Results 1 to 7 of 7

Thread: Router/firewall

  1. #1
    Junior Member
    Join Date
    May 2004
    Posts
    11

    Router/firewall

    I have a Linksys Router/Firewall. How can some packets get through if they aren't in response to a request. What value does the firewall function have? It may keep the amateurs out but isn't it the pros we really need to fear? When I do an online port scan the sites always see my real IP and ask me if this is correct. I thought that the NAT (or whatever) function of the router kept me hidden and broadcasted only the routers IP or some proxy type of address. Finally some scanning programs seem to find a few open ports even with routers firewall and Zone Alarm running. One more thing why do so many ports seem open or at least listening....it just seems to be a loosing battle!!! Sorry for all of the questions.

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Uhh, k first off. Firewall's have many function's but it's primary one is to moniter and control the packet's and activity between you or the router and the internet. Second, when you are being "port probed" or portscanned, it will come up what port's you have (unless you moniter your firewall and stop the scan in progress). Why so many port's are open depend's on what services/software/etc you have running on your machine. What else do you need help with?
    Space For Rent.. =]

  3. #3
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Hi Dazedand,

    A few answeres from; not a pro.
    How can some packets get through if they aren't in response to a request
    Your router is continualy sending out requests.

    What value does the firewall function have? It may keep the amateurs out but isn't it the pros we really need to fear
    No it is all the worm activity and scriptkiddy's (not pro's). That you nead protection from. Unless you have a network that will be of interest the afor mentioned will be of more interest to the pro's.

    When I do an online port scan the sites always see my real IP and ask me if this is correct. I thought that the NAT (or whatever) function of the router kept me hidden and broadcasted only the routers IP or some proxy type of address
    The Routers ip address is you true addess, your pc's address is hidden from the outside world by the router. You accsess the internet through the router which acts as your gateway.The address the router is at is asigned by your isp. As the router is Nat,ing your pc's address all the outside world sees is your router and not your pc.

    Finally some scanning programs seem to find a few open ports even with routers firewall and Zone Alarm running. One more thing why do so many ports seem open or at least listening....it just seems to be a loosing battle
    If your router is acting as a firewall, online scans should not see open ports. Your comp on the other hand may have lots of open ports, depending on what aplications you have running. There will always be some ports open otherwise you will not be able to do anything online.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  4. #4
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    There are several ways packets can get into a firewall, especially if its not properly configured. Let me put it like this: 'A firewall CAN be fooled.'

    Some examples are tiny fragments, spoofing, weakness in the firewall itself (exploit), and ofcourse..... the firewalls setup/configuration.

    A properly configured firewall can be very very useful, but then again, a firewall itself is not enough to 'secure' anything. I also love the fact where many people keep saying "oh, my firewall is stealth, now im all l33t and sh1t". People like that usually have no idea what a firewall even is, or what it is about. A firewall is only usefull if its setup correctly. To setup a firewall correctly, some knowledge is needed in networking. In order to be able to block certain types of port scans, you need more than just a firewall... you need something that regonizes a portscan, and then tells the firewall to act apropietely. On your router, if your not running any internet services, i would recomend that you close all ports from the outside, allowing no connections whatsoever from the outside, aswell as letting the router's firewall block (DROP or REJECT (choose your poison)) all incomming packets. If your paranoid, which is not a bad thing to be, even control outgoing packets.

    Cheers
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  5. #5
    Junior Member
    Join Date
    May 2004
    Posts
    11
    Thanks for your comments. This is the situation, some things seem to have changed on my computer (such as a shared file now called target) that has me freaked out! I've disabled all sharing. The setting choice for my 4 protections: router/firewall, IE, Zone Alarm, NAV have to many choice that I don't really understand. My computer seems free of virus/trojan (scanned with NAV and 2 online scanners so if there is a problem it may be from outside.

    When I run a security scan on auditmypc.com it shows 2 IP addresses (after I Click on find my hidden IP). So I still do not see what my router is hiding from the world.

    Where can I go for some detailed help or one-on-one interaction. I find myself pulling my network cable when I do not need to be online!!!!!!

  6. #6
    Junior Member
    Join Date
    May 2004
    Posts
    11
    I have not mentioned that we have a number of computers in our home network and I think one of them may have been attacked at some time. IE quit working then NAV and finally Zone Alarm seemed to disappear! Like a fool I did leave it on for awhile as the printer for the network was on it. That machine is now off and I am going to modify it some and reformat to install XP Pro. It seems to me that total protection or even close to total is a dream. I am thinking of disconnecting my home network from the router except to do quick updates to programs and the security features (which I will leave on to be safe during these on line times). I also plan to install a print server so no one machine will be responsible for printer access. Then I will just connect one machine to the router directly and we will all share it for the internet. This means only one of us will be able to be online at a time....... I guess this kind of defeats the whole purpose of the home network other than I can feel safe restoring file sharing). Or I could keep all important info on one machine and remove it from the network. I have free dialup access available so I could even use dialup for this machine (to do updates only) and never expose it to my home network ever! Maybe this is overkill and someone has some great ideas for me. Thanks for bearing with my ramblings

  7. #7
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Dazedand/very confused.

    Do we have to go round in circles, till we disapear up are own re**ms
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •