Hardening OpenWrt Security : Truestealth on GRC ShieldsUP! Test


ShieldsUP is an online port scanning service to test router security against hacker and denial of service (DOS) attacks. The purpose of this utility is to report the users of any ports that have been opened through their firewalls or through their NAT routers.

 ShieldsUP can scan the most common file sharing ports and vulnerable port, as well as over (1-1056) service ports, and user defined ports to test and report router's visibility on the internet including open port, ping reply, and unsolicited packets.
For most user using OpenWrt default firewall configuration failed to pass the test. I recommend that you test ShieldsUP! test first before following the instructions to compare the results

The Steps

Step 1: Connect your router via web interface
  1. Select tabs Network - Firewall
  2. Select General Settings
  3. In wan:wan ?  DROP
  4. Change input to drop , forward to drop
  5. Press save & apply
Your router now passed from Solicited TCP Packets and Unsolicited TCP Packets test Step 2: Drop all ping reply
  1. In Firewall tab
  2. Select Traffic Rules
  3. In Allow ping select edit
  4. Select action to drop
  5. Press save & apply
Step 3: To avoid random disconnect from your ISP (Optional) If your ISP need check client by ping reply , you may allow just for your ISP to ping reply
  1. In Firewall tab
  2. Select Traffic Rules
  3. Select source mac address from any to your ISP mac address
  4. Select your ISP source address (Only use if you cannot determine your ISP mac address)
  5. Select action to accept
  6. Press save & apply

Testing

To test if you're do the steps properly
  1. Go to GRC | ShieldsUP!
  2. Click Proceed - All Service Ports
Then the results will be passed It also turn the router to not visible on the internet  to helps prevent against common exploit, denial-of-service, and zero day attack.

References

Comments

  1. I think Zero day vulnerabilities can be serious security risks. When searching for an appropriate antivirus solution, look for security software that protects against both known and unknown threats
    Zero-day attack

    ReplyDelete
  2. Thank you so much for this nice post. This is very informative and helpful Earning Money Online

    ReplyDelete

Post a Comment