Menu
What's new
By:
Filters Better Search

Could a router be hacked from WAN end if firmware always up to date, no portwarding, no upnp and wifi disabled.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

johnqhu

Occasional Visitor
Hi,

I'm trying to setup some servers to host some applications which I can access from Internet. So, some ports of my router may need to be open to public. Of course, I'll try to implement reverse proxy, https and firewall to make is as safe as possible.

But to further secure my important data, I'm considering split my home network into two layers. What I have now are one asus rt-ac86u router and one synology rt2600ac routers. I think they both are just consumer routers.

I'm planning to put Synology router for Internet connection. Its WAN holds public IP address, and the LAN subnet is set to 192.168.1.0/24. The servers I want to access from Internet are in this subnet. Port forwarding has to be enabled for the Synology router.

The Asus router is behind the Synology router. Its WAN is in Asus router LAN subnet, for example, the WAN IP address is set to 192.168.1.100 and its LAN subnet is set to 192.168.10.0/24. All my working PCs and NAS are in this subnet. Wifi, port forwarding and upnp of Asus router are all disabled. The default admin account also changed. And let's assume the firmware of the routers are always up to date.

So, my question is:
1. If somehow my Synology router was hacked because of the port forwarding, could the hacker be able to further hack my Asus router?
2. If the answer of the first question is Yes. Then comparing to just put the Asus router facing Internet (no upnp, no port forwarding, no server could be accessed from internet), does the data behind the Asus router have the same security for both scenario? I just care the security of my working PC and NAS data. The servers are not important.

Thanks,
 
Everybody ends up with software bugs. You have to pick a company and trust them.
It is one of the reasons I use Cisco.
 
johnqhu said:
Hi,

I'm trying to setup some servers to host some applications which I can access from Internet. So, some ports of my router may need to be open to public. Of course, I'll try to implement reverse proxy, https and firewall to make is as safe as possible.

But to further secure my important data, I'm considering split my home network into two layers. What I have now are one asus rt-ac86u router and one synology rt2600ac routers. I think they both are just consumer routers.

I'm planning to put Synology router for Internet connection. Its WAN holds public IP address, and the LAN subnet is set to 192.168.1.0/24. The servers I want to access from Internet are in this subnet. Port forwarding has to be enabled for the Synology router.

The Asus router is behind the Synology router. Its WAN is in Asus router LAN subnet, for example, the WAN IP address is set to 192.168.1.100 and its LAN subnet is set to 192.168.10.0/24. All my working PCs and NAS are in this subnet. Wifi, port forwarding and upnp of Asus router are all disabled. The default admin account also changed. And let's assume the firmware of the routers are always up to date.

So, my question is:
1. If somehow my Synology router was hacked because of the port forwarding, could the hacker be able to further hack my Asus router?
2. If the answer of the first question is Yes. Then comparing to just put the Asus router facing Internet (no upnp, no port forwarding, no server could be accessed from internet), does the data behind the Asus router have the same security for both scenario? I just care the security of my working PC and NAS data. The servers are not important.

Thanks,
Click to expand...
1. Yes.
2. No matter what you do, the server makes your system get hacked.

Don't expect anything with consumer grade network devices.
 
coxhaus said:
It is one of the reasons I use Cisco.
Click to expand...
Even Cisco has issues ... and of course they aren't consumer-grade.
arstechnica.com

“Cisco buried the lede.” >10,000 network devices backdoored through unpatched 0-day

An unknown threat actor is exploiting the vulnerability to create admin accounts.
arstechnica.com arstechnica.com
www.tomshardware.com

Backdoors Keep Appearing In Cisco's Routers

Five different backdoors were found in Cisco's software this year, and Cisco's history with backdoors goes back many years.
www.tomshardware.com www.tomshardware.com
www.bleepingcomputer.com

US and Japan warn of Chinese hackers backdooring Cisco routers

A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
www.bleepingcomputer.com www.bleepingcomputer.com
techcrunch.com

Hackers exploit zero-day to compromise tens of thousands of Cisco devices | TechCrunch

Hackers have exploited an unpatched zero-day vulnerability in Cisco’s networking software to compromise tens of thousands of devices, researchers have
techcrunch.com techcrunch.com
 
Cisco is probably the most hacked network devices in the world. But Cisco fixes things as they come up fairly quickly. Better than most.
 
You must log in or register to reply here.

Similar threads

B
Solved GT-AXE16000 port forwarding for Synology NAS
Replies
3
Views
513
B-dog66
B
M
How to prevent being hacked again - Router & devices? 😢
2
Replies
22
Views
915
Tech9
Tech9
N
Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access.
Replies
3
Views
111
ColinTaylor
C
torstein
How exactly do IoT smart devices pose a threat to home networks?
Replies
9
Views
1K
Clark Griswald
Clark Griswald
T
Setting up Router and Bridge with with a Cable Modem
Replies
18
Views
551
Transer
T
Similar threads
Thread starter Title Forum Replies Date
M How to prevent being hacked again - Router & devices? 😢 General Network Security 22
J Are you thinking about a Totolink router? General Network Security 1
PR3MIUM News Mirai DDoS malware variant expands targets with 13 router exploits [D-Link, TP-Link Archer, Yealink, Zyxel...] General Network Security 10
A Virus in my router? General Network Security 62
P Threat protection / DNS filtering / Router security (on home network) General Network Security 1
Blackmagic Using OPNsense after router General Network Security 3
L&LD Some good news too. Hackers get hacked/taken down. General Network Security 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 936 (members: 29, guests: 907)
Top