Re: Linksys WRT54G and Firewall software



Gerald Vogt wrote:
Mr. Arnold wrote:

Plus: it is in the nature of NAT that there is a lot of guessing involved which ports to open and which not. The router must let response packets in and must figure out where to send it. Thus, if you use a packet sniffer or use some logging functions on the computer you'll see that some unsolicited packets occassionally get through.


Not with any router that's running SPI.


Check again.

I don't have to check as I have already experienced an attack coming through a NAT router that Blackice stopped at the machine level, when Linksys removed SPI from the BEFW11s4 router years ago that I used years ago. Prior to that and the router was running with SPI in the firmware, there were no attacks that BI detected.

That's why I went to a FW appliance and dropped the NAT router, because it didn't have SPI and couldn't stop outbound traffic, if need be.



but, as the OP mentions wireless, well, you can't NAT a wireless
connection - what I mean is that the wireless connection is from the
router to the laptop, there is no intermediate NAT between the wireless
and the laptop - so, anything that makes it to the wireless also makes it
to the laptop unless it's got some form of localized firewall.



That does not explain why the computer would need another (different) firewall from the XP SP2 FW when it is connected to other networks.


You have not explained why the XP FW it's better. XP's FW may be on par with a NAT router that's running SPI.


The XP SP2 FW is SPI, too.

So?


Well you wrote: "The windows non-firewall included in XP SP2 will be more than enough, but, if you take your laptop to other networks school, work, friends) it won't be enough in most cases.". If it is not a 3rd party firmware then what else do you need? You don't explain it. I have guess you have thought of a 3rd party firmware. If it is not, then you really have to explain what would fill the "not enough" if the computer is in other networks.


You can't read and understand English.


Even that you cannot explain.

I don't see anything coming from you either, and on top if that, I didn't make the statement.

And what should I donwload via FTP for which I need an antivirus? Can you be more specific?


An infected or dubious file can be downloaded from a FTP site. Do you think it cannot happen?


But why do you want to download the dubious file in the first place?

Because one doesn't know it was a dubious file in the first place. And you take the word *you* out of it, because I don't need or want to do anything.


For a machine that has a direct connection to the modem and to the Internet, a user would be some kind of fool not to run what an AV and some kind of PFW/personal packet filter or XP's FW/personal packet filter, if using the XP O/S or some other MS NT based O/S.


I connect my laptop with XP SP2 FW with no exception to public hotspots.
Nothing is happending. I did that before when I still had PFW and AV on
it. None of them ever reported anything relevant for a couple of years.
All they did well was slowing down the computer.

That's you, the world is not made up of you(s) nor are all public spots the same.
.



Relevant Pages

  • Re: UPNP/SSDP
    ... otherwise it's just a glorified packet filter with a set of rules. ... neither a NAT nor a router are referred to as packet filters. ... a NAT router for broadband internet does not do this, ... router to route traffic b/w two or more private networks and the internet. ...
    (microsoft.public.windowsxp.general)
  • Re: Nmap questions concering my router
    ... has only one interface, ... as having a chunk of space in the computer much like a hotel room. ... >is) directly connected to my router, which i dont set up a NAT yet. ... Which IP address is the packet addressed to? ...
    (comp.security.firewalls)
  • Re: IIS5 Passive FTP Networking problem (long)
    ... or do away with the router entirely (and the hardware based ... > had the ability to run an FTP server behind it without changing the IP ... The NAT changes the PASV response ... translate the address fields of a packet. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Duane Arnold re: SPI
    ... > router's NAT, which has the ability to drop them. ... The NAT takes the packet that was sent to ... the router the packet belongs too. ... have SPI that didn't work and has been completely removed from the firmware. ...
    (comp.security.firewalls)
  • Re: MSS on router, why?
    ... The proper way to describe the ICMP packet which is supposed to be ... returned by a router which cannot forward the IP packet which is too ... Because ICMP was defined before Path MTU Discovery (1981 and 1990 ... fragmentation and try to use path MTU discovery, ...
    (comp.dcom.sys.cisco)