What's new

DDNS Security Issues

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

needshelpdoing

New Around Here
Im deciding to get a DDNS since I am hosting some games(factorio, valheim, minecraft) for a few friends since I have dynamic IP. I am considering NoIP .

I am using the RT-AC68U, stock firmware, as my router. My concern is about potential security issues.

I have a Synology NAS(no remote access, no FTP, no ssh enabled), and a cctv system.
 
Having a "name" vs just an ip makes little difference in terms of vulnerability. Not really sure what you are asking, but if it is just that, then it really doesn't matter. Most "attacks" are based on sequential ip sweeps looking for vulnerabilities on open ports. Obviously, the fewer services you run, the fewer potential vulnerabilities you will have.

Make sure your firmware is up to date to reduce potential attacks as well. Take a look at the updates in merlin firmware too as it is often ahead of stock asus in terms of patches. (But not always, all depends on release cycles)
 
A good starting point, but ideally you investigate and know exactly what services you run and why they need to be exposed. Only allow programs that you trust.
 
i see. i guess using https://www.grc.com/shieldsup to test is okay?

As @dosborne said, place to start.

Also consider overlaying a decent SPI firewall with blacklist. But once you run services you're not just worried about the port that's being opened, but also about any unpatched vulnerabilities in the service itself. Ideally isolate those exposed systems in a DMZ and don't put anything sensitive on them that you would care about exposing. And of course, separate admin accounts and unique pwds for any accounts that are not shared with other services etc.
 
GRC will tell you what ports are listening, but they tell nothing about the app layer risks. Even if GRC tells you that only one port is available, you have no idea if that port is vulnerable. As others have stated, if you are planning to host always on services, you should probably get a more advanced firewall and consider making a DMZ to segment your public exposed services away from your Internal systems/devices.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top