Re: Stateful packet inspection for home users
From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 09/08/03
- Next message: Jess: "Re: Personal firewall with no user-interaction"
- Previous message: Nomad: "Re: Question on Norton Firewall Subscription Updates"
- In reply to: Duane Arnold: "Re: Stateful packet inspection for home users"
- Next in thread: Bill Robins: "Re: Stateful packet inspection for home users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 08 Sep 2003 13:03:40 GMT
On Mon, 08 Sep 2003 03:52:46 GMT, Duane Arnold spoketh
>
>For the most part, a NAT router without SPI will stop most casual attacks
>from unsolicited inbound traffic. But for a more determined attack that
>has come pasted my Linksys BEFW11S4 NAT router aimed at SQL Server on my
>machines, the router was useless, as the attacks came through the router
>like a hot knife through butter on the wired and wireless sides of the
>router. The statefulness and the IDS/FW of BlackIce stopped the attacks.
>
Wait a minute. Are you saying that the SQLSlammer probes went through
your Linksys router without you having forwarded those ports anywhere?
Can you actually document this with any type of logs?
During the time I had my Linksys router, it allowed absolutely nothing
pass from the WAN to the LAN side unless I had specifically allowed it.
And, since I do allow some traffic in (web server & mail server), I
never enabled SPI, even when it was available.
Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
- Next message: Jess: "Re: Personal firewall with no user-interaction"
- Previous message: Nomad: "Re: Question on Norton Firewall Subscription Updates"
- In reply to: Duane Arnold: "Re: Stateful packet inspection for home users"
- Next in thread: Bill Robins: "Re: Stateful packet inspection for home users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
