PROBE YOUR NETWORK FROM THE OUTSIDE
SCAN YOUR NETWORK FOR VULNERABILITIES
Shields Up ( pcpro.link/332shieldsup) is a free web service that connects to your home router and tests a wide range of ports and services. It’s a lot like nmap, except that it’s situated on the outside of your network, so it can reveal if anything’s accessible to a remote attacker.
The design looks rather as if it fell out of the 1990s, but the tests it carries out are bang up to date. The first one you’ll see is an instant UPnP exposure test; we’ve already mentioned how UPnP can be exploited by malicious software running inside your network, so you can imagine how much worse it is to allow UPnP connections over the internet. This test only takes a few seconds to run, and will hopefully confirm that UPnP isn’t accessible from outside of your LAN.
To carry out further tests, click the text links in the grey bar below. The File Sharing test attempts to access shared folders on your network over the internet, while the Common Ports and All Service Ports tests reveal how your router responds to external connection attempts. If a port shows as “open”, that’s a potential cause for concern (unless it’s one you’ve chosen to open yourself, such as for a game or internet server).
You might think that the best result would be “closed”, but in fact this isn’t ideal: it means your router or client device explicitly rejected the connection request, confirming its presence to a would-be attacker. For the same reason, the scanner tries to “ping” your router, and reports a failure if your router confirms its location. The best result in the port-scan test is actually “stealth”, which means the scanner wasn’t able to get any response at all.
Finally, the Browser Headers option shows you exactly what information is being sent to web servers by your chosen browser; this is normally rather anodyne stuff such as your operating system, browser version and so forth, but taken together these details can be used to “fingerprint” you and track your activity online. If you’re concerned by what you see, you can use a tool such as Browser Agent Switcher for Chrome (see pcpro.link/332agent) to customise and sanitise the header information as you see fit.
TEST THAT YOUR DNS IS SECURE
DNS can be a tricky thing: it’s very useful to have a service that translates human-friendly domain names into IP addresses, but it means that whoever runs that service can see which sites you’re accessing. Normally the issue is moot as the DNS is operated by your ISP, which has that information anyway, but through malware or misconfiguration it’s possible to end up using third-party DNS servers. At best this compromises your privacy; at worst, a malevolent DNS operator could divert you to dangerous websites.
Happily, there are plenty of free online tools that can check your DNS routing. One such is dnsleaktest.com, which will trace and reveal your DNS connection with a single click. Normally you’d expect to see only your ISP’s DNS server appear here. If you see something that doesn’t look right, you can manually enter your ISP’s DNS settings into your router, or use a free third-party DNS server. Cloudflare operates one at the memorable 1.1.1.1 address, while Google provides its own public servers at 8.8.4.4 and 8.8.8.8.
If you use a VPN, it’s also worth repeating the test when connected to a remote server, because while the VPN is active, all DNS queries should be handled by your VPN provider. If anyone else’s DNS server shows up in the list, that means they can see which sites you’re requesting. That blows a hole in your privacy, and you should immediately raise the alarm with your VPN provider.