EdgeRouter X Stealth Failure

  • Release Candidate 6
    Guest:
    We are at a “proposed final” true release candidate with nothing known remaining to be changed or fixed. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Announcing “BootAble” – GRC's New Boot-Testing Freeware
    Please see the BootAble page at GRC for the whole story.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)


Ceyarrecks

Active member
Sep 29, 2020
27
2
Excuse me Please:

I just ran Shields UP! and received a single Failure in the following:
Code:
Unsolicited Packets: RECEIVED (FAILED) — Your system's personal security countermeasures
unwisely attempted to probe us in response to our probes. While some users believe that
"tracking down" the source of Internet probes is useful, experience indicates that there
is little to gain and potentially much to lose. The wisest course of action is to
simulate nonexistence — which your system has failed to do. Your counter-probes
immediately reveal your system's presence and location on the Internet.

I am, however, uncertain how the above stated functionality is enabled. The Firewall/NAT section of the UI does not have anything in it that suggests "respond to unsolicited..."
I recently updated to the most recent firmware: EdgeRouter X v2.0.9-hotfix.1 but am also uncertain if this has any bearing as I rather forget the results of SU in times past.
Is anyone intimately familiar with ER-X OS to advise? I am a most dysfunctional technician. :(

p.s.
I do realize I can contact Ubiquity on this, I am hoping here I may receive better understanding/vocabulary that I might contact them with. also, I am awaiting thier response to my current ticket on their 2017 expired UI certificate.
 
Last edited by a moderator:
I would ask the manufacturers, alternatively, could it be your ISP seeing your NAKs to the probes and investigating further?
 
Alan brings up a good point, it may not be anything on your network causing this issue. Your ISP (or your modem) could be generating this issue (if your ISP has some network defense stuff, the scan might be causing this)
 
no "port" is mentioned. just says "personal security countermeasures" sooo umm,... phase of the moon? relative humidity? Neutrino count? I do not know.
I am uncertain how an email to an OEM/ISP would go, asking "something vague & ambiguous regarding counter measures is occurring."
Hence my post to determine WHAT "counter measures" the SU! interface is referring to; it does not give any additional information beyond the above copied error. repeated today, same result, all Service ports stealthed, but,.. I have had Sprint WISP for a considerable length of time, and do not recall this issue in the past. Identifying WHAT is being detected would be a good place for me to start then I can address the appropriate venue.
 
I don't know what your network topology is, but do you have any devices between this Edge Router and your ISP? e.g. a separate modem. If so, one way would be to connect a PC on the ISP side of the Edge Router and run Wireshark on that segment. That should show you if your Edge Router is actually sending out any counter measures, or whether they come from further upstream, e.g. your ISP's network.
 
appropriate Q @AlanD !! to detail first your initial Q: WISP modem(w/ built-in router) -> ERX -> switch -> PC. I am still trying to figure out a recent change to overall performance of Internet connectivity, so I went into the WISP modem settings (LG6100D-1SNNAS) [it has been many months, if not a year since last I was here] and 1. reset its DNS to CloudFlare's .3s and noticed Port Forwarding was *ON* (nothing listed to forward, just ON) so I disabled, Saved, rebooted device, and in re-running SU! the results now show 100% Pass on all tests.
Not sure if this one setting had that much effect; but there has been a beneficial change. I so hate stumbling around in the dark like this.
Thank you for being the sounding board(s) whilst I stumbled.
 
noticed Port Forwarding was *ON* (nothing listed to forward, just ON) so I disabled, Saved, rebooted device, and in re-running SU! the results now show 100% Pass on all tests.
That could be it. If Port forwarding was on, the router might be searching for a forwarding entry, and then responding with "Service not available" or similar when it doesn't find one, whilst if forwarding is off, it just ignores any requests.
 
appropriate Q @AlanD !! to detail first your initial Q: WISP modem(w/ built-in router) -> ERX -> switch -> PC. I am still trying to figure out a recent change to overall performance of Internet connectivity, so I went into the WISP modem settings (LG6100D-1SNNAS) [it has been many months, if not a year since last I was here] and 1. reset its DNS to CloudFlare's .3s and noticed Port Forwarding was *ON* (nothing listed to forward, just ON) so I disabled, Saved, rebooted device, and in re-running SU! the results now show 100% Pass on all tests.
Not sure if this one setting had that much effect; but there has been a beneficial change. I so hate stumbling around in the dark like this.
Thank you for being the sounding board(s) whilst I stumbled.
I have an ER-X router (v 1.10.10) and would appreciate knowing how exactly you were able to disable Port Forwarding and then Save. I went to Firewall | Port Forwarding | Show Advanced Options and unchecked "Enable auto firewall", but there is no Save button. I tried the Apply button, but keep getting "failure to apply".
 
I have an ER-X router (v 1.10.10) and would appreciate knowing how exactly you were able to disable Port Forwarding and then Save. I went to Firewall | Port Forwarding | Show Advanced Options and unchecked "Enable auto firewall", but there is no Save button. I tried the Apply button, but keep getting "failure to apply".
please forgive my delay in replying. just as a note, might want to first upgrade your firmware to the latest v2.0.9-hotfix.1 [found here: https://www.ui.com/download/edgemax/edgerouter-x ]
as far as "how" I was able to accomplish said functionality, at this point, I am uncertain which "router" GRC is testing; i kinda think it is the router built into the WISP modem. in either case, i recall having setup my ER-X as secure as I knew to do so, but as it has been so many years, I have long since forgotten the process used. I could, however, email you the 3.3kb config backup file of my setup. I am sorry I can not explain my setup further :(
if firmware upgrade does not help, we could try the config file emailing,.. let me know either way,...