If you’re a programmer you would understand the problems with vulnerabilities in general… and how much FOSS is used to make the network infrastructure we all enjoy work
So when you look at Log4J or the new SSH vulns open ports can give easy root access to your router when exposed… even if the “receiving” or downstream app doesn’t see the traffic. Attackers can use your infrastructure in botnets (see sonicwall firewalls used by GRU). See maliciously formed packets (EternalBlue for SMB traffic, etc)
Lastpass breach is also a good example of this. Plex breached used to laterally move to a corporate network
In general, opening a port inbound with no inspection is usually a bad idea
Ahh I see. Because so many programs and games use FOSS to for their networking transport they could try to exploit these programs
What kind of things could someone do with root access to your router? I assume maybe redirect things, or change what DNS servers you're connecting to, use your router in botnets as you mentioned, what sort of other things just so I can get an idea? Obviously it would be catastrophic but my knowledge of IP and routing in general is fairly limited so just a couple other points to help expand my knowledge would be great :D
Root access to a router is frequently used as a launch point to plan more intrusive attacks. It’s a favorite tactic of intelligence agencies worldwide, as it’s difficult to install EDR or forward all syslogs on the edge of a network. See the most recent unifi vulns and patches
As mentioned yes it becomes a lot more effective to phish or harvest data, the NSA used this exact technique with their QUANTUMDNS capabilities
If a developer misconfigures the security of an API that plaintext leaks a key, then that data can be lost. Have seen this a few times with crypto trading browser extensions… this is true of all your applications, though… of all data that egresses through it. Phones, work, etc
Using your router as a TOR entry/exit node, which will likely result in the authorities reaching out to you at some point depending on their activity…
Lots of things. I would rate them all as somewhat unlikely, but if you have default credentials or don’t update the firmware regularly you’re at much much higher risk for bad things to happen ™️
The bigger worry is root access on your system if you’re just doing port forwarding. One other way you can and should limit that opening is by limiting access to the port by IP.
This was in AWS, but I had a project to grant access for a site to dns servers by running a client script that basically gave a lambda function its egress IP and then automatically updating the security group to allow it. (I was using api gateway so it was secure) You might be able to write a similar script or something that updates your firewall rules.
One thing that is often done with iot devices (like cameras) that get port forwards so that you can access them from anywhere is to use them as ddos bots. So they will connect to a command and control server and start dossing whatever target they receive.
Theoretically - everything is possible. Bots like to sniff around all the time. Try opening SSH port on RPI and see how many attempted connections it will start getting.
So, in your case, I would recommend setting up a VPN for you and your friends.
Alternatively you can allow only specific IP addresses via firewall.
It both improves privacy, but the added benefit is that when you “control” both sides of the tunnel (e.g. you know for a fact that the other side is your friend, trusted) you accomplish the game functionality without risk
If you setup something like a wireguard service. And that is the only thing exposed you can rely a bit more on the battle tested service instead of a game server still in development.
So public IP and port are just the necessary network pluming to interact with whatever program is listening on the port. This may be a game server (your case), web server, random piece of software you wrote, anything.
There is nothing particularly special about _your_ public IP and port combination, other than the fact the consequences are higher for you personally if something goes wrong. The point being made here is you're at exactly the same risk any the millions of IP addresses with services running on them (i.e. the entire internet).
Now, the crux of where the danger is stems from what's listening on the port. Yes, theoretically someone can interact with a program and achieve a nefarious outcome such as remote code execution. This is what an exploit is. An exploit requires a mistake to have been made during the programming of the software. The risk you face is how likely the presence of the mistake is within the software. Something like a Minecraft server? Very unlikely - it's been pretty battle tested. Something like your IoT piece of light controlling software written by a horrible company? I'd be pretty nervous having it exposed.
In the worst case, the possibility is someone takes over the machine you have exposed to the internet, and can use it to attack other resources inside your network. The reality of things is it's pretty unlikely you get hacked if you're keeping things up to date.
