Re: adsl router security

From: Andy Baxter (news3_at_earthsong.null.free-online.co.uk)
Date: 12/14/03 

Date: Sun, 14 Dec 2003 11:07:01 +0000

At earth time Sun, 14 Dec 2003 10:25:36 +0000, the following transmission
was received from the entity known as Bill Unruh:

> ]>I have an adsl 4 port router/modem, badged as 'spark' but with a conexant
> ]>chipset. I have configured it to connect my local machines to the NAT, and
> ]>used the virtual server feature to route packets on ports 21 and 80 to the
> ]>FTP and http ports (proftpd & apache) of my server machine, which is on
> ]>the same local network as my main machine. The server machine is also
> ]>running ssh and mysqld but no other network services. The main machine is
> ]>running apache, mysqld, qmail, portmap, gdomap, inetd, lpd, tcpserver,
> ]>xfs-xtt, gnustep_sndd and gdm.
> ]>
> ]>What I would like to know is whether the firewall on the router is likely
> ]>to be enough to protect me from external attacks? Obviously it makes sense
>
> It will be a line of defense. To make it the only line of defense would
> probably not be a geat idea, but as a line amongst others, it should
> be fine. You should find out, if you can if the router is programable
> from its outbound connection (ie does the router allow anyone at all to
> get into its admin functions from the outbound port. It shouldn't. If it
> does, that is a weakness)
> Remember all a firewall does is to prevent certain packets getting
> through if they are not addressed to the selected ports. You seem to
> want a huge number of ports to be open. that means that the protection
> is minimal of any firewall. Ie, what ports is the firewall on the router
> blocking?
>

The only ports I _want_ open are http and ftp on the server machine - I
mentioned to others just to say what services are running, not that I want
those ports open. It can allow programming from outside, but only if I
tell it to. At the moment that's switched off.

andy. 

-- 
http://www.niftybits.ukfsn.org/
remove 'n-u-l-l' to email me. html mail or attachments will go in the spam
bin unless notified with [html] or [attachment] in the subject line.

Relevant Pages

  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: How to stealth against ping/echo requests?
    ... I just started using the Online-Armor firewall. ... Some ports are even open. ... Are you behind a router? ... Every time it founds a new LAN, it asks if you want to trust it ...
    (comp.security.firewalls)
  • Re: FIREWALL- worth the effort ?
    ... I only use internet intermitently and "pull the plug out" ... Do you have a home Cable/DSL Router? ... forward any ports from the outside world to your Macthrough ... The other function of a firewall is to prevent out bound ...
    (comp.sys.mac.system)
  • Re: adsl router security
    ... ]>used the virtual server feature to route packets on ports 21 and 80 to the ... ]>running ssh and mysqld but no other network services. ... if you can if the router is programable ... Remember all a firewall does is to prevent certain packets getting ...
    (comp.os.linux.security)