How safe is it to open virtual servers?

S

Sergey2021-08-08 17:54:49

ASP.NET

Sergey, 2021-08-08 17:54:49

To test the operation of my application with callback api, I opened a virtual server in the settings of my router, with external port: 80 and internal: 5000.

The application was created on ASP.NET Core, and is launched with the Kestrel web server. In the application, when it is running, connections made to it are logged. Sometimes there are connections from different IPs, among which there is Google. Basically the connections go to the root of the site, so I don't think my computer was attacked. But nevertheless, I'm far from being an expert in this, so some list of questions for people who understand this area:

How safe is it to open access to the Kestrel server on the Internet, without any configuration? (I use HTTP protocol)
Is it also safe to leave the virtual server enabled in the router settings?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrey Barbolin, 2021-08-09
@dronmaxman

Sticking service assholes out into the world is NOT SAFE. Even if the vulnerability is not written on the forums, this does not mean that it does not exist, it's just that no one knows about it yet)
At least it's worth changing the port if possible. Select a port outside the range of 10000.
Ideally, restrict access to the firewall only from a specific IP.

V

Vasily Bannikov, 2021-08-08
@vabka

not dangerous, but I advise customers to connect https

K

Karpion, 2021-08-08
@Karpion

For security, it doesn't matter if it's a virtual server or a physical one. Strictly the same.
There is a good rule:
"Do not leave (do not give) access to those who do not need it for useful work."
I would not consider a self-written server to be safe. Especially with your level of knowledge (judging by the issue).