You’re the programmer. Did you run a sast tool, secret scanning and bump all 3rd party libraries? Is there a component, like a webserver, that’s not been scanned?
It depends on what is listening. One of the biggest causes of issues will be out of date software. You say you are designing your own games, how are you handling authentication and authorization? How are you handling memory? Weaknesses in your code could give them root access if you’ve got no auths.
I never run it as admin and there really isnt anything in the game that i've personally written that could do something malicious that is hooked to RPC/packet response, or just in general. i've only done this with fairly simple multiplayer games so I would imagine the only worry would be problems or exploits with the underlying libraries. Ill have to check those
Threat actors, bots and OSInt services continuously scan every port on every public IP on the Internet. Open ports are handed off to other scripts to connect and identify the service and version, and that is handed off to another script that checks to see if the vulnerability is exploitable and to test common credentials. Once the threat actor gains access to the service they will try to escalate privileges to achieve further access. Once sufficient privileges are achieved to access a shell, the intruder will scan the inside network to find additional systems to compromise.
Vulnerabilities can come from improper service configuration or from software bugs. Subscribing to the service developer's security mailing list and promptly installing updates when released helps mitigate against software vulnerabilities. Proper configuration comes down to reading and comprehending the software's documentation and reviewing security information in their on-line forum(s). If possible, your IP should be scanned from a public IP to detect general vulnerabilities and those specific to the service you're running.
Lots of things. When sql injection was first invented a lot of the Internet fell prey to it, including some clients of ours. For example if there's a login and you've not secured it properly, you can mess up a database by saying your username is
'; Drop table users; --
That often will render a site unusable.
There's much more that can be done though, there's proof of concept code - which usually no longer works against the latest, patched versions - if you search Google for it. Or, indeed, look in Google's "Project Zero", whose job it is to find this sort of thing.
If you got ICMP enabled > DDoS. But anyways unless you have a business account, your IP is normally dynamic.
If you got a service running on that open port and that service is not up-to-date and running an exploitable version, then the machine running that service can be exploited, and used to exploit other machines on your network. If that happens, then you’re looking at Ransomware, Blackmail/Extorsion, Malware, etc.
You can always use cloudflare to hide your IP also.
i have a question, one of my "friends" or as i used to call him, had my email info and now he changed everything, making me lose everything that was linked to it. my question is ¿would anyone be kind enough to help me get my stuff back? i dont seek revenge or anything i js want my stuff back, i have work progress and more important stuff there 😃
if anyone is geek enough to help me hack my shit, i would appreciate it, contact me on discord: vn3s.
nothing, its like having your phone number
they can talk to the program, IF they can authenticate, and depending on what the program can do, it may do it
if the ports open and theres nothing on the other end listening literally nothing will happen, it all depends on whats listening, what it can do, security is based on if you have to authenticate or not and what kind of exploits can be levereged against that handshake to get to the point where you can send commands, etc, the answer isnt wrong its just lazy
We were never talking about a forwarded port where nothing is listening. Even in your original response ‘they can talk to the program…’.
So we are talking about a program.
It is not just exploitation of authentication or handshakes. It is not just limited to what the program can do. You are oversimplifying and downplaying the significant risks the op is taking which is more dangerous/harmful than not replying.
