0

My router's firewall was set to accept incoming traffic for about 48 hours. Misconfiguration from a user, apparently.

I have few devices on the network (two Windows PC, Freenas, printer, chromecast TV). The firewall logs were disabled. No default login/password on any device, except for one (guest Windows account without password).

What is the potential damage? How do I assess it? I don't know where to start.

Rocket
  • 1
  • even without the firewall, how would something from the internet reach local devices w/o port forwarding or an explicit DMZ? Seems a stretch to worry about low-value targets being momentarily "exposed". – dandavis Feb 09 '21 at 20:58
  • What kind of router is this? Do you even have public reachable addresses inside the LAN (i.e. no NAT). Where there any port forwardings or exposed systems setup? See also [Vulnerabilities of pure NAT without firewall](https://security.stackexchange.com/questions/104310/vulnerabilities-of-pure-nat-without-firewall). – Steffen Ullrich Feb 09 '21 at 21:07
  • @dandavis I worried too much about the incoming traffic that I forgot about the port forwarding. Thanks for pointing that out. – Rocket Feb 09 '21 at 21:09
  • @SteffenUllrich Edge Router. No public reachable address. Few very specific port forwarding rules. Nothing too broad. I was worried about potential remote access. – Rocket Feb 09 '21 at 21:19
  • In this case the potential impact likely only depends on the specific port forwarding rules since the rest is implicitly protected by NAT. – Steffen Ullrich Feb 09 '21 at 21:56

0 Answers0