Re: Would a firewall prevent Sasser worm?

From: David W.E. Roberts (nospam_at_talk21.com)
Date: 05/05/04


Date: Wed, 5 May 2004 17:33:05 +0100


"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b01a88a95d1538b98a4ce@news-server.columbus.rr.com...
> In article <c78mat$4ps$1@string.physics.ubc.ca>,
> unruh@string.physics.ubc.ca says...
> > "Close all ports that you do not absolutely need on your machine"
> > should surely be the first bit of advice. Then after you have done that
> > also install a firewall for that extra bit of protection.
>
> The problem is that most people don't have a clue as to how to close
> ports, setup IPSec rules, etc... Most people don't even know to enable
> the ICF on their machines.
>
> The best thing people can do is purchase a cheap router with NAT and use
> it from the moment they get their computer. This lets them download the
> updates, install and update the AV software, etc... before they have a
> chance to get hacked.
>
> I put this back on the ISP's - they provide a open connection and don't
> warn the unsuspecting public about the risk/problems. If they just
> enabled NAT by default on their routers (DSL or Cable) most of this
> problem would go away.

NAT by itself doesn't do much for you - because safety depends on who is on
your side of the router.

In a SOHO environment then NAT is pretty damn good - because you know all
the people behind the NAT router and you don't expect them to hack you
(although one PC with a worm behind your NAT router can gut all the other
local PCs). Safest is one PC behind a NAT router - nobody else to compromise
you.

If an ISP has a NAT router then (unless I am missing something) all the
other customers (at least those served by your particular router) will also
be your side of the router, and able to port scan you anytime they want.

I think that most ISPs will have firewalls between their own customers and
the Internet - if only to protect their own machines and routers.

It is the customers within your ISP who are likely to threaten your PC - and
I don't think having NAT on an ISP router would help much.

Having each port on the router firewalled against incoming traffic would be
nice - most ISPs already block port 25 to prevent open email relays and
presumably other ports could be blocked also.

However there will always be someone who wants unusual ports open for
incoming traffic (PTP probably) so administration could be a nightmare.

Buy your own NAT router and don't rely on a 3rd party.

Cheers
Dave R



Relevant Pages

  • Re: Is ISP blocking traffic? ADSL bridged modem - Linksys FEFW11s4 - SBS Standard
    ... But without Ping, how do I verify the static IP they gave me can be reached from the Internet? ... Is there any way to prove the ISP is blocking traffic, or have I screwed something up in the network configuration? ... I don't know this router. ... will have hammered on all the privileged ports and this ...
    (microsoft.public.windows.server.sbs)
  • Re: Help needed on ip forwarding
    ... > Here's my current network. ... > My modem gets an external IP from the ISP. ... > My computer uses an internal IP assigned by the router. ... PORTS, not IPs. ...
    (comp.os.linux.networking)
  • Re: Request for help: troubleshooting pcAnywhere with TZO + Linksys
    ... Take out the router, hook up your desired PC Anywhere server ... directly to the DSL modem. ... its doubtful it blocks any ports ... This is the fastest way to diagnose whats up, Your ISP could also ...
    (comp.security.firewalls)
  • Re: Equipment Questions - Modem/Router
    ... asking your ISP if they have a modem without a router. ... I'd get it and then get my own router and set it up. ... have full control over what ports are open or closed. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: combined ADSL/Router modem - internet wizard
    ... I have a Static IP from the ISP. ... > Forward all ports you'll need fromthe router to the SBS external NIC: ...
    (microsoft.public.windows.server.sbs)