Maybe someone should write a plugin that just kicks off a scan from one of the free portscanning services on a regular basis, and then the hubitat will alert you if it's exposed publicly.
1 Like
Well...my Hubitat is secure, but My Plex server is ready to stream movies to those enterprising webscanners that are patient enough to scan up to 5 digit port numbers!
Guess I'll have to disable that!
S.
how did you check?
Fill in your own ip in the search bar. Though then your IP will be listed.
I usually use ShieldsUP! At grc.com, I've been using it for years, but I tried Shodan today as well.
The only thing that popped up was the default Plex port.
S.
what does that do?
it showed this but I don't have anything there
the port 80 is my router but it only allows me to access it when i'm on my LAN
If you ran a port scanner, from the internet (e.g the website) and 80 and 443 showed up, then they are exposed to the public internet.
1 Like
I think that means that your router mimics port 80 and 443 is closed for business from wan. But it is not. My ip: enough people saw it by now 
Only VPN is there.
would it still be there if i have closed it? It's all standard i wouldn't have opened it, there was a port from WD for my NAS through their cloud (turned that off now).
Something has them open, or the scanner wouldn't see them. Try this: GRC | ShieldsUP! — Internet Vulnerability Profiling
Click on the "All Service Ports" in the page following the landing page after you hit "Proceed".
S
1 Like
This is also a reason for disabling upnp on your router. You loose control over what device does what in your security of the whole network.
1 Like
I definitely would not expose my NAS, nor would I use their cloud access services. If you're using your NAS for backups, it's probably got sensitive data on it. I know with the synology NAS cloud service, you can start guessing NAS names and have it pop up with other people's login screens. It's just a reverse proxy service. I don't expose any services on my NAS either (like Plex).
Use a VPN. Get a Raspberry Pi and an 8GB SD card. Target sells both of these now. Install Raspian. The go here and install this and follow the instructions. There are OpenVPN clients that work with this on Windows, Linux, Mac, Android, and presumably IOS (I'm not an IOS user, so not sure there). $40 total, and you have a nice little personal VPN device with high security that allows you access to everything on your internal network.
That looks like it's only scanning up to port 1055. Ideally you'll scan all the way to 65535, both TCP and UDP.
Actually I would get a rpi4 or a clone with gbit Ethernet. I'm running on an rpi3 but I don't like the 100mbit Ethernet. But that is just me. I use it (with my wife) 100% of the time we do something on our mobile or laptops.
Yeah, that's the basic. Test. Did you try the little gray buttons below that do the full port scans?
S.
Amen!
S.
yeah all came up as stealth
Excellent!
S.
