Re: Linksys WRT54G and Firewall software

Leythos wrote:
On Mon, 26 Mar 2007 02:46:22 +0000, Maximum Dog9 wrote:
The XP FW/packet filter is doing the same thing as any other PFW or personal packet filter. That is to stop unsolicited inbound traffic from reaching the machine.

Not technically correct - they actually reach the machine and if there was
an exploit path it would get through.

The NAT router (a typical SOHO unit) would never let the packet make it to
the computer in the first place. Exploits at the machine would not be
reached by "unsolicited" connections.

Yes. Therefore all the malware has to do is to "open" the port on the
router. An unconfigured router with default password is an easy target.
You could even run a quick dictionary attack if you wanted as the router
won't bother repeated attempts to access the configuration interface
from the LAN.

But even if it cannot access the management interface, the router may be
configured for UPnP by default. Makes it easy to open the port.

The WRT is so popular there is even customized hacker firmware available
which gives you full control of the router and the internet connection
while the average user behind the router won't even notice as everything
so far works normal...

And if there is nothing else, simply open the port by sending frequent
UDP packets out. This allows you "unsolicited" incoming traffic through UDP.

But anyway, it still does not explain why my laptop with XP SP2 FW with
no exceptions connected to a public hotspot is any more vulnerable than
while it is connected behind a NAT router with or without the SP2 FW.

Gerald



.

Relevant Pages

  • Re: UPNP/SSDP
    ... otherwise it's just a glorified packet filter with a set of rules. ... neither a NAT nor a router are referred to as packet filters. ... a NAT router for broadband internet does not do this, ... router to route traffic b/w two or more private networks and the internet. ...
    (microsoft.public.windowsxp.general)
  • Re: Nmap questions concering my router
    ... has only one interface, ... as having a chunk of space in the computer much like a hotel room. ... >is) directly connected to my router, which i dont set up a NAT yet. ... Which IP address is the packet addressed to? ...
    (comp.security.firewalls)
  • Re: IIS5 Passive FTP Networking problem (long)
    ... or do away with the router entirely (and the hardware based ... > had the ability to run an FTP server behind it without changing the IP ... The NAT changes the PASV response ... translate the address fields of a packet. ...
    (microsoft.public.inetserver.iis.security)
  • Re: MSS on router, why?
    ... The proper way to describe the ICMP packet which is supposed to be ... returned by a router which cannot forward the IP packet which is too ... Because ICMP was defined before Path MTU Discovery (1981 and 1990 ... fragmentation and try to use path MTU discovery, ...
    (comp.dcom.sys.cisco)
  • Re: Nmap questions concering my router
    ... Ah, but the packet is being sent to an application running on the router, ... not the web server on your LAN. ... we separate LAN from LAN as well as ...
    (comp.security.firewalls)