What home class cable/dsl routers have IP blocking feature?

My Firewall doesn't allow any ports outbound unless I create a rule for them, and with proper setup on the appliance, neither P2P or IM get out to connect to anything.

You really need to start learning about more than your little fantasy world, you need to get into real computers and networking. On second thought, I don't want you to get into it at all, we already have enough business fixing other companies messes that hire people like you.

X-No-Archive: Yes

However, my setup will requires everything to go through Socks and HTTP proxies I have setup on on the box running NAT. That is the way that AllegroSurf was built. This is why it is more secure than a hardware appliance. Requiring everrything to go through a proxy server closes most holes that a user can use to bypass security.

At least one small grocery store in my area is thinking of letting me upgrade their computer network. They think my idea of having a software based firewall is better than any hardware appliance. They area low-budget operation, and a setup like mine would be cheaper to own and operate than something with a hardware firewall. You dont have to have expensive certfication courses to run it. Anyone who a college degree in either IT or computer science could run it. That saves money in the long run, becuase someone with something like an MCSE or MCSA, on top of a degree, commands a higher starting salary than someone with just a degree.

And with my firewall, since you've not listened to anything anyone has told you, allows me to select PROXY or NON-PROXY mode for HTTP and SMTP and several others, and it's not some no-name product running on a self configured personal computer setup by a home user.

You miss the point entirely, the startup cost of a appliance is almost always cheaper than the startup cost of a personal computer with a personal user OS and personal firewall applications, and it's almost ALWAYS more secure and less prone to application or hardware faults.

Oh, one other thing - you don't learn the real methods behind security in school or from any MS classes, so get that out of your head now.

We have a couple large chain stores running appliances because they are reliable, easy to setup, have been flawless, don't require maintenance, don't have parts that break, have support by a single dedicated vendor, and they have products that fit all price ranges.

We also have several small clients that only have 2~8 offices, and a soft solution running on a PC would not be ideal for them, the appliance is for clients that don't have staff to manage the systems, get that idea into your head, it will make your life easier.

Charles, if your setup is so perfect, why isn't everyone in the world using it. Especially professionals in the business who really work in networking, instead of trying to fumble along like some blind child. Or do you think microsoft uses your amateur setup.

By the way, have you spoken to Comcast yet about your brilliant anti-virus concept. Or are you trying to talk to United about that 747?

Oh, so you are unable to work as a bean counter, and feel that getting work as a computer expert is a good substitute? Do yourself a huge favor, and consult a real attorney, and have him draw up any contract, Make sure that the customer bears sole responsibility for everything, and acknowledges it in the contract, and that you bear no responsibility for anything. Also, make no guarantees about the firewall working, or that the networking will not be disabled. Oh, and find someone to insure you against business liability. Gross incompetence has not been ruled as a mitigating circumstance in liability cases.

They must be so "low-budget" that they can't afford to do 'due diligence' investigations? They don't ask if you have any practical experience doing this for other firms? And I know this is crushing to you, but "a college degree" is not the answer - it's experience that is needed.

Not around here. Most understand that a microsoft certified anything is a person who passed a senseless test by memorizing useless facts - useless in that they have no use in the real world. This means that the person has no practical knowledge, and a demonstrated lack of common sense because they wasted money pursuing a non-reputable "training" plan. On the other hand, do you know why the CISA is worth money to employers? One of the requirements is 5 years paid direct experience in the field. Book learning is OK (unless it's from microsoft), but the real deal is direct experience.

Old guy

If you have a NIC, you can number that and route the offending net to a non existant gateway off that interface. Won't keep you from getting frames, but will keep any responses from ever getting back to the origin host. Effectively does what you want, they will never know your there.

-Thanks

-Matt

X-No-Archive: Yes

experience.

What I specialize in is buiding systems to automate bookkeeping, over a network. I know how to make Visual Basic talk to Orace and Access. The kind of system I learned to build can be run over any network, and I had to take networking courses for that. And we were taught that Bill Gates is GOD when it comes to computing. Nearly every accounting system around runs under Windows. That is what was drummed into our heads from Day 1.

You should take those courses again - it's been what, nearly 6 years now? That's an eternity in computing.

This time they'll teach you that Bill Gates is still a deity, and his XP SP2 firewall is all you need to secure your systems. Your customers will be ecstatic when you get rid of their expensive and extraneous dedicated security systems, and will elevate your status to just below Bill's.

You'll be a hero, and will have to turn away business so you have time to establish your observatory!

Life is good - until a clue gets in the way.

Triffid

In article , charlesnewman1 @nospam.comcast.net.do.net.spam.me says... [snip]

And that explains why you mentioned VB. While VB was a great language for the noob programmers, since you didn't mention VB.Net I'll assume that you're just as capable at programming as you are with firewall methods.

I missed this one. :)

You got the wrong drum roll.

What's the big deal with connecting to a database with a *connection string* using RDO ADO or ADO.NET in a program VB, VB.NET, C++, C#.NET or otherwise?

In addition to that when IBM, RCA, Control Data etc were GODS with accounting systems that ran on those platforms, they were just as good and may have been better in some situations, especially true with dumb monitors with the programs centrally located on the iron horses and not distrubuted. MS didn't invent accounting systems, databases, computer languages, O/S or anything else. MS is just another fly in the long line of flies in the ointment. Duane :)

You are using a toy language to work on production networks??? Charles, you have _major_ delusions of adequacy.

in 1999. With course materials from microsoft that were three to five years out of date - from a company whose networking concepts are being taxed to deal with 250 hosts, because they never envisioned them being used in a production setting.

------------ From: "Charles Newman" Newsgroups: comp.security.firewalls Subject: Re: What home class cable/dsl routers have IP blocking feature? Date: Fri, 24 Jun 2005 14:35:49 -0700 Message-ID:

Well, another good idea is to turn off native Windows ICS, and have that NAT done by a third-pary program, such as AllegroSurf. I find the server is far less prone to crashing, and is also more secure and not vulnerabe to O/S exploits like Windows ICS is.

------------

So, you "were taught that Bill Gates is GOD", yet he can't seem to create software that isn't prone to crashing, lacks security, and is vulnerabe to attack code written by ten year olds. Make up your mind.

Is that supposed to be the excuse you need to explain why you are using toys?

Old guy

Might not want to do that - have you any idea how expensive a pair of 7x50 binoculars and a swivel chair are?

Not a problem - a microsoft firewall blocks those with ease.

Old guy