Re: Firewall and Home Network

From: David (davidwnh@adelphia.net)
Date: 11/23/02 

From: "David" <davidwnh@adelphia.net>
Date: Fri, 22 Nov 2002 23:39:26 GMT

Generally speaking your incoming filters will prevent "unsolicited" attempts
to connect to your computer. If inbound traffic is a response to your
initial outbound traffic it will not be blocked. Some firewalls have filters
that allow you to block even incoming responses however I do not think that
is the case with your router.

As far as outbound filters I've seen them implemented in several ways. They
can either be implemented to block origin port destination port or both.
Usually you will be blocking outgoing for destination port, however I'm not
familiar with how your particular router is designed to implement its
filters. Someone else with the same router may be able to be more
definitive. Or maybe you can find this info in the manual so that I will
know I am giving you sound advice(hopefully at least).

Are you using a DHCP assigned private IP address that your router assigns
your PC? If so this may be what stopped all your traffic. I usually use
static addresses when possible just to remove DHCP problems,
vulnerabilities, and traffic out of the picture. Let us know if this was the
problem when you added the original outbound filters.

You can take two approaches to your outbound filtering. Close them all to
start with , then open the ones you will be needing. This will assure that
you will only allow outbound traffic to ports for services that you are
using, but can be difficult for the uninitiated as I think you may have
recently discovered. I do recommend this if you are willing to forego some
hair pulling. You can usually refer to your blocked traffic log to see which
port(s) you need to open as you set up for each application.
You will end up with a tighter firewall this way.

Or you can start with everything open and then close down the ports you
know you don't want open. 137-139 as you mentioned. I would add 445 to this
list and probably get a recent trojan list and block some of those. Other
candidates are ICQ ports if you don't use ICQ, etc. You might see now how
this approach isn't as thorough and although is easy to start with you will
end up with potential holes.

Another approach would be to get a software firewall to take care of your
outbound filtering. Some of these are easy to set up and this is just a
suggestion and not necessarily what I recommend. You have a router that will
allow you to filter outgoing, so with only your router and access logging
your firewall can be just as effective as outbound control via software,
without the added overhead. There are pros and cons to both solutions. The
ultimate decision is yours, what is easiest for you to configure will
ultimately give you the best protection.

Also be sure to have AntiVirus software that you keep up to date.

> 20,21,25,110,119 and 443. This blocked all communication for web and
> mail. Now I deny only 137-139. I am going to check with my ISP for any
> required ports, guess I should have done that long ago.
>
> Yes the FW has a logging function that gives me info like:
> Friday, November 22, 2002 21:10:01 Unrecognized access from
> 4.62.124.65:1029\
> to UDP port 137
> Friday, November 22, 2002 21:37:12 Unrecognized access from
> 62.255.196.93:1026\ to UDP port 137
>
> I am a bit confused here and hope you can spare me a few more minutes
> on this
>
> TIA,
> Tom
>
> "David" <davidwnh@adelphia.net> wrote in message
news:<4yUC9.47231$6g.7866747@news1.news.adelphia.net>...
> > Tom,
> > Is this router configured by default to allow all outgoing or to block
all
> > outgoing?
> > As to incoming it is often best to keep them all closed by the default
and
> > them open them if you have applications that need them.
> > You will almost certainly need to allow outgoing traffic on the four
ports
> > that Bob mentioned. That will get you going with the most common uses
> > atleast. Also open 443 outgoing since that will give you secure web
pages.
> >
> > I'm not familiar with your particular router but does it have a logging
> > capability , and if so does it log your outgoing blocked and/or allowed
> > traffic and with or without an entry that shows the destination port?

Relevant Pages

  • Re: Port blocking
    ... His router does NAT I would assume. ... they allow all outbound connections by default as well. ... > By blocking all outbound ports except what is explicitly needed (for ...
    (comp.security.firewalls)
  • Re: Router/Firewall Port Mapping Question
    ... >> I guess I'll disconnect from the router and do a direct connect to the ... >> used on the outbound by the computer each time the machine connects. ... >some kind of selecting of the random outbound ports too. ... >So what I must be seeing in the router logs for the local port used on ...
    (comp.security.firewalls)
  • Re: Do I still need a software firewall?
    ... > are using outbound as well as inbound packet filters. ... and incoming and outgoing traffic of each machine behind the ... > using only a standard cable/dsl router it is advantageous to add ... > something which allows for some degree of outbound filtering. ...
    (comp.security.firewalls)
  • Re: NAT is not a mechanism for securing a network.. but.. HELP!
    ... > I mean if you have set up NO port redirection on your router how can ... > ports were closed as well! ... phones-home for instructions - your NAT router, ... block those outbound either. ...
    (comp.security.firewalls)
  • Re: Port 113 is closed
    ... >>How is it that you blocked ports that were already closed by default ... It's not a bad idea I do it myself on the appliance that I use, ... also stop traffic outbound on those ports, which are being used for Windows ... Networking in a LAN situation behind the router and the ports should not ...
    (comp.security.firewalls)