EdgeRouter X Stealth Failure

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

Ceyarrecks

Active member
Sep 29, 2020
27
3
Excuse me Please:

I just ran Shields UP! and received a single Failure in the following:
Code:
Unsolicited Packets: RECEIVED (FAILED) — Your system's personal security countermeasures
unwisely attempted to probe us in response to our probes. While some users believe that
"tracking down" the source of Internet probes is useful, experience indicates that there
is little to gain and potentially much to lose. The wisest course of action is to
simulate nonexistence — which your system has failed to do. Your counter-probes
immediately reveal your system's presence and location on the Internet.

I am, however, uncertain how the above stated functionality is enabled. The Firewall/NAT section of the UI does not have anything in it that suggests "respond to unsolicited..."
I recently updated to the most recent firmware: EdgeRouter X v2.0.9-hotfix.1 but am also uncertain if this has any bearing as I rather forget the results of SU in times past.
Is anyone intimately familiar with ER-X OS to advise? I am a most dysfunctional technician. :(

p.s.
I do realize I can contact Ubiquity on this, I am hoping here I may receive better understanding/vocabulary that I might contact them with. also, I am awaiting thier response to my current ticket on their 2017 expired UI certificate.
 
Last edited by a moderator:

AlanD

Well-known member
Sep 18, 2020
224
73
Rutland UK
I would ask the manufacturers, alternatively, could it be your ISP seeing your NAKs to the probes and investigating further?
 

miquelfire

I like red!
Sep 26, 2020
51
5
www.miquelfire.red
Alan brings up a good point, it may not be anything on your network causing this issue. Your ISP (or your modem) could be generating this issue (if your ISP has some network defense stuff, the scan might be causing this)
 

Ceyarrecks

Active member
Sep 29, 2020
27
3
no "port" is mentioned. just says "personal security countermeasures" sooo umm,... phase of the moon? relative humidity? Neutrino count? I do not know.
I am uncertain how an email to an OEM/ISP would go, asking "something vague & ambiguous regarding counter measures is occurring."
Hence my post to determine WHAT "counter measures" the SU! interface is referring to; it does not give any additional information beyond the above copied error. repeated today, same result, all Service ports stealthed, but,.. I have had Sprint WISP for a considerable length of time, and do not recall this issue in the past. Identifying WHAT is being detected would be a good place for me to start then I can address the appropriate venue.
 

AlanD

Well-known member
Sep 18, 2020
224
73
Rutland UK
I don't know what your network topology is, but do you have any devices between this Edge Router and your ISP? e.g. a separate modem. If so, one way would be to connect a PC on the ISP side of the Edge Router and run Wireshark on that segment. That should show you if your Edge Router is actually sending out any counter measures, or whether they come from further upstream, e.g. your ISP's network.
 

Ceyarrecks

Active member
Sep 29, 2020
27
3
appropriate Q @AlanD !! to detail first your initial Q: WISP modem(w/ built-in router) -> ERX -> switch -> PC. I am still trying to figure out a recent change to overall performance of Internet connectivity, so I went into the WISP modem settings (LG6100D-1SNNAS) [it has been many months, if not a year since last I was here] and 1. reset its DNS to CloudFlare's .3s and noticed Port Forwarding was *ON* (nothing listed to forward, just ON) so I disabled, Saved, rebooted device, and in re-running SU! the results now show 100% Pass on all tests.
Not sure if this one setting had that much effect; but there has been a beneficial change. I so hate stumbling around in the dark like this.
Thank you for being the sounding board(s) whilst I stumbled.
 

AlanD

Well-known member
Sep 18, 2020
224
73
Rutland UK
noticed Port Forwarding was *ON* (nothing listed to forward, just ON) so I disabled, Saved, rebooted device, and in re-running SU! the results now show 100% Pass on all tests.
That could be it. If Port forwarding was on, the router might be searching for a forwarding entry, and then responding with "Service not available" or similar when it doesn't find one, whilst if forwarding is off, it just ignores any requests.
 

gordosity

Gordon Colquhoun, Dunrobin, Ontario
Sep 17, 2020
4
2
appropriate Q @AlanD !! to detail first your initial Q: WISP modem(w/ built-in router) -> ERX -> switch -> PC. I am still trying to figure out a recent change to overall performance of Internet connectivity, so I went into the WISP modem settings (LG6100D-1SNNAS) [it has been many months, if not a year since last I was here] and 1. reset its DNS to CloudFlare's .3s and noticed Port Forwarding was *ON* (nothing listed to forward, just ON) so I disabled, Saved, rebooted device, and in re-running SU! the results now show 100% Pass on all tests.
Not sure if this one setting had that much effect; but there has been a beneficial change. I so hate stumbling around in the dark like this.
Thank you for being the sounding board(s) whilst I stumbled.
I have an ER-X router (v 1.10.10) and would appreciate knowing how exactly you were able to disable Port Forwarding and then Save. I went to Firewall | Port Forwarding | Show Advanced Options and unchecked "Enable auto firewall", but there is no Save button. I tried the Apply button, but keep getting "failure to apply".
 

Ceyarrecks

Active member
Sep 29, 2020
27
3
I have an ER-X router (v 1.10.10) and would appreciate knowing how exactly you were able to disable Port Forwarding and then Save. I went to Firewall | Port Forwarding | Show Advanced Options and unchecked "Enable auto firewall", but there is no Save button. I tried the Apply button, but keep getting "failure to apply".
please forgive my delay in replying. just as a note, might want to first upgrade your firmware to the latest v2.0.9-hotfix.1 [found here: https://www.ui.com/download/edgemax/edgerouter-x ]
as far as "how" I was able to accomplish said functionality, at this point, I am uncertain which "router" GRC is testing; i kinda think it is the router built into the WISP modem. in either case, i recall having setup my ER-X as secure as I knew to do so, but as it has been so many years, I have long since forgotten the process used. I could, however, email you the 3.3kb config backup file of my setup. I am sorry I can not explain my setup further :(
if firmware upgrade does not help, we could try the config file emailing,.. let me know either way,...