3

Consider the following situation: In a LAN the router is configured to forward one incoming port from the WAN to a specific local ip-address/port.

My question is, how is the security in this situation impacted compared to a router, which does not perform port forwarding, when

  1. the ip-address configured for forwarding is not used in the LAN
  2. the ip-address configured for forwarding is available in the LAN, but no application is listening on the port

What are possible security risks/attack vectors for cases 1 and 2?

oh.dae.su
  • 256
  • 3
  • 9

1 Answers1

3

Risks? Almost none.

The expected responses are:

On case 1:

  • router returns Destination Unreachable message to the client
  • router ignores packet and let the connection time out on the client

On case 2:

  • Computer sends back a TCP RST and drops the connection
  • Computer ignores packet and let the connection time out

If you have a router without port forward, but with NAT, unless the internal service uses STUN, UPnP or another NAT traversal tool, they are essentially inaccessible. Packets will reach the router, which don't have that port open, and router resets the connection.

If you have a router without port forwarding and you have public IP addresses on all your computers, you will expose all of them to the Internet. Without a firewall protecting them, you are inviting trouble with big, bright neon billboards...

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142