question regarding over the counter devices

Sean Hunter jamesb2147 at gmail.com
Wed Mar 1 22:56:59 CET 2017 

"...because there was a port-forward in the residential gateway..."

That's unrelated to the original query that started this thread. A user (or
device via UPnP, I suppose) had to have configured that port forward. What
happened there has nothing to do with default firewall behavior in SOHO
routers.

I could spout off personal experience but hard data would be better, and I
have none of that to contribute, unfortunately. Probably the best approach
would be for some group to spend a few thousand $currency and purchase a
load of SOHO routers for testing. I would hope that data would eventually
be published publicly, as it would be highly valuable.

I believe there was an offer further up the thread for the IETF to pick up
this work? I am not part of the relevant working group, but I would find
this data to be useful.

On Wed, Mar 1, 2017 at 2:18 PM, Mikael Abrahamsson <swmike at swm.pp.se> wrote:

> On Wed, 1 Mar 2017, Nick Buraglio wrote:
>
> Is this actually a realistic fear?
>>
>
> Let me put it this way, I have personally found an anon-ftp server with
> company confidential documents on it, that was reachable from the outside
> without the owners knowledge, because there was a port-forward in the
> residential gateway that the owner wasn't actively aware of, and the NAS
> had anon-ftp turned on without the owners active knowledge.
>
> So google had indexed all files on this NAS. I contacted the person (did
> some digging using pictures etc on this NAS) via their employer, and talked
> to the person who had no idea.
>
> Now, with unfiltered IPv6 it would be harder to actually find this NAS,
> but once found, there is no need for port forward for it to be reachable
> from the Internet.
>
> So yes, I can understand the fear and I agree that it's realistic. That's
> why most ISPs have chosen to have stateful filtering toward the customers
> by default.
>
>
> --
> Mikael Abrahamsson    email: swmike at swm.pp.se
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20170301/5737d5b5/attachment-0001.html

More information about the ipv6-ops mailing list