risks of using a router instead of a firewall

Did you scan from inside or outside?

no

no

no

I can't remember what teardrop is, so I don't know :)

Only if the connection attempt was initiated from the outside.

The blocking at the router protects your internal machine(s) from contact initiated from the outside (a.k.a. the big bad internet) It's an important element of security, but far from the only one.

To respond more directly to the title of the post, whether you need a firewall in addition to the router depends on your needs. My firewall blocks all connection attempts from the inside other than the few expected ones (http, smtp, etc.) in addition to not letting anything in from the outside. But I'm just paranoid.

Reply to
Kenneth
Loading thread data ...

Dear List;

I have installed a D-Link broadband DI-601 router for Internet access.

I scanned the router using nmap, nessus, and superscan. They could not identify any open ports. In addition, according to D-Link, all D-Link routers block all incoming ports.

In this scenario, is my network safe from DoS, DDoS, Buffer Overflow, teardrop, IP spoofing, etc. attacks.

Any comments/suggestions are appreciated.

Thanks,

Reply to
Doug Fox

I could not find DI-601 on the d-link site. Does it come with a wireless connection? If it does, your network could be easily compromised if you don't configure WPA. Since a lot of people have difficulties doing this, it is one of the risks of having a router instead of a firewall.

Reply to
speeder

"Doug Fox" wrote in news:StadnVonYJZUHrreRVn- snipped-for-privacy@rogers.com:

formatting link
The link above talks about basic secuirty using a NAT router for the average home user.

Does the router have SPI?

Does the router have logging so you can see trffic to/from the router with a log viwer?

formatting link
As long as you don't do high risk things like port forwarding and pactice safehex, you should be OK. The router is good first line of defense.

Duane :)

Reply to
Duane Arnold

speeder wrote in news: snipped-for-privacy@4ax.com:

Maybe, it's 604. :)

Duane :)

Reply to
Duane Arnold

Reply to
Doug Fox

Your network is safe then from any attacks, which attack servers/daemons on your boxes behind that router, if the router does not have any extra security holes, which open the possibility again to reach the boxes behind the router (i.e. by attacking the stateful handling of protocols like FTP).

This has nothing to do with other types of attacks.

Yours, VB.

Reply to
Volker Birk

It's a kind of DoS attack, see:

formatting link
Yours, VB.

Reply to
Volker Birk

Your NAT box only protects you from "unsolicited" INBOUND connections. What that means is if you're machine has some malware on it, a program that allows the remote hacker to take control of your PC, that they can take control by having the malware contact them, and they can then do anything they want.

In the case of a firewall, if you were properly setup, the malware, even using HTTP, would not be able to contact the hacker to get instructions (this would be based on not just having a fully open outbound port 80, but based on doing content filtering in the http session).

A NAT box is a very good minimal layer for home users and some small offices, but it's not a firewall, it's just a result of how NAT works.

So, if you want to know if you are protected against all of those things, read the vendors site concerning it.

Reply to
Leythos

Not sure if this is the case for this particular type of router that you are using, but just in case, ensure that you have changed the password for the configuration management for the router from the default one - usually 'admin' or somethink like that. Some routers are known to be configurable from the outside by a remote attacker by trying the default password. With that, the attacker can set up the router however he wants and can attack further.

Sorry that I cannot provide better specifics, but I know that I have read about this in the past and have given my router a new password accordingly.

Martin

Reply to
Martin C

How does one know if ones router has SP1? I have a Linksys BEFSR41 version 2 and it is a couple of years old by now.

Also, wallwatcher looks very interesting. Since I run both the router and Sygate, will the wallwatcher logs show me things that are blocked by the router and that, therefore, Sygate never knows about?

And...do you know how much of a drain wallwatcher puts on the system?

TIA

Louise

Reply to
louise

louise wrote in news: snipped-for-privacy@news-server.nyc.rr.com:

One goes to the product's Website and looks at the document specs for the router at

formatting link
My encounter with the Linksys router products, on the Admin screens there is a setting to enable or disable SPI at least on my BEFW11S4 v1 router I use to have. Thy removed SPI from the 11S4 routers. Also, in the product documentation and advertisement of the features, most manufactures for such routers clearly indicate that the router has SPI. If you went to the Linksys site and looked at the product data sheet for WRT54G, you'll see the mentioning of SPI.

That's correct the router is blocking unsolicited inbound traffic that will never reach the computer so Sygate will never know about it. In addition to that, Wallwatcher will also show all outbound traffic from LAN IP(s) behind the router to remote Internet IP(s) since malware can circumvent and defeat any personal FW solution you'll be able to see that possible outbound traffic.

It doesn't put any drain on the computer and happily sits in the job trey and collects the syslog data that's being broadcasted to it from the router. You should review the traffic to/from the router.

Duane :)

Reply to
Duane Arnold

Thanks for your response.

I checked the Linksys page and they have specs only on the newest version, which is version 4 (mine is version 2). They mention absolutely nothing about SP1.

I then went into my router and went through all the settings. I saw nothing to enable or disable SP1.

BTW, I realize I don't know what SP1 is :-)

Louise

Reply to
louise

Try researching SPI...thats spi in lower case...short for stateful protocol inspection.

Reply to
Wayne

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.