0

My router's firewall was set to accept incoming traffic for about 48 hours. Misconfiguration from a user, apparently.

I have few devices on the network (two Windows PC, Freenas, printer, chromecast TV). The firewall logs were disabled. No default login/password on any device, except for one (guest Windows account without password).

What is the potential damage? How do I assess it? I don't know where to start.

Rocket
  • 1
  • even without the firewall, how would something from the internet reach local devices w/o port forwarding or an explicit DMZ? Seems a stretch to worry about low-value targets being momentarily "exposed". – dandavis Feb 09 '21 at 20:58
  • What kind of router is this? Do you even have public reachable addresses inside the LAN (i.e. no NAT). Where there any port forwardings or exposed systems setup? See also Vulnerabilities of pure NAT without firewall. – Steffen Ullrich Feb 09 '21 at 21:07
  • @dandavis I worried too much about the incoming traffic that I forgot about the port forwarding. Thanks for pointing that out. – Rocket Feb 09 '21 at 21:09
  • @SteffenUllrich Edge Router. No public reachable address. Few very specific port forwarding rules. Nothing too broad. I was worried about potential remote access. – Rocket Feb 09 '21 at 21:19
  • In this case the potential impact likely only depends on the specific port forwarding rules since the rest is implicitly protected by NAT. – Steffen Ullrich Feb 09 '21 at 21:56

0 Answers0