1. Home
  2. Networking Firewalls
  3. Strange problem with software or hardware router..

Strange problem with software or hardware router..

Hi all

I have narrowed down a strange phenomenon I get between my Win2k computer network, router and NIS (Norton internet security) 2003. All PC's in the network have Win2k, SP5 IE6 SP1, and NIS 2003 with all of the updates. L2TP Cable internet is through 3Com wireless Officeconnect 3CRWE554G72T router.

The problem is this: every few hours, one of the computers (any one, not a particular one) will have a partial failure of internet service- I can't browse the web but email, skype and FTP still work. After a

10-30 minutes the problem rights itself. The other computers in the network don't usually experience this problem in the same time (i.e. they are fine except the one that does't work). I thought my router has a hardware problem but then I noticed that every time the problem happens, just before it my NIS 2003 reports a "portscan" of 192.168.1.1 (domain 53).

192.168.1.1 is of course, the router address... I have tried to have the PC's configured statically (with DNS servers) as well as DHCP automatic config, it doesn't imrove the issue. If I disable NIS 2003 and then immediately enable it, internet service resumes... I scanne all open ports with a web security site and it reports that only port 113 is closed (the rest are stealthed).

That's as far as my networking skills go

Thanks...!

Reply to
developmental2
Loading thread data ...

Thanks for what? I fail to see the problem. You've intentionally installed a software for the purpose of randomly f****ng up your network. And now you can see this happening. What's strange about that?

Reply to
Sebastian Gottschalk

There's no SP5 for Windows 2000.

Concratulations. You just discovered why automatic network shunning (like e.g. the "block attacker's IP address" feature implemented by NoISe) is utterly braindead.

What you're experiencing is most likely this: NoISe regards incoming traffic with the source IP of your router as an attack (for whatever reason), and subsequently blocks the IP address of your router for about half an hour. Bang! No Internet for this host.

[...]

"Stealth" is another braindead "feature" of NoISe. A computer is not invisible just because it doesn't respond to echo requrests.

Why do you need a personal firewall on your hosts anyway? Filter unsolicited traffic on your network borders and remove NoISe from your hosts.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Thanks for that. The reason I left NIS on my pc's is because I figured the hardware NAT "firewall" is not the same as a real firewall, i.e. it can't protect against many types of security risks that something like NIS can (with all of its admitted flaws). I have also thought about opening the 192.168.1.1 ip for unlimited traffic on NIS (i.e. placing the gatway IP inside the NIS DMZ), but isn't that the same as removing NIS?

Thanks

Reply to
developmental2

If by "protect against many types of security risks" you mean controlling which program communicates outbound: NoISe doesn't protect against those risks, because the moment it detects a threat, your security has already been compromised.

If you must keep using NoISe (for whatever reason): just disable the IP blocking feature.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.