OBi unit web page receiving unauthorized visits?

[QBZappy]

By chance I was looking at my router QOS (Tomato firmware), and noticed that my OBi100 unit web page was showing some activity. I observed for a while. I was getting connections from several places at certain times. I logged in using WAN address of the OBi from a far away location and saw my current ip confirming that it was others/scanners visiting my WAN_IP:80. Just to show that the OBi is being scanned for HTTP port 80. It might be useful to change it to non standard port for the security. I had overlooked this detail.

Proto   TCP
Source OBi100 (X.X.X.X)
S Port 80
Destination dsl-200-67-203-229-sta.prod-empresarial.com.mx (Mexico 200.67.203.229)
D Port 64054
Class Remote
Rule 10
BytesOut 84
Bytes In 231                                
               

[giqcass]

That's the reason why its very important to change the default passwords especially if you enable wan access.  Changing the port of course could add a little extra security as well as long as you don't forget when you need it lol..

[Rick]

Maybe I'm not understanding, but I use Gibson Research's site (www.grc.com) and Shields Up! to check my system.  All my ports, including HTTP 80, come up as STEALTH.  Doesn't that mean I don't have to worry?

[QBZappy]

Rick,

In your browser try the following and see what you get:
http://your_wan_ip

If you get the Obi unit web page then it can be reached over the internet.

[Rick]

Nothing.  Reverts to Google.  And that is my router address and the OBi is behind it.

[Lavarock7]

Rick,

In your browser try the following and see what you get:
http://your_wan_ip

If you get the Obi unit web page then it can be reached over the internet.

I'm not sure if that is a valid test. The reason I say that is I think some routers know the WAN address and never go out to the internet and back in.

For example, I have disabled the 202 from being access over the internet, yet can use my WAN address from my PC to access the web interface.

[giqcass]

I use an online proxy to test visibility from outside my network.  Replace"type.your.ip.here" with your wan ip address.  Leave :80 as that means port 80 or substitute it for the port your are looking at.  This only works if the device returns a web page.

http://proxy2974.my-addr.org/myaddrproxy.php/http/type.your.ip.here:80

[Rick]

I tried the online proxy suggested by giqcass, replacing "type.your.ip.here:80" with the ip I find when I query "what's my ip", with :80 after it.

I believe that this is the IP address of my cable modem, which gives it to my router, which is how my entire home network (not any one PC) is represented to the outside world.

I got the following message back:

request to url [http://xx.xx.xxx.xx:80] fail, reason - couldn't connect to host

Again, I believe that a scan using Shields Up at www.grc.com, which reveals that I'm "Stealth" on everything, shows that nothing can get it because nothing can be found.  However, I'm not a network expert, so please show me where I'm not understanding.

[Felix]

Rick,
I am with you - if shields up reports stealth, you are hidden. QBZappy has OBi100 - so the only way to even reach it is if router firewall forwards some port to OBi. If that is the case - you won't get stealth from shields up.

[Ostracus]

Indeed, and les anyone forget, if one has a feature/smart phone with a browser, one can check that way.

[giqcass]

Anyone trying to get in to your network needs to go through your main cable modems IP address.  Of course they will probably try multiple common ports. 
20
21
22
23
25
80
5060
5061
8080
8081

[Rick]

All those are stealth for me.