Just bought the thing, using the latest firmware V3.2.9.2_1.2.4. Did not Disable Port Scan and DoS Protection. WAN ports respond to unsollicited requests, instead of ignoring. They do respond closed, but still, the safe behavior should be no response at all, i.e. stealth. Try for yourself: https://www.grc.com/x/ne.dll?bh0bkyd2 This is really basic security stuff... just saying.

Closed is the default behavior if you go back to the original RFC, but that’s like 30+ years ago when security was literally an afterthought.It is not considered proper behavior by today’s standards, as it discloses the presence a device or multiple devices behind a specific IP address. The more info is disclosed, the easier it gets to find vectors for intrusion.The GRC test shows passed when all the ports respond as stealth and ancillary stuff like ICMP remains quiet. Even most sub-$50 routers get it right.

Blanca_O - I don't know if this fix came about at all from this thread, I suspect the coding and testing was already underway for this before I started posting on it at least. Either way I'm very thankful to see this improvement, and if you would pass my thanks on to engineering please, I would appreciate it.

Using Shields Up from the grc website with the current firmware available (not available for manual download) I received a "passed" having achieved true stealth analysis for all service ports. We are indeed done with this thread.

It's not just GRC looking for this, it's me and anyone else wanting a more secure network too. I get it that it may be responding to the request to open ports by things on the LAN side, but it should only open them ON the LAN side, they should not be automatically allowed to punch through and be visible on the WAN side, and there should not be a way this cannot be blocked. Even with UPnP disabled on the router it still opens those ports to allow things through, that is an issue for a device designed to act on the network edge. Why do you think it is that with the same devices in the home and on the network, and only swapping out a prior router for an Orbi, that this difference should occur and not be controllable/configurable; even if I map forward those ports to a specific device that has them firewalled (so the packets should be dropped and ergo stealthed in GRC), it's still giving priority to "something else" to use that port assignment - that would be wrong / bad. I've responded to Blanca's PM.

Just because a port is open doesn't mean packets won't or can't be filtered and dropped because they are coming from another session, as warpdag described, thus appearing to a 3rd party like GRC like the port is still stealthed even if the network is actively communicating over it. I think we're done here. Again, glad to see this be fixed by NG.

RBR850 Massive Security Fail - Many ports responding to requests

31 Replies

Replies have been turned off for this discussion

FURRYe38
Guru
Jan 25, 2020
Thanks for letting us know. I and others have already seen this and reported it to NG. No responce as of yet. Hopefully someone will check in to this.
- warpdag
  Apprentice
  Jan 25, 2020
  Added a screenshot just in case. Firmware is obviously far from being ready for prime time.
  - FURRYe38
    Guru
    Jan 25, 2020
    Thanks.
FURRYe38
Guru
May 24, 2020
Yes, I think were done. FW has been updated and seems it was finally fixed. Thank you NG.

I recommend users update there FW if there concerned about Orbi security.

Good Luck and enjoy.
- dglsmcd_USMC
  Luminary
  May 25, 2020
  Using Shields Up from the grc website with the current firmware available (not available for manual download) I received a "passed" having achieved true stealth analysis for all service ports. We are indeed done with this thread.
  - FURRYe38
    Guru
    May 25, 2020
    Thanks for letting know what you see as well.
    
    Enjoy.

Forum Discussion

RBR850 Massive Security Fail - Many ports responding to requests