Does the Fingbox itself conduct the port Vulnerability Scanning?

Ajax
Ajax Member Posts: 35
25 Likes 10 Comments First Anniversary 5 Awesomes
✭✭✭
Does the Fingbox conduct the port scanning itself or does it send a request to an external location to conduct the testing a report back to the Fingbox once complete?
VioletChepil

Comments

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Hey @Ajax, hope you had a nice weekend :) 
    The Vulnerability test is run by Fingbox and not any other application. The Network Vulnerability Test automatically runs weekly but you can also perform and on-demand scan. The test is made up of two parts:
    The Remote Scan Test performs a port scan on your public Internet address (the individual numerical address visible to the public when you are online) to see which ports are open to the external world: these are the open doors into your home, and you should make sure to have only the strictly necessary ones open.
    The Internal Router Audit checks the router addresses, the NAT configuration and whether or not  UPnP or NAT-PMP is activated. In the house metaphor, this would be the equivalent of checking the security measures placed inside the building in case an intruder did make it through the door.
    Let me know if that answered it for you.
    Also, next time, you can submit as a question (rather than discussion) and that will allow the thread to appear in unanswered and you can choose a "best answer" for the question. 
    Let me know if that's clear! 
    Cheers 

    Community Manager at Fing

  • Ajax
    Ajax Member Posts: 35
    25 Likes 10 Comments First Anniversary 5 Awesomes
    ✭✭✭
    So the remote scan test, is that conducted directly by the Fingbox from internally on the network? I had assumed it was but when I grabbed a pcap file using a Packet Squirrel on the network cable used by the Fingbox I didn't see the expected traffic for a portscan. I came to the conclusion it must send a request to an external location which then ran the portscan from a public location and reported back to the Fingbox. It doesn't matter either way but just like to understand.
    VioletChepil
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    edited September 6, 2019 #4
    The Remote Scan Test performs a port scan on your public Internet address (the individual numerical address visible to the public when you are online) to see which ports are open to the external world: these are the open doors into your home, and you should make sure to have only the strictly necessary ones open.
    Violet, I have a doubt about your response, usually, from within the local network you are restricted from some communication with the external IP (Privet IP of your ISP o Public IP if your ISP assigned one directly), maybe I am to old and now this is not an issue, but in my days of gaming and trying to mount a public game server on my home network, I had to do some tricks on the console (command line console) of my router, to enable that, from within the network it gave me, the assigned public IP responds without inconvenience.
    Now, this procedure isn't common in all cases, so how the box performs the verify?
    Keep looking up!
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Ok I'm checking up for any further information on this thread. 

    Community Manager at Fing

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    OK @Hronos @Ajax I have some additional details from our dev team on this. The remote part is performed, well, remotely. Not by Fingbox
    The internal router audit is performed internally by the Fingbox. 
    And results are evaluated together to provide the final assessment.
    Let me know if anything else remains unclear!
    Cheers

    Community Manager at Fing

  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    @VioletChepil that's more clear
    It is more helpful a remote/external Scan test for external issues.
    Thank you for the followup!
    Keep looking up!
    VioletChepil
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    You are most welcome @Hronos:)

    Community Manager at Fing

    Hronos