Re: risks of using a router instead of a firewall

From: Volker Birk (bumens_at_dingens.org)
Date: 09/14/05


Date: 14 Sep 2005 07:38:51 +0200

Doug Fox <dfox168@hotmail.com> wrote:
> I have installed a D-Link broadband DI-601 router for Internet access.
> I scanned the router using nmap, nessus, and superscan. They could not
> identify any open ports. In addition, according to D-Link, all D-Link
> routers block all incoming ports.
> In this scenario, is my network safe from DoS, DDoS, Buffer Overflow,
> teardrop, IP spoofing, etc. attacks.

Your network is safe then from any attacks, which attack servers/daemons
on your boxes behind that router, if the router does not have any extra
security holes, which open the possibility again to reach the boxes
behind the router (i.e. by attacking the stateful handling of protocols
like FTP).

This has nothing to do with other types of attacks.

Yours,
VB.

-- 
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
                                    Harald Schmidt zum "Weltjugendtag"


Relevant Pages

  • RE: [fw-wiz] Worms, Air Gaps and Responsibility
    ... Multiplatform attacks are due but I personally doubt the router is the ... secondary target of choice, unfortunately my money's on PDAs and cell ... Lots of places don't have time/knowledge for even tactical security. ...
    (Firewall-Wizards)
  • Re: Would a firewall prevent Sasser worm?
    ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ...
    (comp.security.firewalls)
  • Re: Would a firewall prevent Sasser worm?
    ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ...
    (alt.computer.security)
  • Re: Would a firewall prevent Sasser worm?
    ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ...
    (comp.security.misc)
  • Re: Zone Alarm Pro: How to *ALLOW* incoming web access
    ... >> It's the fact that one has a personnel FW trying to protect a machine ... protection of a NAT router, which is going to stop a lot of attacks up ... resources to stop the attacks, which will slow the machine down in doing ... inbound ports, which you'll have to do on port 80. ...
    (comp.security.firewalls)