| Increase Security By Disabling USB Ports » |
Router Security from Port Scans
10/01/18
Router Security from Port Scans
The last few days I have been noticing an increasing number of port scans against our server’s router.
Port scans in and of themselves do not represent much of a bandwidth hit, unless they are part of a wider bot net.
If a bot net is large, includes many many slave computers and hits a router with hundreds or thousands of scans per second, then it can quickly become a DDoS attack.
Overwhelming the routers internal CPU’s ability to process the requests, along with legitimate traffic requests and shutting down the network.
Follow up:
A port scan is a computer or a bot testing the water, a probe if you will, checking to see if there are any open ports on a router or network. This information would be sent back to the master for later use in some type of exploit attack.
The scans we have been experiencing lately are from one or two IP addresses at a time, about 10 to 20 hits per second. Scanning our systems for open ports.
This of course has forced us to double down and recheck our port configuration and port security to minimize vulnerability and access.
Every system or network that is accessible from the Internet will be scanned at some point; usually you wont even notice them. That is until it is a bot net doing it and the scans keep coming wave after wave for hours or days on end.
There are steps you can take to minimize the effects these scans have on your systems and prevent vulnerable ports from being discovered.
Turn off PING REQUEST, unless there is a legitimate reason you need your router or network to respond to PING’s from the internet, turn this function off in your routers Firewall or Administration functions.
Change the administrator username (if possible) and of course never use the default password, always change the password.
Disable remote management of your router, unless you absolutely need it, if you do, force remote management to a port away from the default 8080 and restrict access to the known IP address of the remote admin.
Close all ports you are not using. Best case is to set your router to default all ports closed and then case by case open the ones you need.
Case in point if you run a web server and a mail server from your router you would need to open only ports 80 for web traffic, 443 for secured web traffic, 25 for SMTP and 110 for POP for the mail server.
Unless you need to use it, and if you do, you already know it, turn off Universal Plug and Play or UPnP.
It is a good idea, when not actively using it to turn off logging. Keeping logs of incoming and outgoing traffic in the router itself uses precious router CPU cycles and draws down the routers ability to process requests in a timely fashion.
Keep your routers firmware updated. You can check the manufacturers website with your model number to see if updates are available and install them from the routers internal administration. Many modern routers have the ability to call home to their manufacturer and check for updates themselves. You will still need to start this process from the routers internal admin.
Change the routers internal LAN IP address structure, most routers use the default of 192.168.1.XX you should change that to something else, 192.168.0.XX or 10.0.0.XX or what ever structure you prefer.
Never use a router supplied by your ISP, they are typically less secure, not as easily configured and most often have a hard coded remote management or support credentials in them.
If your router is a wireless model, turn of WPS, WiFi Protected Setup, this function was supposed to make it easier for users of the local network to more easily setup a connection using a PIN number. However there have been some vulnerability discovered in some of the manufacturers implementations of this function, so it is best just to turn it off. It is rarely used anyway.
Turn off services you wont use, actually, it is best to disable pretty much all services and enable only the ones you will need. Services like Telnet, SSH, FTP and HNAP to name a few. If you don’t already know you need them on, you don’t need them on.
Also, for the IT and Linux guys, I am an open source kinda guy, I love open source, it is the big wide world of wonders at our fingertips that we can all contribute to. There are custom router firmwares available, Linux-based, community-maintained firmware projects for a wide range of home routers. OpenWRT, DD-WRT and Asuswrt-Merlin (for Asus routers only) are a few of the more popular ones. These are open source and community maintained, so they are more likely to be quicker to respond with updates and patches when vulnerabilities or new features are found or added. These firmware packages often have more flexibility and features than do the vendor supplied firmware.
Because these firmware packages are aimed at enthusiasts, the number of devices that use them is much lower compared to those that run vendor-supplied firmware. This makes widespread attacks against custom firmware less likely. However, it's very important to keep in mind that loading custom firmware on a router requires a fair amount of technical knowledge, will likely void its warranty and, if done incorrectly, can render the device unusable. You have been warned!
If you spend a little time in your router configuration you can harden it against port scans, and most Internet attacks. Nothing is impervious but taking steps to prevent port scanners from finding vulnerabilities in the first place will help to keep your network and data safe.
Like Computer Care on FaceBook
Follow us on Twitter
computer Care on Pinterest
computer Care on instagram
Visit the Computer Care Catalog Online for all your part needs.
Bookmark this article at
No feedback yet
Comment feed for this postLeave a comment
