Linksys Router and BlackICE - Confused!!
From: Beauford (beauford_at_hotpop.com)
Date: 09/24/04
- Next message: kony: "Re: FBI SADISM, PERVERSION, MENTAL TORTURE and BLATANT human rights violations"
- Previous message: šLš: "Which hard drive encryption program has the strongest tested encryption & security?"
- Next in thread: Leythos: "Re: Linksys Router and BlackICE - Confused!!"
- Reply:(deleted message) Leythos: "Re: Linksys Router and BlackICE - Confused!!"
- Reply: Zaphod Beelblebrox: "Re: Linksys Router and BlackICE - Confused!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Sep 2004 08:43:20 -0400
Hi,
I have a Linksys BEFSR41 router with 6 computers connected to it as
outlined below.
Win2000 - Domain Controller and Mail Server - BlackIce installed
Win2000 - Domain Controller and IIS Web Server - BlackIce Installed
XP Pro - Workstation
XP Pro - Workstation
Linux Slackware - Stand alone - Apache webserver running
Windows NT 4.0 - Workstation
I have my Linksys Router set up to forward port 25 traffic to my mail
server and to forward port 80 web traffic to my Linux box.
Since I installed the mail server it is being hammered by these Asian
IP blocks trying to relay through it - so I installed BlackIce to
block this - and that is working fine.
Here's the part where I'm confused. On the other Win2k PC BlackICE is
also picking up traffic to port 25 - and when you look at the logs it
says the victim IP is that of my mail server.
I contacted Linksys and they said this is normal. Well it doesn't seem
normal to me. If port 25 is not being forwarded to this machine then
does it not make sense that this machine should not be seeing any
traffic to this port.
This is what I got from Linksys
"Since the computer is hooked up to the router and the firewall
detects the traffic, even though the port is not forwarded to that
computer, since it is an activity on the router, it would still detect
the traffic for that port but that doesn't mean that it is going
through it."
My understanding was that any traffic that is not forwarded to a
specific machine should be dropped. So BlackICE should never see this
traffic. Am I missing something here.....
Thanks
- Next message: kony: "Re: FBI SADISM, PERVERSION, MENTAL TORTURE and BLATANT human rights violations"
- Previous message: šLš: "Which hard drive encryption program has the strongest tested encryption & security?"
- Next in thread: Leythos: "Re: Linksys Router and BlackICE - Confused!!"
- Reply:(deleted message) Leythos: "Re: Linksys Router and BlackICE - Confused!!"
- Reply: Zaphod Beelblebrox: "Re: Linksys Router and BlackICE - Confused!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
