Linksys WRT54G and Firewall software

I don't have to check as I have already experienced an attack coming through a NAT router that Blackice stopped at the machine level, when Linksys removed SPI from the BEFW11s4 router years ago that I used years ago. Prior to that and the router was running with SPI in the firmware, there were no attacks that BI detected.

That's why I went to a FW appliance and dropped the NAT router, because it didn't have SPI and couldn't stop outbound traffic, if need be.

So?

I don't see anything coming from you either, and on top if that, I didn't make the statement.

Because one doesn't know it was a dubious file in the first place. And you take the word *you* out of it, because I don't need or want to do anything.

That's you, the world is not made up of you(s) nor are all public spots the same.

Reply to
Mr. Arnold
Loading thread data ...

You did not make the statement "You can't read and understand English."?

What should come here from me? Someone writes, something is "not enough". I ask what is not enough and what is missing exactly to fix that problem but noone can explain.

So but it is the decision of the user what happens on the computer. There is no inherent law that requires to run an AV or PFW on the a computer connected to a public hotspot. There is no law of nature due to which a computer must have a PFW and AV else it is being infected with malware. It is not "a user would be some kind of fool" but "a fool's a fool". A foolish user may think he needs PFW and AV but that won't make the computer fool-proof. Either the user wants to have a secure computer and is willing to invest the time to learn how to achieve that or he installs a PFW and AV and might think he can remain a fool...

Gerald

Reply to
Gerald Vogt

Several things - and We've gone into this in another thread already.

Reply to
Leythos

Haha. The usual answer. Look somewhere else. The list cannot be too long to briefly post here. If it is too long, you could simply post the message id of the elaborate answer in that other thread...

BTW, do you actually know that nowhere.com is a normal internet domain which is in use? Don't you think the owner of nowhere.com could become a little bit annoyed if someone else simply uses his domain? Sends usenet posts with an email address from his domain? Generating a lot of spam traffic on his domain? Ever thought about this?

Either get a random free e-mail address at some of the free mailers like yahoo or hotmail or use a domain domain which is reserved for those purposes as mentioned in RFC 2606: TLD .invalid or second level example.{com,net,org}.

Gerald

Reply to
Gerald Vogt

I see, since you can't understand NAT Routers or how they are different than the XP Firewall, you decide to divert from the subject.

B.Nice has already had this discussion with me, Usenet has a long history in case you didn't know that, and the threads can be searched on google.

Reply to
Leythos

???? You are sick, man! You are using a sender address in an existing domain of somebody else! Don't you get it? That's not to divert from the subject. That's a fact! How can you be so ignorant not to change your sender address to something unused as I have pointed out with RFC 2606? You are knowingly generate spam traffic to e-mail addresses in other people's domains!! If you have any decency or know anything about usenet rules you would change that.

Yes. I know the Usenet very well. Probably longer than you. From times even before there was dejanews. But I am not a mind reader thus I cannot tell which thread you are talking about. There are 47504 threads in groups google. You have been using this sender address for quite a while. Not knowing what thread you have in mind I cannot really enter any search words except maybe "enough" or "firewall" or what?

Gerald

Reply to
Gerald Vogt

This is boring, as you keep asking the same question. No matter what anyone else may indicate, your mind can't see past it and it's set.

It's a moot point in the first place, and I'll leave it at that.

I'll make it simple for you, get rid of the XP FW. That's it. It can't get anymore simpler than that.

I suggest that you talk to someone who is doing that, not me, because I am not doing it.

Reply to
Maximum Dog9

That's why you configure the router to use a strong named user-id and password, which is no different from doing the same with an O/S that uses a userid and psw to logon.

Then you disable UPnP.

That's with any 3rd party software that someone has installed on a device.

But the computer has to be compromised. It seems to me that it would come past the XP FW as well if it were running behind the router, since it can't stop outbound packets either.

Any software that runs with the O/S is vulnerable to attack just like the O/S can be attacked.

On the other hand, a NAT router has a lower attack vector, since the firmware is not running on the computer with the O/S.

Reply to
Maximum Dog9

Technically you're correct that the O/S and the packet filter are running on the computer, with the packet filter blocking packets that have reached the machine.

I agree for the most part.

Reply to
Maximum Dog9

Yeah, I made the statement in regards to your mis-interpretation that was being stated, by another poster.

4) If you use your laptop on OTHER networks you really need to learn how to check the Windows TCP/IP Settings, disable File/Printer sharing when you are not home, and how to adjust/check the Windows XP SP2 non-firewall settings for "Exceptions".

Again contradictory to 3): if you think you need something else than the XP SP2 firewall in other networks and you are running a other brand "non-firewall" software then the recommendation should be to check that the XP SP2 firewall is turned off and the 3rd party "non-firewall" is on. Two or more firewalls running on a computer result on average in less security then a single one as it is unpredicted what actually is blocked and what not and by which firewall which will jeopardize the consistency of and state table in any firewall (as they are generally

It's called common sense.

Yes, for the average job blow user, again, it's the nature of common sense.

A fool is a fool is a fool. So what?

No one said it did.

No one's hand can be held and life is cheap and then you die. I suggest you worry about your little world, because there is nothing you can do about someone else's little world.

Reply to
Mr. Arnold

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.