Re: Router's Firewall

From: luis (not@vaila.ble)
Date: 07/28/02


From: "luis" <not@vaila.ble>
Date: Sun, 28 Jul 2002 03:41:03 GMT

Hi Duane, thanks for your reply... I understand the risks of hosting web
services from your own computers and that's why I don't do that, I use
http://blazingfast-communications.com/ . I use my home network for
internal purposes only and I think ZoneAlarm does the job well in that
regard. My concerns are more about what the router's capabilities are
compared with ZA for the use I give to this network. Nevertheless your point
has been taken and I am definitely consider your suggestions if I ever
consider modifying my configuration.
Regards,
Luis

"Duane Arnold" <darnold92@Insightbb.com> wrote in message
news:bbz09.56837$uh7.6654@sccrnsc03...
> Unless you are using Linksys model BEFSX41, which is the only model that
> indicates that it has firewall technology, then the router doesn't have a
> firewall. What your router does have is NAT. What that firewall is on
> BEFSX41, I don't know.
>
> http://www.homenethelp.com/web/explain/about-NAT.asp
>
> The current firmware being used by some Linksys routers do have the
> capability to incorporate a software firewall such has ZA. But ZA must be
> installed on a workstation, so how the router using ZA is protecting you
> entire network is beyond me.
>
> For most home users, ZA is a fine product which will protect a computer
for
> the most part. Port 80 is the WEB access port and port 21 is the FTP
access
> port on your machine.
>
> ZA is protecting those ports, because your not accepting or allowing any
> IP(s) to access those ports. But what if you decide you want a WEB site on
> one of your machines, then what? What are you going to do, only allow
> certain IP(s) access to your WEB site, or is the WEB site going to be open
> to the public, which means ZA is not blocking on any IP. I think you will
be
> using the later of the two.
>
> And there is the problem, because once a port is open, the router with its
> NAT and SPI (Stateful Packet Inspection) are out of the picture. Well, SPI
> is still in play a little bit, but ZA is out of the picture too. No
software
> or appliance side firewall for the home market is going to protect your
> machine once the port is open and the IP has been accepted and traffic is
> flowing.
>
> So, let's say you have ACCEPTED an IP on port 80 and everything is cool
NAT,
> SPI, and ZA are all cool with it, especially ZA, because ZA was told to
> accept the IP. Now, what if that IP you accepted had it's own WEB site and
> it was infected by a WORM or Trojan horse and one of them got put into the
> network traffic, because that is what they do is reach out looking for
other
> machines, between the two machines, what is going to stop it from
reaching
> your machine?
>
> Nothing is going to stop it not NAT, SPI, or any firewall is going to
stop.
> You could say that a anti virus software could stop it, but it is most
> likely too late when anti virus software has detected it. Maybe a anti
virus
> software that does real time scanning of files and memory would help,but
> most people don't know to get that type of anti virus software.
>
> If ZA had an Intrusion Detection System (IDS) incorporated in it that
> inspected the network traffic looking for anything malicious or suspicious
> and block the IP, if found, then you would have some protection. ZA cannot
> do this and none of the other ones can do it.
>
> The only one that can do this, actually look at network traffic and block
> it, if something is malicious or suspicious in the traffic is BlackIce.
>
> BlackIce Defender a IDS/firewall is the only one that can protect the
> machine in this manner. Not ZA, Tiny, Outpost, Sygate, which many consider
> the best, or any of the other ones have IDS in them currently. So they
> cannot do what BlackIce does to protect the machine.
>
> This same scenario happens in the reverse. If you go out to a Web site,
you
> initiate the contact, that is infected, BlackIce will protect the machine.
>
> I went on about this a little bit, but you have the picture.
>
> Duane
>
>
> "luis" <not@vaila.ble> wrote in message
> news:DMv09.185613$uw.99200@rwcrnsc51.ops.asp.att.net...
> > Hi,
> > I would like to know how the firewall in the router works... and what
this
> > messages from the router's log would mean:
> >
> > Saturday, July 27, 2002 3:08:39 AM Unrecognized access from
> > 162.84.251.167:22339 to TCP port 21
> > Saturday, July 27, 2002 3:10:09 AM Unrecognized access from
> > 66.106.6.227:2917 to TCP port 80
> > Saturday, July 27, 2002 3:10:12 AM Unrecognized access from
> > 66.106.6.227:2917 to TCP port 80
> > Saturday, July 27, 2002 4:43:00 AM Unrecognized access from
> > 66.148.161.19:59483 to TCP port 21
> > Saturday, July 27, 2002 4:43:03 AM Unrecognized access from
> > 66.148.161.19:59483 to TCP port 21
> > Saturday, July 27, 2002 4:43:09 AM Unrecognized access from
> > 66.148.161.19:59483 to TCP port 21
> > Saturday, July 27, 2002 4:43:21 AM Unrecognized access from
> > 66.148.161.19:59483 to TCP port 21
> > Saturday, July 27, 2002 5:25:13 AM Unrecognized access from
> > 61.34.16.130:3284 to TCP port 53
> > Saturday, July 27, 2002 5:25:16 AM Unrecognized access from
> > 61.34.16.130:3284 to TCP port 53
> > Saturday, July 27, 2002 5:41:48 AM Unrecognized access from
> > 217.136.33.167:2717 to TCP port 21
> > Saturday, July 27, 2002 5:41:51 AM Unrecognized access from
> > 217.136.33.167:2717 to TCP port 21
> >
> > I am using ZA Pro in my computers and I know that any scan is being
> blocked,
> > I wander if the routers is able to do that.
> > I know that Linksys installs ZA into their routers but all the routers I
> saw
> > claimed firewall protection as well.
> >
> > Thanks for your attention.
> > Luis.
> >
> >
>
>



Relevant Pages

  • Re: Routers Firewall
    ... I ask him do you have a firewall and he says yes. ... I still have an IDS/firewall on all my machines behind the router. ... > to connect to a port your public IP address the router would reject the ... > An open port on the router could be connected to a service running on the ...
    (comp.security.firewalls)
  • Re: Possible Mail Relay or just new usages of returned mail by spammers
    ... If you have ANY type of firewall, be it a NAT router or true firewall ... ISA can be used in conjunction with the router/firewall, but if you do, you ... to be done twice...once in ISA, and once in the router to port forward to ...
    (microsoft.public.windows.server.sbs)
  • Re: Home firewall Hits
    ... >Port 162 with a UDP message. ... than theres nothing blocking access from the internet to your router. ... >Subject: Home firewall Hits ... >simplify the management and deployment of PGP and reduce overall PGP costs ...
    (Security-Basics)
  • Re: Bypassing the firewall
    ... Firewall in the router but i think it comes with Zone Alarm. ... >> The one thing you MUST remember is that an open port is an open port no ... >> So start your game and then start TCPview to see the ports the game is ...
    (comp.security.firewalls)
  • Re: Zone Alarm Pro: How to *ALLOW* incoming web access
    ... >> It's the fact that one has a personnel FW trying to protect a machine ... protection of a NAT router, which is going to stop a lot of attacks up ... resources to stop the attacks, which will slow the machine down in doing ... inbound ports, which you'll have to do on port 80. ...
    (comp.security.firewalls)