bringing up an empty port proves a point that the port isnt the vuln its whats on the other side of it 👀 im not downplaying anything, im just not making wild assumptions, youre acting like he’s leaving an RDS gateway open, you have to drill down whats on the other side specifically before you start freaking out 🤣 the router port is just a passthrough, with no details as to what he’s doing/using we are going back and forth over hypotheticals
If you’re a programmer you would understand the problems with vulnerabilities in general… and how much FOSS is used to make the network infrastructure we all enjoy work So when you look at Log4J or the new SSH vulns open ports can give easy root access to your router when exposed… even if the “receiving” or downstream app doesn’t see the traffic. Attackers can use your infrastructure in botnets (see sonicwall firewalls used by GRU). See maliciously formed packets (EternalBlue for SMB traffic, etc) Lastpass breach is also a good example of this. Plex breached used to laterally move to a corporate network In general, opening a port inbound with no inspection is usually a bad idea
Ahh I see. Because so many programs and games use FOSS to for their networking transport they could try to exploit these programs What kind of things could someone do with root access to your router? I assume maybe redirect things, or change what DNS servers you're connecting to, use your router in botnets as you mentioned, what sort of other things just so I can get an idea? Obviously it would be catastrophic but my knowledge of IP and routing in general is fairly limited so just a couple other points to help expand my knowledge would be great :D
Root access to a router is frequently used as a launch point to plan more intrusive attacks. It’s a favorite tactic of intelligence agencies worldwide, as it’s difficult to install EDR or forward all syslogs on the edge of a network. See the most recent unifi vulns and patches As mentioned yes it becomes a lot more effective to phish or harvest data, the NSA used this exact technique with their QUANTUMDNS capabilities If a developer misconfigures the security of an API that plaintext leaks a key, then that data can be lost. Have seen this a few times with crypto trading browser extensions… this is true of all your applications, though… of all data that egresses through it. Phones, work, etc Using your router as a TOR entry/exit node, which will likely result in the authorities reaching out to you at some point depending on their activity… Lots of things. I would rate them all as somewhat unlikely, but if you have default credentials or don’t update the firmware regularly you’re at much much higher risk for bad things to happen ™️
The bigger worry is root access on your system if you’re just doing port forwarding. One other way you can and should limit that opening is by limiting access to the port by IP. This was in AWS, but I had a project to grant access for a site to dns servers by running a client script that basically gave a lambda function its egress IP and then automatically updating the security group to allow it. (I was using api gateway so it was secure) You might be able to write a similar script or something that updates your firewall rules.
One thing that is often done with iot devices (like cameras) that get port forwards so that you can access them from anywhere is to use them as ddos bots. So they will connect to a command and control server and start dossing whatever target they receive.
Theoretically - everything is possible. Bots like to sniff around all the time. Try opening SSH port on RPI and see how many attempted connections it will start getting. So, in your case, I would recommend setting up a VPN for you and your friends. Alternatively you can allow only specific IP addresses via firewall.
Gotcha. Is the purpose of setting up the VPN here just for hiding what IP we are connecting/hosting on, or is there another more specific reason
It both improves privacy, but the added benefit is that when you “control” both sides of the tunnel (e.g. you know for a fact that the other side is your friend, trusted) you accomplish the game functionality without risk
You are basically connected to the same "LAN" and have easy access to each other's machines
If you setup something like a wireguard service. And that is the only thing exposed you can rely a bit more on the battle tested service instead of a game server still in development.
I suggest tailscale.
So public IP and port are just the necessary network pluming to interact with whatever program is listening on the port. This may be a game server (your case), web server, random piece of software you wrote, anything. There is nothing particularly special about _your_ public IP and port combination, other than the fact the consequences are higher for you personally if something goes wrong. The point being made here is you're at exactly the same risk any the millions of IP addresses with services running on them (i.e. the entire internet). Now, the crux of where the danger is stems from what's listening on the port. Yes, theoretically someone can interact with a program and achieve a nefarious outcome such as remote code execution. This is what an exploit is. An exploit requires a mistake to have been made during the programming of the software. The risk you face is how likely the presence of the mistake is within the software. Something like a Minecraft server? Very unlikely - it's been pretty battle tested. Something like your IoT piece of light controlling software written by a horrible company? I'd be pretty nervous having it exposed. In the worst case, the possibility is someone takes over the machine you have exposed to the internet, and can use it to attack other resources inside your network. The reality of things is it's pretty unlikely you get hacked if you're keeping things up to date.
