<div dir="ltr">"...<span style="font-size:12.8px">because there was a port-forward in the residential gateway..."</span><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">That's unrelated to the original query that started this thread. A user (or device via UPnP, I suppose) had to have configured that port forward. What happened there has nothing to do with default firewall behavior in SOHO routers.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I could spout off personal experience but hard data would be better, and I have none of that to contribute, unfortunately. Probably the best approach would be for some group to spend a few thousand $currency and purchase a load of SOHO routers for testing. I would hope that data would eventually be published publicly, as it would be highly valuable.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I believe there was an offer further up the thread for the IETF to pick up this work? I am not part of the relevant working group, but I would find this data to be useful.</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 1, 2017 at 2:18 PM, Mikael Abrahamsson <span dir="ltr"><<a href="mailto:swmike@swm.pp.se" target="_blank">swmike@swm.pp.se</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Wed, 1 Mar 2017, Nick Buraglio wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Is this actually a realistic fear?<br>
</blockquote>
<br></span>
Let me put it this way, I have personally found an anon-ftp server with company confidential documents on it, that was reachable from the outside without the owners knowledge, because there was a port-forward in the residential gateway that the owner wasn't actively aware of, and the NAS had anon-ftp turned on without the owners active knowledge.<br>
<br>
So google had indexed all files on this NAS. I contacted the person (did some digging using pictures etc on this NAS) via their employer, and talked to the person who had no idea.<br>
<br>
Now, with unfiltered IPv6 it would be harder to actually find this NAS, but once found, there is no need for port forward for it to be reachable from the Internet.<br>
<br>
So yes, I can understand the fear and I agree that it's realistic. That's why most ISPs have chosen to have stateful filtering toward the customers by default.<div class="HOEnZb"><div class="h5"><br>
<br>
-- <br>
Mikael Abrahamsson email: <a href="mailto:swmike@swm.pp.se" target="_blank">swmike@swm.pp.se</a><br>
</div></div></blockquote></div><br></div>