Internet Firewall Importance

[nfr]

I occasionally look at the firewall logs to determine what vulnerabilities are being exploited on the internet. Here is a quick summary of what traffic is being seen on the internet by my router.

Ports Scanned and Approx Percentage Seen 12-30-2016
TCP
60% 23, 2323, 23231 Telnet
15% 80, 8080, 8088, 8888, 8123, 8585, 1080 HTTP
5% 443 HTTPS
3% 22 SSH
UDP
5% 5060 SIP
4% 1900 UPnP
1% 53 DNS
1% 123 NTP
1% 137 NetBIOS-NS
5% Other TCP/UDP

I recommend you secure any services that are on this list promptly. I also recommend creating firewall rules at the internet facing router to block TCP and UDP ports 135 to 139, 445, 389 incoming and outgoing to prevent Windows file and print shares from leaking passwords or information to the internet. As well as port TCP port 23 incoming and outgoing to prevent insecure Telnet from use on the internet. Some ISP's filter 135 to 139 hopefully 23 will in the near future.

Here is my plastic box router setup guide (not in order of importance).
1 - Upgrade router firmware
2 - Check that remote management over the internet is disabled
3 - Turn on WPA Wi-Fi encryption
4 - Turn off WPS Wi-Fi setup
5 - Turn off UPnP support
6 - Do not to use the default IP ranges such as 192.168.0.1 if possible
7 - Change the password

[dbuckley]

All good advice.

Then point a web browser to Gibson Research Shields Up and test for all service ports. Any ports that show up as red (open) you should be able to explain why they are open.

Gibson Research (ie Steve Gibson) are not without controversy, but their shields up test is a very easy and quick test to find obvious problems with inbound ports.

[Bill DeFelice]

Gibson Research (ie Steve Gibson) are not without controversy, but their shields up test is a very easy and quick test to find obvious problems with inbound ports.

Just curious why Gibson might be considered controversial. I've used his Spinrite program as well as his ShieldsUp test and haven't noticed much ado in my travels.

[dbuckley]

Just curious why Gibson might be considered controversial.

The security community has a mixed view on him, this, for example, and there used to be a website entitled grcsucks.com, which can be found on the waaaaayback machine. But certainly he provides useful tools; I use Shields Up!, and his password generator works for me.

[Deep Thought]

He has (had?) a tendency to talk out of his........hat........about some computer security issues which was seen mostly as hucksterism driving people to his site and products. That didn't endear him to the larger security community which then had to spend time refuting some of his assertions.

[Bill DeFelice]

Thanks for the background there. Hadn't heard of it previously.

[Deep Thought]

It was awhile ago (early 00's).

[Dude111]

I have blackice and although my ISP has a filter in place SOME STUFF still comes thru to blackice.. (It has SMART FILTERING ENABLED) not much though...

I have port 113 blocked totally as well as ports 137,138 and 139