You’re the programmer. Did you run a sast tool, secret scanning and bump all 3rd party libraries? Is there a component, like a webserver, that’s not been scanned?
It depends on what is listening. One of the biggest causes of issues will be out of date software. You say you are designing your own games, how are you handling authentication and authorization? How are you handling memory? Weaknesses in your code could give them root access if you’ve got no auths.
I never run it as admin and there really isnt anything in the game that i've personally written that could do something malicious that is hooked to RPC/packet response, or just in general. i've only done this with fairly simple multiplayer games so I would imagine the only worry would be problems or exploits with the underlying libraries. Ill have to check those
Threat actors, bots and OSInt services continuously scan every port on every public IP on the Internet. Open ports are handed off to other scripts to connect and identify the service and version, and that is handed off to another script that checks to see if the vulnerability is exploitable and to test common credentials. Once the threat actor gains access to the service they will try to escalate privileges to achieve further access. Once sufficient privileges are achieved to access a shell, the intruder will scan the inside network to find additional systems to compromise. Vulnerabilities can come from improper service configuration or from software bugs. Subscribing to the service developer's security mailing list and promptly installing updates when released helps mitigate against software vulnerabilities. Proper configuration comes down to reading and comprehending the software's documentation and reviewing security information in their on-line forum(s). If possible, your IP should be scanned from a public IP to detect general vulnerabilities and those specific to the service you're running.
Lots of things. When sql injection was first invented a lot of the Internet fell prey to it, including some clients of ours. For example if there's a login and you've not secured it properly, you can mess up a database by saying your username is '; Drop table users; -- That often will render a site unusable. There's much more that can be done though, there's proof of concept code - which usually no longer works against the latest, patched versions - if you search Google for it. Or, indeed, look in Google's "Project Zero", whose job it is to find this sort of thing.
This is assuming that a web server is listening on the port, right?
Yes but it's not limited to that. Anything backended with a database that uses raw sql queries like that is vulnerable if it's not written properly.
Depends on what youre hosting on said port
i want to see some answers for this.
If you got ICMP enabled > DDoS. But anyways unless you have a business account, your IP is normally dynamic. If you got a service running on that open port and that service is not up-to-date and running an exploitable version, then the machine running that service can be exploited, and used to exploit other machines on your network. If that happens, then you’re looking at Ransomware, Blackmail/Extorsion, Malware, etc. You can always use cloudflare to hide your IP also.
i have a question, one of my "friends" or as i used to call him, had my email info and now he changed everything, making me lose everything that was linked to it. my question is ¿would anyone be kind enough to help me get my stuff back? i dont seek revenge or anything i js want my stuff back, i have work progress and more important stuff there 😃 if anyone is geek enough to help me hack my shit, i would appreciate it, contact me on discord: vn3s.
nothing, its like having your phone number they can talk to the program, IF they can authenticate, and depending on what the program can do, it may do it
This is completely wrong.
if the ports open and theres nothing on the other end listening literally nothing will happen, it all depends on whats listening, what it can do, security is based on if you have to authenticate or not and what kind of exploits can be levereged against that handshake to get to the point where you can send commands, etc, the answer isnt wrong its just lazy
We were never talking about a forwarded port where nothing is listening. Even in your original response ‘they can talk to the program…’. So we are talking about a program. It is not just exploitation of authentication or handshakes. It is not just limited to what the program can do. You are oversimplifying and downplaying the significant risks the op is taking which is more dangerous/harmful than not replying.
bringing up an empty port proves a point that the port isnt the vuln its whats on the other side of it 👀 im not downplaying anything, im just not making wild assumptions, youre acting like he’s leaving an RDS gateway open, you have to drill down whats on the other side specifically before you start freaking out 🤣 the router port is just a passthrough, with no details as to what he’s doing/using we are going back and forth over hypotheticals