (1000 total ports)
Initiating Service scan at 22:21
Scanning 999 services on ??.??.81.in-addr.arpa (81.??.??)
Service scan Timing: About 0.30% done
-
I've made a change due to Underzone's findings. Thanks! :-) :-)
-
Change <rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="reject" comment="Default firewall rule for traffic to LAN">
to <rule-set name="Firewall: LAN" target-interface="LAN" no-match-action="drop" comment="Default firewall rule for traffic to LAN">
;)
-
Someone has a PM to read . . . ;)
-
@crazyteeka - thanks. I realised that what I had done wasn't ideal. Made just the very change you suggested.
-
Guys, very very kind of you to give your time, improvements made.