NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RBR850 Massive Security Fail - Many ports responding to requests
Just bought the thing, using the latest firmware V3.2.9.2_1.2.4. Did not Disable Port Scan and DoS Protection. WAN ports respond to unsollicited requests, instead of ignoring. They do respond clo...
My test methods are more actual and simple then using DMZ. DMZ should not be use period for these kinds of tests. In most home use cases, users will not be using or configuring DMZ. Especially on a single NAT system. Again, trying to accurately test and test configuration is criticial.
II believe STEALTH ports is what GRC is looking for and reports closed ports as failures;
https://www.grc.com/faq-shieldsup.htm#STEALTH
https://www.grc.com/faq-shieldsup.htm#005
https://regmedia.co.uk/media/661.htm
I recommend you contact GRC and ask them directly what they are testing for and what they deem as passing and what is failing for there test. I don't see an example of what they deem as passing or failing. That would be helpful to see on there site.
I'll I can recommend is users open a support ticked with NG support. The more we complain about this, hopefully NG will respond.
Closed is the default behavior if you go back to the original RFC, but that’s like 30+ years ago when security was literally an afterthought.
It is not considered proper behavior by today’s standards, as it discloses the presence a device or multiple devices behind a specific IP address. The more info is disclosed, the easier it gets to find vectors for intrusion.
The GRC test shows passed when all the ports respond as stealth and ancillary stuff like ICMP remains quiet. Even most sub-$50 routers get it right.
It is not considered proper behavior by today’s standards, as it discloses the presence a device or multiple devices behind a specific IP address. The more info is disclosed, the easier it gets to find vectors for intrusion.
The GRC test shows passed when all the ports respond as stealth and ancillary stuff like ICMP remains quiet. Even most sub-$50 routers get it right.
Well Orbi is doing what it's doing currently. We can talk alday about it until were blue in the face. NG needs to address this and let us know what the deal is. Again, users needs to file a support ticket and voice your concerns about it. There nothing we can do here in the forums about it. :smileyfrustrated:
OK so I finally got some time to test this again now that v15.25 was released.
ISP modem only>RBR850 (with no devices attached accept for 1 wired Mac Book Pro 2018 OSX 10.14.6, No DMZ) and Firefox browser:
Seem the GRC is looking for ALL ports to be stealthed to get a PASSING result. The RBR850 is doing what it supposed to. I presume if other ports are seen as closed or open, then this means other devices and apps are connected to these ports. This reason why I wanted to try this again with just 1 wired PC running, no RBS, wifi devices or apps connected.
It's not just GRC looking for this, it's me and anyone else wanting a more secure network too.
I get it that it may be responding to the request to open ports by things on the LAN side, but it should only open them ON the LAN side, they should not be automatically allowed to punch through and be visible on the WAN side, and there should not be a way this cannot be blocked.
Even with UPnP disabled on the router it still opens those ports to allow things through, that is an issue for a device designed to act on the network edge. Why do you think it is that with the same devices in the home and on the network, and only swapping out a prior router for an Orbi, that this difference should occur and not be controllable/configurable; even if I map forward those ports to a specific device that has them firewalled (so the packets should be dropped and ergo stealthed in GRC), it's still giving priority to "something else" to use that port assignment - that would be wrong / bad.
I've responded to Blanca's PM.
- Amen, brother. It’s refreshing to see some people who understand basic security around here. The router should only show open or closed ports to sessions already initiated by the ***LAN side***, and not simply respond to random requests from the WAN side (and no, tracking sessions is not rocket science).
UPnP is another can of worms, I personally believe it should be disabled by default, allowing devices to poke holes in a firewall without user consent is ludicrous (and quite frankly, unless all you do is downloading torrents 24/7, the need for UPnP is highly debatable). Well seems the RBR is doing something. Wheather GRC is correct or Orbi isn't. Those are the results I got. Again when in normal operation and other devices online and connected, there will be ports being OPEN and in use and seen as such by GRC.
For all the years i've been uPnP I have had not 1 problem with it or anyone trying nefarious things with uPnP what so ever.
If your not happy or satisfied with Orbi AX and it's security, return it and find something that is to your satisfaction.
I tried replying twice yesterday and my posts didn't get through - images again I suspect.
Bottom-line, the reason you are seeing the difference now is because of the 15.25 version has fixed the issue we were raising.
After updating that, I also get the ports showing stealthed properly now even with several devices connected.
It had *nothing* to do with you running an isolated test with just 1 wired device this time.
Blanca_O - I don't know if this fix came about at all from this thread, I suspect the coding and testing was already underway for this before I started posting on it at least. Either way I'm very thankful to see this improvement, and if you would pass my thanks on to engineering please, I would appreciate it.
Try selecting the Choose File button at the bottom to attach posts.
So the new FW is working for you then?
This was reported way back in January FYI...
tantrum wrote:I tried replying twice yesterday and my posts didn't get through - images again I suspect.
Bottom-line, the reason you are seeing the difference now is because of the 15.25 version has fixed the issue we were raising.
After updating that, I also get the ports showing stealthed properly now even with several devices connected.
It had *nothing* to do with you running an isolated test with just 1 wired device this time.
Well if there is a valid app or device accessing the port, then the port would be open at the time if GRC was being tested.
Here is my GRC results with everything conneted and working normally:
Well, seems like this new version of FW is helping or chaning what had been seeing in prior versions of FW. Users will be encouraged to update.
warpdag wrote:
And I did just that, I bought into Ubiquiti (see attached photo, with UPnP enabled just to make a point, but note that a cheap/old TP-Link AP I had lying around worked just as well).
Also note that what you’re describing is incorrect, GRC shouldn’t see open ports, period. The router should track sessions and behave accordingly, i.e. if an IP knocks at a certain port but there’s no ongoing session with this IP, the response should be drop (no response), even if the port is open to service ongoing, valid sessions.Just because a port is open doesn't mean packets won't or can't be filtered and dropped because they are coming from another session, as warpdag described, thus appearing to a 3rd party like GRC like the port is still stealthed even if the network is actively communicating over it.
I think we're done here. Again, glad to see this be fixed by NG.
