Am i safe behind a router?
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Am i safe behind a router?

  1. #1
    Member
    Join Date
    Apr 2004
    Posts
    39

    Am i safe behind a router?

    Is it still completely necessary to run a firewall if i am behind a router. If not what kinds of attacks would hackers use against my computer. I have no ports forwarded. This is what i get when i nmap it:

    Interesting ports on (192.168.1.1):
    (The 1600 ports scanned but not shown below are in state: closed)
    Port State Service
    80/tcp open http
    Remote operating system guess: Linksys BEFW11S4 802.11B WAP
    Nmap run completed -- 1 IP address (1 host up) scanned in 10 seconds. I also nmaped my own ip adress (12.216.etc) and got the same result.
    Even if your plane crashed tonight you\'d find some way to disappoint by not burning in the wreckage or drowning at the bottom of the sea

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    If you got a webserver running, it would definitely benefit to have a firewall to help protect that to stay up.
    Space For Rent.. =]

  3. #3
    I would put up a firewall to make it harder to do a remote OS guess. That way when new exploits are released it is harder for people to see if your behind a vulnerable router.

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by wyred
    I would put up a firewall to make it harder to do a remote OS guess. That way when new exploits are released it is harder for people to see if your behind a vulnerable router.
    Hey Hey,

    He's talking about a software firewall, which would be running behind the router and would not affect remote OS guesses against the router.

    new_b_l33t: interesting name.... you may want to reregister with a better nick, a lot of people around here will never take you seriously with a name like that.

    As for your question.... How well do you trust the other people behind the router? Are there other PCs? What if one of them is infected with a worm and it spreads to your PC because you are both behind the router. Is it necessary to protect yourself from those on the internet? No. Using a software firewall is going to be useless, unless you are using it to block certain IP addresses. Do you trust that your machines are up to date? These are the questions you should be asking yourself. Guide yourself based on your answers to those? We can't tell you what you need because we don't know how well you work with your PC. However unless you are blocking on a per host basis.. or you don't trust the other PCs behind your router there's really no need for a firewall.

    Do I personally do it? Yes I do.. only because I don't trust the other people behind my router.. well I guess I trust them.. I just don't trust their computer illiteracy.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Newb.... Old son.... You scanned your router from the inside.... Default address of the router is 192.168.1.1 and it only has the management port open, (HTTP). It's really a bit of a waste of time scanning a router/firewall from the inside.... It's designed to work against outside "forces".

    If you scan it from the outside it will show all ports filtered. Your Linksys is a router/firewall insofar as it only passes SYN packets from the public network to an internal device if you tell it to, (port forwarding). Other than that it drops them. So, in it's most basic form it's a firewall too.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Member
    Join Date
    Apr 2004
    Posts
    39
    Tiger shark:

    Yes scanning 192.168.1.1 is scanning from the inside, but scanning 12.216.171 should bouce my request from my isp's router back to mine, meaning from the outside. Correct?
    Even if your plane crashed tonight you\'d find some way to disappoint by not burning in the wreckage or drowning at the bottom of the sea

  7. #7
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    I don't have my computers firewalled behind my router. Basically because I got lazy and didn't feel like setting up tons of extra rules. Unless you have something crazy valuable to protect (like a T1 connection), I really wouldn't worry about it. No one is going to go out of their way to bust into a home network past a hardware firewall. If you want more assurance, set up an IDS on one of your boxes and send the logs from your linksys to a recieveing computer ( I use a program called wall watcher that does the job amazingly well and logs like a dream). Anyways, run that for however you want. I performed this test for over a month and didn't gets so much as a ping on any of my local computers.

    By the way, I used Snort to do this, you might want to just try blackice for its free period.

    Just make sure that your router is set up properly and for gods sake make sure that you don't have Remote Access for the router on. If you need help or want help doing any of the above, pm me or just post here.
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  8. #8
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Originally posted here by new_b_l33t
    Yes scanning 192.168.1.1 is scanning from the inside, but scanning 12.216.171 should bouce my request from my isp's router back to mine, meaning from the outside. Correct?
    well not usualy..

    your best guess would be to get someone else (you trust) to scan you from the outside (their own connection)

    that is the only way to be sure..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  9. #9
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Just checking:
    are u using which O.S? Windows? Linux?
    if it is a Windows XP u can activate Windows built in firewall. not easy to use but can harder ur security
    Linux: iptables is just nice to do that. Look for "IPTABLES TUTORIALS" at google and u will find a ton of them. with a 5 line script u can establish a nice perimeter security
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Eeekkk....

    but scanning 12.216.171 should bouce my request from my isp's router back to mine
    Nope....

    Your router has two addresses the LAN, (local) on 192.168.1.1 and a WAN, (public), xxx.xxx.xxx.xxx. A packet destined for the WAN address from the local network will not pass through the router, it doesn't need to since it really reached the device at the LAN port. The device will recognize at the LAN port that the packet has reached it's destination and report back from there hence you see the HTTP management port open.

    As jinxy said, get someone you trust at a remote location to scan the WAN address - the HTTP server should go away - if it doesn't then you have remote management turned on.... That is considered a bad thing......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •