ShieldsUP is an online port scanning service to test router security against hacker and denial of service (DOS) attacks. The purpose of this utility is to report the users of any ports that have been opened through their firewalls or through their NAT routers.
ShieldsUP can scan the most common file sharing ports and vulnerable port, as well as over (1-1056) service ports, and user defined ports to test and report router's visibility on the internet including open port, ping reply, and unsolicited packets.
The default OpenWrt firewall configuration is less restrictive, as a result, user with default configuration will likely failed to pass the test. I recommend testing ShieldsUP! Test first, before following the instructions to compare the results.
The Steps
Step 1: Open router web interface- Select tabs Network - Firewall
- Select General Settings
- In wan:wan ? DROP
- Change input to drop, forward to drop
- Press save & apply
Step 2: Drop all WAN ping reply
- In Firewall tab
- Select Traffic Rules
- In Allow ping select edit
- Select action to drop
- Press save & apply
Your router now passed from Ping Echo test.
Step 3: To avoid random disconnect from your ISP (Optional)
If your ISP check client uptime by ping reply, you may whitelist your ISP source mac address.- In Firewall tab
- Select Traffic Rules
- Select source mac address from any to your ISP mac address
- Select your ISP source address (Only use if you cannot determine your ISP mac address)
- Select action to accept
- Press save & apply
Testing
To test if you're do the steps properly- Go to GRC | ShieldsUP!
- Select Proceed then Select All Service Ports
Comments
Post a Comment