Re: Linksys WRT54G and Firewall software

Gerald Vogt wrote:
Leythos wrote:

On Mon, 26 Mar 2007 02:46:22 +0000, Maximum Dog9 wrote:

The XP FW/packet filter is doing the same thing as any other PFW or personal packet filter. That is to stop unsolicited inbound traffic from reaching the machine.


Not technically correct - they actually reach the machine and if there was
an exploit path it would get through.

The NAT router (a typical SOHO unit) would never let the packet make it to
the computer in the first place. Exploits at the machine would not be
reached by "unsolicited" connections.


Yes. Therefore all the malware has to do is to "open" the port on the
router. An unconfigured router with default password is an easy target.
You could even run a quick dictionary attack if you wanted as the router
won't bother repeated attempts to access the configuration interface
from the LAN.

That's why you configure the router to use a strong named user-id and password, which is no different from doing the same with an O/S that uses a userid and psw to logon.


But even if it cannot access the management interface, the router may be
configured for UPnP by default. Makes it easy to open the port.

Then you disable UPnP.

The WRT is so popular there is even customized hacker firmware available
which gives you full control of the router and the internet connection
while the average user behind the router won't even notice as everything
so far works normal...

That's with any 3rd party software that someone has installed on a device.


And if there is nothing else, simply open the port by sending frequent
UDP packets out. This allows you "unsolicited" incoming traffic through UDP.

But the computer has to be compromised. It seems to me that it would come past the XP FW as well if it were running behind the router, since it can't stop outbound packets either.


But anyway, it still does not explain why my laptop with XP SP2 FW with
no exceptions connected to a public hotspot is any more vulnerable than
while it is connected behind a NAT router with or without the SP2 FW.

Any software that runs with the O/S is vulnerable to attack just like the O/S can be attacked.


On the other hand, a NAT router has a lower attack vector, since the firmware is not running on the computer with the O/S.
.

Relevant Pages

  • Re: UPNP/SSDP
    ... otherwise it's just a glorified packet filter with a set of rules. ... neither a NAT nor a router are referred to as packet filters. ... a NAT router for broadband internet does not do this, ... router to route traffic b/w two or more private networks and the internet. ...
    (microsoft.public.windowsxp.general)
  • Re: Nmap questions concering my router
    ... has only one interface, ... as having a chunk of space in the computer much like a hotel room. ... >is) directly connected to my router, which i dont set up a NAT yet. ... Which IP address is the packet addressed to? ...
    (comp.security.firewalls)
  • Re: IIS5 Passive FTP Networking problem (long)
    ... or do away with the router entirely (and the hardware based ... > had the ability to run an FTP server behind it without changing the IP ... The NAT changes the PASV response ... translate the address fields of a packet. ...
    (microsoft.public.inetserver.iis.security)
  • Re: MSS on router, why?
    ... The proper way to describe the ICMP packet which is supposed to be ... returned by a router which cannot forward the IP packet which is too ... Because ICMP was defined before Path MTU Discovery (1981 and 1990 ... fragmentation and try to use path MTU discovery, ...
    (comp.dcom.sys.cisco)
  • Re: Nmap questions concering my router
    ... Ah, but the packet is being sent to an application running on the router, ... not the web server on your LAN. ... we separate LAN from LAN as well as ...
    (comp.security.firewalls)