We’re Being Scanned

(This one is going to get a little technical, but hang with me.)

Your WiFi router is the main portal to your home network. Most of us think of it as just a box that gives us a wireless connection, but this box almost always contains a firewall, as well. A firewall normally acts like a one-way data valve: your network requests can go out, but unsolicited requests can’t come in. Usually. Sometime firewalls have “holes” in them – some on purpose, but usually not. Without getting too technical, you generally don’t want any ports exposed to the broader internet. Why? Because the bad guys have computers set up to scan the entire internet for them constantly. If a scan reveals an active public port, the automated scanner will then probe it for weaknesses. If found, your WiFi router could be hacked and your entire home network compromised.

Here, Let Me Check That For You

One of the legitimate uses for opening a port to the internet is so that you can log into your computer while traveling (VPN) or to allow some network gaming features to work (uPnP). Another reason is to allow a support person to remotely view or even control your computer, using tools like VNC, Remote Desktop Connection, or TeamViewer. Most of these services use well-known port numbers, making it easy for hackers to scan for them.

So it’s no wonder that companies like eBay have had problems with fraudulent purchases from compromised computers. If you’ve logged into eBay recently, you wouldn’t have to log in again – and neither would a hacker controlling your computer. So they use your computer to buy stuff or drain your PayPal account.

Apparently, eBay has had enough of a problem with this that their website is now automatically scanning your computer for these remote control services. That is, just by visiting their website, your computer basically gets violated. As it turns out, though, the scan is mostly just annoying for you and not even terribly helpful to eBay. The scan is only for the computer where the browser is running, not your actual firewall (router). But vulnerable router ports is a valid security issue so I thought I’d explain how you might check your firewall yourself.

Check Yourself

Steve Gibson (security podcast guy) has a website that will help you check to see whether your home network has any obvious weaknesses. It’s a free service called ShieldsUp (in reference to the USS Enterprise from Star Trek). It will do a port scan of your public IP address, looking for any open ports. (Hint: you don’t want to find any.)

1. To try this tool, go to this website: https://www.grc.com/shieldsup
2. Read the little blurb in the box and then click the little hard-to-see “Proceed” button in the middle of the page.
3. The next few pages are a little hard to follow. First click the big yellow “Instant UPnP Exposure Test” button. This should verify that you’ve disabled external UPnP access.
4. Return to the previous page. In the funny table below the yellow button, click the slim “Common ports” button to start the scan.

Don’t freak out if it says “failed” – look at the actual results below that. The ideal status for any given port is “stealth” (green), meaning that your router completely ignored the request. The next best status is “closed” (purple), meaning that your router replied but denied the connection. If any of your ports are listed as “open”, then you need to go to your Wi-Fi router’s admin page and find the setting for the listed service and disable it on the external (WAN) side. (You might also want to consider putting any “closed” ports in stealth mode, but closed is probably okay.) You can run the Shields Up test again to see if you succeeded.

Note that many ISP’s will block these sorts of port scans, too, trying to increase your security. So this test is actually testing both your ISP’s blocking and your router’s settings. But for most purposes, that’s fine. It’s two levels of defense and you’re getting the merged report, basically.