Re: Linksys hardware firewall enough...?

From: Leythos (void_at_nowhere.org)
Date: 11/09/04


Date: Tue, 09 Nov 2004 13:34:45 GMT

In article <vw3kd.591899$8_6.176448@attbi_s04>, garyd@efn.org.spamsux
says...
> Leythos wrote:
>
> > I gave up on him Lars, he's just not going to learn until he installs a
> > network with one of those NAT systems and it gets compromised.
>
> You're welcome to have at it with the IP address in my NNTP-Posting-Host
> header. *yawn*

I would never consider trying to break into a network that I was not
paid to hack/test.

> Do you people honestly think there would be so many of these devices on
> the market if they were easily compromised? You people really have an
> aversion to reading up on the whole network layer firewall thing. Either
> that or you're all shills being paid to spread FUD in order to encourage
> average home Internet users to spend a pile of money to protect their
> home LANs. http://www.catb.org/~esr/jargon/html/F/FUD.html

Gary, most of us have been doing this for a LONG time. Most of us were
using NAT to segment our networks long before the home/soho routers came
out on the markets. Most of us know that ROUTING is part of NAT and has
nothing to do with firewalls.

I'm not encouraging anyone to spend anything on anything, I'm warning
them that the devices marketed as firewalls, that are only NAT Routers
in reality, are NOT FIREWALLS - they are simple routers with some
additional "firewall like" features.

You don't have to like the idea that security experts don't agree with
you, you don't have to agree with us, but we're never going to accept
your notion that those simple devices are firewalls.

Look at it this way, with your definition, a VLAN capable managed switch
could be a firewall - and it's not even as close as the SOHO units you
keep talking about.

-- 
-- 
spamfree999@rrohio.com
(Remove 999 to reply to me)


Relevant Pages

  • Re: software help needed
    ... That NAT must be used together with firewalls is one of the most ... widespread misconceptions about firewalls there is. ... many 'broadband routers' and because it tend to break things general ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Internet accessible screened subnet - use public orprivate IPs?
    ... >The whole reason NAT was implemented was because of a very finite number of publicly routable IP addresses. ... The first firewalls I built offered NAT (inherent in the design and then later via ... "Proxy transparency" in Gauntlet) because a lot of the early firewall customers ... re-address their network or NAT ...
    (Firewall-Wizards)
  • Re: Misconceptions
    ... >> NAT can be implemented on many routers, but only on stub network (the ... usually a private/office network) routers. ... >> Routers are NOT firewalls. ... >> A NIDS is just that. ...
    (comp.security.firewalls)
  • Re: Linksys hardware firewall enough...?
    ... Most of us know that ROUTING is part of NAT and has ... > nothing to do with firewalls. ... firewall provides routing, NAT, and packet filtering. ... > them that the devices marketed as firewalls, that are only NAT Routers ...
    (comp.security.firewalls)
  • Re: 56k dial up on laptop 802.11G ?
    ... Firewalls can also filter specific types of network traffic. ... Let's knock the NAT out of the box. ...
    (alt.internet.wireless)