Re: Linksys Firmware Upgrade Available
From: packetsnoop (packetsnoop@void.net)Date: 05/28/02
- Next message: UK_DOC: "Re: Premium rate number diallers"
- Previous message: Jens Hoffmann: "Re: Premium rate number diallers"
- In reply to: Amir Kolsky: "Re: Linksys Firmware Upgrade Available"
- Next in thread: Amir Kolsky: "Re: Linksys Firmware Upgrade Available"
- Reply: Amir Kolsky: "Re: Linksys Firmware Upgrade Available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "packetsnoop" <packetsnoop@void.net> Date: Tue, 28 May 2002 20:22:34 GMT
Amir,
First I will say that I have no experience with WinRoute. I don't use it
and have not really read that much about the application. It may very well
account for the points that I will list below but....What I did want to do
is give you some things to think about as you are deciding between packet
filtering -vs- personal firewall applications.
Basic packet filters work by inspecting the pkt headers (usually the IP
header for src and dst address, and the transport layer protocol header
(either UDP or TCP for the destination port numbers)). Some of these can
also inspect protocol headers other than IP (such as ICMP). The issues with
these are that they rarely can account for "state" (the appropriateness of a
packet based on pkts that came before it - ex. TCP's 3-way handshake or a
outgoing UDP pkt to request DNS services) and they also (usually) have
issues with fragment reassembly (The ability to collect all the fragments of
the final pkt and then make a decision on whether to allow it or not).
There are several other issues with these types of filters that can allow
certain attacks or scans to come through your defenses as well (ex. the
inability to account for out of spec packets - such as ones with the TCP
Flags set to erroneous combinations). Finally, they do not have the ability
to inspect the entire packet to check for application layer exploit attempts
(like buffer overflows or known CGI exploits, ...).
These short comings can leave you open to several DoS attacks, scans and
application level exploits.
With all that said, I would recommend that you use a packet filter over
nothing....but given the low cost of personal firewall software (some are
free and others are around US$60) I would opt for the personal firewall.
These applications have far greater capabilities when it comes to protecting
you while you are connected to a hostile network (and by definition, the
Internet is about as hostile as they come). As a side benefit, some of them
have excellent attack recognition and logging capabilities that can be
useful data to help get funding for your organizations security project 8-)
In addition to a personal firewall and NAT, I would also strongly advocate
that you install and keep up to date an anti-Virus application (often these
are packaged with personal firewalls these days - ex. Norton). This can
help protect you from Trojans that can circumvent your firewall, NAT, pkt
filters, ...
Final reco is the cardinal rule. If you don't need a service on your PC
(such as IIS or PWS) don't run it.....in fact, don't even install it if you
have the option.
Not trying to start a holy war discussion on the topic.....just my 2
cents.....
"Amir Kolsky" <amir@kolsky.com> wrote in message
news:newscache$5yntwg$ak9$1@lnews.actcom.co.il...
> WinRoutePro has NAT, portmapping and the ability to filter packets on
their
> way out based on protocol, ip addresses and port.
>
> By default all ports are blocked on the way in, and all ports are open on
> the way out (i.e., no filters).
>
> Does anyone who knows WinRoute pro better than me tell me if there's a way
> to do application level filtering or to add something that will allow to
> filter based on app?
>
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.175d248a5edd73c1989812@news-server.columbus.rr.com...
> > In article <newscache$u3etwg$i89$1@lnews.actcom.co.il>, amir@kolsky.com
> > says...
> > > I have WinRoute Pro (Since I am in need of a router) do you reckon it
is
> a
> > > good enough firewall, or do I need to get one on top of WinRoute?
> > >
> > > Thanks, Amir
> >
> > Amir, A router is not a firewall. A firewall may also provide routing,
> > but a router is not a firewall. A firewall provides OUTBOUND AND INBOUND
> > security based on user definable rules.
> >
> > > "Dr. Bob" <rck@houston.rr.com> wrote in message
> > > news:3ca357ff.15217631@news-server.houston.rr.com...
> > > > On Sat, 23 Mar 2002 22:56:05 GMT, N/A <youngert@MailandNews.com>
> > > > wrote:
> > > >
> > > > >I am clueless.
> > > >
> > > > Indeed. But we are here to clue you in.
> > > >
> > > > >You have a linksys one of these linksys
> > > > >EFSR41/BEFSR11/BEFSRU31 router with a built-in firewall to
> > > > >protect your small LAN. Why the hell in this world do you still
> > > > >need to run a Keria Peronal Firewall on your computer? Is not
> > > > >that is kind of redundant?
> > > >
> > > > That is a very common question for people new to firewalls, and can
be
> > > > understood by asking yourself how NAT works. To do that you must
> > > > distinguish between incoming and outgoing packets and those that
> > > > originate a connection and those that respond to the request from
that
> > > > origination.
> > > >
> > > > NAT provides protection for incoming packets that originated on the
> > > > Internet. But there are other kinds of packets that can cause
trouble.
> > > > The most notorious is the parasite application that resides inside
> > > > your machine and phones home. There is no way a NAT router can deal
> > > > with that in general.
> > > >
> > > > There is more that is required than just a NAT router. There is a
> > > > personal firewall, an anti-virus scanner, a trojan/adware scanner,
> > > > ad/content blocker, etc. My recommendations are:
> > > >
> > > > Linksys BEFSR41
> > > > Kerio Personal Firewall
> > > > McAfee Anti-Virus
> > > > AdAware
> > > > AdSubtract Pro
> > > >
> > > > There are others depending on your needs. Outpost Pro, Promoxitron,
> > > > Tiny Personal Firewall, Trojan Hunter. Stay away from Zone Alarm. It
> > > > started off as a good product, but now it is crap.
> > > >
> > > > If you really want to learn about the issues involves, and they are
> > > > numerous, I recommend joining the Agnitum Forum and getting a copy
of
> > > > Outpost Pro. Once you start digging into its myriad features and
> > > > master them you will be a guru in this subject. The cost of the
> > > > license is worth it for the educational experience alone. It
includes
> > > > plugins for ad/content filtering and intrusion detection so you do
not
> > > > have to buy those.
> > >
> > >
> > >
> >
> > --
> > --
> > Leythos999@columbus.rr.com
> > (Remove 999 to reply to me)
>
>
- Next message: UK_DOC: "Re: Premium rate number diallers"
- Previous message: Jens Hoffmann: "Re: Premium rate number diallers"
- In reply to: Amir Kolsky: "Re: Linksys Firmware Upgrade Available"
- Next in thread: Amir Kolsky: "Re: Linksys Firmware Upgrade Available"
- Reply: Amir Kolsky: "Re: Linksys Firmware Upgrade Available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
