Re: Home Router Traffic
The problem with Shields Up! is that by default it only checks the reserved ports 0-1023.
You can use it to do custom scans, but the standard check will not check to see whether uPNP has opened up ephemeral ports through your firewall, and once these are set up, it could allow CnC channels to any devices.
But most edge-firewalls allow outbound connections to a co-ordination server anyway (it really would be a pain to have to configure individual ports on the firewall), and once a session is established, will allow return control requests (remember TCP/IP sessions are bidirectional) even without uPNP (never wondered how your network attached, print-from-anywhere printer works? Well, this is it).
Of course, it is necessary to get a foothold in the network for uPNP or outbound requests to be made, but who knows what is baked into the firmware of these IoT devices from China? I tent to run a Linux firewall, and do a sweep of the ports currently in use at the firewall, but it's difficult.
It's all a bit of a mess. I favour using the vulnerabilities themselves to run destructive code on the IoT devices to break them, but that is illegal in pretty much all jurisdictions.
Biting the hand that feeds IT
