Re: Looking for firewall that logs port scans
From: Duane Arnold (notme_at_notme.com)
Date: 01/30/04
- Next message: foldface_at_yahoo.co.uk: "Re: norton firewall and home network, leaktest"
- Previous message: Nig: "Re: New release of Blackice 3.6.ccb"
- In reply to: Carson Saunders: "Looking for firewall that logs port scans"
- Next in thread: zenner: "Re: Looking for firewall that logs port scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jan 2004 13:28:41 GMT
Carson Saunders <carson_saunders_NOSPAM@yahoo.com> wrote in
news:Xns947FE5B1E54C8carsonsaundersyahooc@68.1.17.6:
> I'm new to this group so I'll try to present my case as best as I can.
> I have a small home network (server and 2 client machines). I
> recently bought an SMC 2804 WBR but after a week of use I found that
> the log only logs attempts to hack into the network, not simple port
> scans. Is this normal for small home office routers? If it isn't,
> then Im looking for a suitable alternative to the SMC. I know all
> this log info may not be neccessary, but I'm one of those people that
> really want to know.
Why should you be even concerned about what's happening at the router's
wall? The router is knocking it down. What you should be concerned about
is what is incoming traffic from a remote IP going through the router
that's making it to a machine and what traffic is leaving a machine going
out through the router to a remote IP. The router logs should be telling
you that.
> Essentially I'm looking for a wireless
> firewall/router for less than $100 to replace the SMC.
Why? You already have one.
No router in the category you're looking at has a FW and you're lucky if
you get SPI on it.
http://www.homenethelp.com/web/explain/about-NAT.asp
What you should be looking at is protecting the wireless side of the
network, if you're using the wireless side of the router.
1) using a sophisticated SSID and change it from time to time.
2) limit the number DHCP IP(s) that can be issued by the router to the
number of machines that will be connected to the router. This helps to
prevent hijacking of an IP by someone trying to use your wireless
network, since one of you machines would not be able to get an IP -- a
*clue*. It's not 100% because someone could just as easily use one of the
router's static IP(s) as well. So review the DHCP table and/or router
logs.
3) You MAC filtering on the wireless side of the router to prevent other
wireless NIC(s) and their MAC from connecting to your wireless network,
if the router has the feature.
4) change the router's default user ID and password from the factory
defaults. Everyone else in the world knows the defaults.
http://www.firewall-software.com/firewall_faqs/what_does_firewall_do.html
Since as cheap NAT router doesn't have a FW, you may need a host based FW
on the machine that can stop outbound connections, or you may want to
implement IPsec that's on the Win2K and XP O/S(s).
http://www.analogx.com/contents/articles/ipsec.htm
And there are help topic on the O/S for IPsec, along with other articles
out there on Google on the howto(s).
You can go to the O/S and *harden* it from attack, if you have an NT
based O/S.
http://www.uksecurityonline.com/index5.php
> Maybe Im
> hoping for too much and Im sure that regulars to this group get sick
> of people asking for recomendations, but I'll ask anyway. Does anyone
> have any suggestions?
You want a FW appliance that has all the bells and whistles then fork-up
the cash. The old saying is you get what you pay for. <g>
Currently, I am using a cheap Linksys wireless router. <g>
Duane :)
- Next message: foldface_at_yahoo.co.uk: "Re: norton firewall and home network, leaktest"
- Previous message: Nig: "Re: New release of Blackice 3.6.ccb"
- In reply to: Carson Saunders: "Looking for firewall that logs port scans"
- Next in thread: zenner: "Re: Looking for firewall that logs port scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
