Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Firewalls and routers

  1. #1
    Senior Member
    Join Date
    May 2002
    Posts
    256

    Question Firewalls and routers

    Quick question in hopes of a quick answer....

    I have a router with a NAT firewall built in connected to a cable modem. I installed some firewall programs to monitor who exactly is trying to make an attempt in connecting to my box. The router (netgear) does a poor job of logging info like that. Each firewall I tested works fine in telling me what program tried to connect to the outside world, but non really spoke of anyone trying to send an attack. I looked at the port as to see which IP was being monitored, and it was the 192.xxx. IP, not my 68.xxx.xxx IP...

    Any suggestions on how to log the attacks (if any) on my actual IP and not the local IP will be greatly appreciated. Thanks guys n gals.

    Sorry if this was already posted.
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I looked at the port as to see which IP was being monitored, and it was the 192.xxx. IP, not my 68.xxx.xxx IP...
    You looked at the logs of a program running on your PC?

    They won't show the attacks against your router, because you are not using that PC as the gateway/firewall/router. Only the router logs will show you.

    If you are unhappy with the logs of your router, look into another solution.

    You can create your own firewall/router/IDS out of an old box that will give you WAY better logs and control than your netgear router.

    look into something like

    ipcop
    smoothwall

    or build your own.

    Other than that... look into a different type of router.

    I use a cisco router and send all my logs to a syslog server on my network.
    They can be a bit of a pain to review... but ah well. Works fine for me.

    Another thing you could do (but would kind of defeat the purpose of the NAT firewall...) is to forwared all incoming ports to the PC that you want to use as your firewall box.
    This would send all incoming traffic to the box that you have the various different firewall apps on and you would then see the attacks. However, if I were you... I would NOT do this.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407

    Re: Firewalls and routers

    Originally posted here by wildred
    Each firewall I tested works fine in telling me what program tried to connect to the outside world, but non really spoke of anyone trying to send an attack. I looked at the port as to see which IP was being monitored, and it was the 192.xxx. IP, not my 68.xxx.xxx IP...
    This is actually because your router's firewall is doing its job. If you were to see attacks on your software firewall installed behind the router, that would mean they are getting past the router's firewall which is not good, and a good reason to have a software firewall on the PC. So if you want to have good logging, see phishphreeks post, he explained it pretty well. Also, I used to think my router didn't log at all, but after poking around a bit in the web config, I found that it did. So you may want to poke around a bit more before thinking that it's not logging as it should be.

    As for the IP's, that's because the IP's behind the router are local IP's assigned by the router, which are the 192.168.xxx.xxx, among others. Your router receives all traffic sent to your outside IP (68.xxx.xxx.xxx) and gets it to the correct local IP.

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Hi,
    What netgear router have you got? I have a netgear DG834 and if i enable all the logging options and have it email me i get more info than i have time to read.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    Senior Member
    Join Date
    May 2002
    Posts
    256
    Thanks for the input. I was basically trying to find out what things my router was letting come in, if any.

    As for the router number, I have the MR814v2, which just happens to be the newest router I have purchased. And I do appoligize, I have yet to play with this one to see what logging it can do. I forgot that I had purchased this one not too long ago (about 2 weeks) and that I neglected to play with its settings. I now have some homework to do with this router. Thanks a bunch.
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  6. #6
    Senior Member
    Join Date
    May 2002
    Posts
    256
    Just an update, I have found the logging features on this router, however, it appears that the only thing it logs is websites that have been visited, which doesn't really do any good. Any way to test it out? I visited GRC and did the test there...no results on logs.
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    From the user manual:

    A Powerful, True Firewall with Content FilteringUnlike simple Internet sharing NAT routers, the MR814v2 is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include:•Denial of Service (DoS) protection.Automatically detects and thwarts DoS attacks such as Ping of Death, SYN Flood, LAND Attack, and IP Spoofing.•Blocks unwanted traffic from the Internet to your LAN.•Blocks access from your LAN to Internet locations or services that you specify as off-limits.•Logs security incidents.The MR814v2 will log security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the router to email the log to you at specified intervals. You can also configure the router to send immediate alert messages to your email address or email pager whenever a significant event occurs.• With its content filtering feature, the MR814v2 prevents objectionable content from reaching your PCs. The router allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the router to log and report attempts to access objectionable Internet sites.

    http://www.netgear.fr/support/downlo...al_MR814v2.pdf

    Please refer to the manual to figure out how to configure it properly to do the above...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Senior Member
    Join Date
    May 2002
    Posts
    256
    Figures the France portion has the directions lol
    Thanks for the headsup...Ill give it a try to see how to do the above
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  9. #9
    Senior Member
    Join Date
    May 2002
    Posts
    256
    Read the manual phishphreek80, still did not see any mention of how to view the DOS attacks etc. Only found how to view the logs of websites visited. Saw that it mentioned you CAN view the DOS stuff, but no where to be found on that document as to how to do it.
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  10. #10
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Originally posted here by wildred
    Read the manual phishphreek80, still did not see any mention of how to view the DOS attacks etc. Only found how to view the logs of websites visited. Saw that it mentioned you CAN view the DOS stuff, but no where to be found on that document as to how to do it.
    Oh... I didn't dig through it too much. Just saw that little blurb.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •