"...because there was a port-forward in the residential gateway..."
That's unrelated to the original query that started this thread. A user (or device via UPnP, I suppose) had to have configured that port forward. What happened there has nothing to do with default firewall behavior in SOHO routers. I could spout off personal experience but hard data would be better, and I have none of that to contribute, unfortunately. Probably the best approach would be for some group to spend a few thousand $currency and purchase a load of SOHO routers for testing. I would hope that data would eventually be published publicly, as it would be highly valuable. I believe there was an offer further up the thread for the IETF to pick up this work? I am not part of the relevant working group, but I would find this data to be useful. On Wed, Mar 1, 2017 at 2:18 PM, Mikael Abrahamsson <[email protected]> wrote: > On Wed, 1 Mar 2017, Nick Buraglio wrote: > > Is this actually a realistic fear? >> > > Let me put it this way, I have personally found an anon-ftp server with > company confidential documents on it, that was reachable from the outside > without the owners knowledge, because there was a port-forward in the > residential gateway that the owner wasn't actively aware of, and the NAS > had anon-ftp turned on without the owners active knowledge. > > So google had indexed all files on this NAS. I contacted the person (did > some digging using pictures etc on this NAS) via their employer, and talked > to the person who had no idea. > > Now, with unfiltered IPv6 it would be harder to actually find this NAS, > but once found, there is no need for port forward for it to be reachable > from the Internet. > > So yes, I can understand the fear and I agree that it's realistic. That's > why most ISPs have chosen to have stateful filtering toward the customers > by default. > > > -- > Mikael Abrahamsson email: [email protected] >
