Advanced options
Apart from setting the router type (which will be logged by us to allow for updating the list of vulnerable devices) the applet allows to change the Internal IP and the Portlist.
The port list enumerates all TCP ports that should
be tested.
It defaults to some commonly found services.
In case you have all these common services closed down, you can put
your own list here, stating which services
on your machine might be reachable.
The option to set the "Internal IP" facilitates
checking for very broken NAT helper modules.
It allows you to try to redirect the inbound connections to
other internal hosts.
The router should notice that and disable the use of the NAT helper.
Thus you should only get "400 PORT Error (500 Go away (PORT IP mismatch).)"
style messagges.
In case it does not, there are two possible cases:
- The router does change the IP in the port command, but directs replies to the host starting the control connection. In this case you get the same result as with your own IP.
- The router forwards the connection to the machine stated in
the PORT command. This allows to scan the given machine.
This behaviour is particularly dangerous, as it allows to penetrate the whole network and not only personal workstations capable of running the Java component of the attack.