Am i safe behind a router?

[new_b_l33t]

Is it still completely necessary to run a firewall if i am behind a router. If not what kinds of attacks would hackers use against my computer. I have no ports forwarded. This is what i get when i nmap it:

Interesting ports on (192.168.1.1):
(The 1600 ports scanned but not shown below are in state: closed)
Port State Service
80/tcp open http
Remote operating system guess: Linksys BEFW11S4 802.11B WAP
Nmap run completed -- 1 IP address (1 host up) scanned in 10 seconds. I also nmaped my own ip adress (12.216.etc) and got the same result.

[Spyder32]

If you got a webserver running, it would definitely benefit to have a firewall to help protect that to stay up.

[wyred]

I would put up a firewall to make it harder to do a remote OS guess. That way when new exploits are released it is harder for people to see if your behind a vulnerable router.

[HTRegz]

Originally posted here by wyred
I would put up a firewall to make it harder to do a remote OS guess. That way when new exploits are released it is harder for people to see if your behind a vulnerable router.

Hey Hey,

He's talking about a software firewall, which would be running behind the router and would not affect remote OS guesses against the router.

new_b_l33t: interesting name.... you may want to reregister with a better nick, a lot of people around here will never take you seriously with a name like that.

As for your question.... How well do you trust the other people behind the router? Are there other PCs? What if one of them is infected with a worm and it spreads to your PC because you are both behind the router. Is it necessary to protect yourself from those on the internet? No. Using a software firewall is going to be useless, unless you are using it to block certain IP addresses. Do you trust that your machines are up to date? These are the questions you should be asking yourself. Guide yourself based on your answers to those? We can't tell you what you need because we don't know how well you work with your PC. However unless you are blocking on a per host basis.. or you don't trust the other PCs behind your router there's really no need for a firewall.

Do I personally do it? Yes I do.. only because I don't trust the other people behind my router.. well I guess I trust them.. I just don't trust their computer illiteracy.

Peace,
HT

[Tiger Shark]

Newb.... Old son.... You scanned your router from the inside.... Default address of the router is 192.168.1.1 and it only has the management port open, (HTTP). It's really a bit of a waste of time scanning a router/firewall from the inside.... It's designed to work against outside "forces".

If you scan it from the outside it will show all ports filtered. Your Linksys is a router/firewall insofar as it only passes SYN packets from the public network to an internal device if you tell it to, (port forwarding). Other than that it drops them. So, in it's most basic form it's a firewall too.

[new_b_l33t]

Tiger shark:

Yes scanning 192.168.1.1 is scanning from the inside, but scanning 12.216.171 should bouce my request from my isp's router back to mine, meaning from the outside. Correct?

[Lansing_Banda]

I don't have my computers firewalled behind my router. Basically because I got lazy and didn't feel like setting up tons of extra rules. Unless you have something crazy valuable to protect (like a T1 connection), I really wouldn't worry about it. No one is going to go out of their way to bust into a home network past a hardware firewall. If you want more assurance, set up an IDS on one of your boxes and send the logs from your linksys to a recieveing computer ( I use a program called wall watcher that does the job amazingly well and logs like a dream). Anyways, run that for however you want. I performed this test for over a month and didn't gets so much as a ping on any of my local computers.

By the way, I used Snort to do this, you might want to just try blackice for its free period.

Just make sure that your router is set up properly and for gods sake make sure that you don't have Remote Access for the router on. If you need help or want help doing any of the above, pm me or just post here.

[the_JinX]

Originally posted here by new_b_l33t
Yes scanning 192.168.1.1 is scanning from the inside, but scanning 12.216.171 should bouce my request from my isp's router back to mine, meaning from the outside. Correct?

well not usualy..

your best guess would be to get someone else (you trust) to scan you from the outside (their own connection)

that is the only way to be sure..

[cacosapo]

Just checking:
are u using which O.S? Windows? Linux?
if it is a Windows XP u can activate Windows built in firewall. not easy to use but can harder ur security
Linux: iptables is just nice to do that. Look for "IPTABLES TUTORIALS" at google and u will find a ton of them. with a 5 line script u can establish a nice perimeter security

[Tiger Shark]

Eeekkk....

but scanning 12.216.171 should bouce my request from my isp's router back to mine

Nope....

Your router has two addresses the LAN, (local) on 192.168.1.1 and a WAN, (public), xxx.xxx.xxx.xxx. A packet destined for the WAN address from the local network will not pass through the router, it doesn't need to since it really reached the device at the LAN port. The device will recognize at the LAN port that the packet has reached it's destination and report back from there hence you see the HTTP management port open.

As jinxy said, get someone you trust at a remote location to scan the WAN address - the HTTP server should go away - if it doesn't then you have remote management turned on.... That is considered a bad thing......