Re: risks of using a router instead of a firewall
From: Duane Arnold (notme_at_notme.com)
Date: Wed, 14 Sep 2005 19:16:59 GMT
louise <firstname.lastname@example.org> wrote in
> In article <Xns96D0E04B9AD7Enotmenotmecom@188.8.131.52>,
> email@example.com says...
>> "Doug Fox" <firstname.lastname@example.org> wrote in news:StadnVonYJZUHrreRVn-
>> > Dear List;
>> > I have installed a D-Link broadband DI-601 router for Internet
>> > access.
>> > I scanned the router using nmap, nessus, and superscan. They could
>> > not identify any open ports. In addition, according to D-Link, all
>> > D-Link routers block all incoming ports.
>> > In this scenario, is my network safe from DoS, DDoS, Buffer
>> > Overflow, teardrop, IP spoofing, etc. attacks.
>> > Any comments/suggestions are appreciated.
>> The link above talks about basic secuirty using a NAT router for the
>> average home user.
>> Does the router have SPI?
>> Does the router have logging so you can see trffic to/from the router
>> with a log viwer?
>> As long as you don't do high risk things like port forwarding and
>> pactice safehex, you should be OK. The router is good first line of
>> Duane :)
> How does one know if ones router has SP1? I have a Linksys BEFSR41
> version 2 and it is a couple of years old by now.
One goes to the product's Website and looks at the document specs for the
router at www.linksys.com. My encounter with the Linksys router products,
on the Admin screens there is a setting to enable or disable SPI at least
on my BEFW11S4 v1 router I use to have. Thy removed SPI from the 11S4
routers. Also, in the product documentation and advertisement of the
features, most manufactures for such routers clearly indicate that the
router has SPI. If you went to the Linksys site and looked at the product
data sheet for WRT54G, you'll see the mentioning of SPI.
> Also, wallwatcher looks very interesting. Since I run both the
> router and Sygate, will the wallwatcher logs show me things that
> are blocked by the router and that, therefore, Sygate never knows
That's correct the router is blocking unsolicited inbound traffic that
will never reach the computer so Sygate will never know about it. In
addition to that, Wallwatcher will also show all outbound traffic from
LAN IP(s) behind the router to remote Internet IP(s) since malware can
circumvent and defeat any personal FW solution you'll be able to see that
possible outbound traffic.
> And...do you know how much of a drain wallwatcher puts on the
It doesn't put any drain on the computer and happily sits in the job trey
and collects the syslog data that's being broadcasted to it from the
router. You should review the traffic to/from the router.