Re. buggy KCode in routers

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

Dror Harari

Member
Sep 26, 2020
6
0
It is worth mentioning in the podcast that for the many people who get NAT'ed ('shared') internet service, even if their 20005 port is open, it will still show as closed or stealth with @Steve's ShieldsUp - and thus even though their router is problematic, they would still be safe. Still, if they go on a direct connection, they might again be exposed.
 
Last edited:
Pretty much everyone has NAT'ed Internet service. The open port is on the router, so it will show as open when using Shields Up. I think you are confusing an open port on a computer with one on the router. In this case, a direct connection to a modem would be safer than using a vulnerable router.
 
at the moment, the only thing that seems likely to happen if 20005 is open to the Internet (which in the buggy code, it's bound to all IPs so.......) is that the router will crash

BUT

one might assume that there are more flaws to be discovered and people are looking at this now. It's whether it can be weaponised against SoHo users is the bigger question.....especially if you have default username/password at your perimeter on these boxes....
 
Pretty much everyone has NAT'ed Internet service. The open port is on the router, so it will show as open when using Shields Up. I think you are confusing an open port on a computer with one on the router. In this case, a direct connection to a modem would be safer than using a vulnerable router.
Michael, Lob - I think both of you mis-read me, which likely means I did not explain myself correctly - if you think I'm wrong let me know.

When I'm saying "many people who get NAT'ed ('shared') internet service" I mean that they connect to an ISP but they get an IP address behind a NAT at the ISP. That is the common case today due to the crunch on IPv4 addresses (to get a non-ISP-NAT'ted address we have to pay few bucks more per month). Thus, there is no way for ShieldsUp! to get at my home router at port 200005 directly as there needs to be an outgoing connection from my router on that port for anything to get to it. What ShieldUp! see is the big NAT router of the ISP which I am pretty sure does not have port 20005 open.
 
Michael, Lob - I think both of you mis-read me, which likely means I did not explain myself correctly - if you think I'm wrong let me know.

When I'm saying "many people who get NAT'ed ('shared') internet service" I mean that they connect to an ISP but they get an IP address behind a NAT at the ISP. That is the common case today due to the crunch on IPv4 addresses (to get a non-ISP-NAT'ted address we have to pay few bucks more per month). Thus, there is no way for ShieldsUp! to get at my home router at port 200005 directly as there needs to be an outgoing connection from my router on that port for anything to get to it. What ShieldUp! see is the big NAT router of the ISP which I am pretty sure does not have port 20005 open.
For everyone's clarity sake, you're referring to CG-NAT (or Carrier-Grade Network Address Translation).