Re. buggy KCode in routers

  • Release Candidate 6
    Guest:
    We are at a “proposed final” true release candidate with nothing known remaining to be changed or fixed. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

Dror Harari

Member
Sep 26, 2020
6
0
It is worth mentioning in the podcast that for the many people who get NAT'ed ('shared') internet service, even if their 20005 port is open, it will still show as closed or stealth with @Steve's ShieldsUp - and thus even though their router is problematic, they would still be safe. Still, if they go on a direct connection, they might again be exposed.
 
Last edited:
Pretty much everyone has NAT'ed Internet service. The open port is on the router, so it will show as open when using Shields Up. I think you are confusing an open port on a computer with one on the router. In this case, a direct connection to a modem would be safer than using a vulnerable router.
 
at the moment, the only thing that seems likely to happen if 20005 is open to the Internet (which in the buggy code, it's bound to all IPs so.......) is that the router will crash

BUT

one might assume that there are more flaws to be discovered and people are looking at this now. It's whether it can be weaponised against SoHo users is the bigger question.....especially if you have default username/password at your perimeter on these boxes....
 
Pretty much everyone has NAT'ed Internet service. The open port is on the router, so it will show as open when using Shields Up. I think you are confusing an open port on a computer with one on the router. In this case, a direct connection to a modem would be safer than using a vulnerable router.
Michael, Lob - I think both of you mis-read me, which likely means I did not explain myself correctly - if you think I'm wrong let me know.

When I'm saying "many people who get NAT'ed ('shared') internet service" I mean that they connect to an ISP but they get an IP address behind a NAT at the ISP. That is the common case today due to the crunch on IPv4 addresses (to get a non-ISP-NAT'ted address we have to pay few bucks more per month). Thus, there is no way for ShieldsUp! to get at my home router at port 200005 directly as there needs to be an outgoing connection from my router on that port for anything to get to it. What ShieldUp! see is the big NAT router of the ISP which I am pretty sure does not have port 20005 open.
 
Michael, Lob - I think both of you mis-read me, which likely means I did not explain myself correctly - if you think I'm wrong let me know.

When I'm saying "many people who get NAT'ed ('shared') internet service" I mean that they connect to an ISP but they get an IP address behind a NAT at the ISP. That is the common case today due to the crunch on IPv4 addresses (to get a non-ISP-NAT'ted address we have to pay few bucks more per month). Thus, there is no way for ShieldsUp! to get at my home router at port 200005 directly as there needs to be an outgoing connection from my router on that port for anything to get to it. What ShieldUp! see is the big NAT router of the ISP which I am pretty sure does not have port 20005 open.
For everyone's clarity sake, you're referring to CG-NAT (or Carrier-Grade Network Address Translation).