Re: risks of using a router instead of a firewall

From: Duane Arnold (
Date: 09/14/05

Date: Wed, 14 Sep 2005 19:16:59 GMT

louise <> wrote in

> In article <Xns96D0E04B9AD7Enotmenotmecom@>,
> says...
>> "Doug Fox" <> wrote in news:StadnVonYJZUHrreRVn-
>> > Dear List;
>> >
>> > I have installed a D-Link broadband DI-601 router for Internet
>> > access.
>> >
>> > I scanned the router using nmap, nessus, and superscan. They could
>> > not identify any open ports. In addition, according to D-Link, all
>> > D-Link routers block all incoming ports.
>> >
>> > In this scenario, is my network safe from DoS, DDoS, Buffer
>> > Overflow, teardrop, IP spoofing, etc. attacks.
>> >
>> > Any comments/suggestions are appreciated.
>> The link above talks about basic secuirty using a NAT router for the
>> average home user.
>> Does the router have SPI?
>> Does the router have logging so you can see trffic to/from the router
>> with a log viwer?
>> As long as you don't do high risk things like port forwarding and
>> pactice safehex, you should be OK. The router is good first line of
>> defense.
>> Duane :)
> How does one know if ones router has SP1? I have a Linksys BEFSR41
> version 2 and it is a couple of years old by now.

One goes to the product's Website and looks at the document specs for the
router at My encounter with the Linksys router products,
on the Admin screens there is a setting to enable or disable SPI at least
on my BEFW11S4 v1 router I use to have. Thy removed SPI from the 11S4
routers. Also, in the product documentation and advertisement of the
features, most manufactures for such routers clearly indicate that the
router has SPI. If you went to the Linksys site and looked at the product
data sheet for WRT54G, you'll see the mentioning of SPI.

> Also, wallwatcher looks very interesting. Since I run both the
> router and Sygate, will the wallwatcher logs show me things that
> are blocked by the router and that, therefore, Sygate never knows
> about?

That's correct the router is blocking unsolicited inbound traffic that
will never reach the computer so Sygate will never know about it. In
addition to that, Wallwatcher will also show all outbound traffic from
LAN IP(s) behind the router to remote Internet IP(s) since malware can
circumvent and defeat any personal FW solution you'll be able to see that
possible outbound traffic.

> you know how much of a drain wallwatcher puts on the
> system?

It doesn't put any drain on the computer and happily sits in the job trey
and collects the syslog data that's being broadcasted to it from the
router. You should review the traffic to/from the router.

Duane :)


Relevant Pages

  • Re: Wallwatcher problem
    ... I installed WallWatcher and chose the Linksys BEF ... > series as my router. ... You have to tell Sygate to accept traffic on UDP Port 514 is where the ...
  • Re: firewall trouble?
    ... router does not do SPI, ... Another part of the manual has this: "To use the firewall (SPI), ... to one of my private machines from accross the internet, ...
  • Re: NAT vs Firewall
    ... SPI will help in logging, email alerts and stopping hacker attempts. ... Your NAT router might do this already as it may have other coding to see spoof, ... Firewall Type ...
  • Re: Microsoft FTP and Linksys BEFSR41 (okay, Kerio 2.1.5 also)
    ... really block wan requests (it squelches router replies) people should look ... twice at what linksys means by "SPI". ... track of in the NAT table and if so which ones? ...
  • Re: NAT and Keep State IP Rule
    ... > I am starting to understand NAT and IP rules but I am still puzzled ... SPI was a feature of the firmware for the Linksys BEFW11S4 routers and had ... machine on port 80. ... IP/machine on the router. ...