WRT54G firewall???

Good thinking.

Your WRT54G firewall will protect your LAN against attacks via the internet by hackers like myself. As long as you don't have any exposed IP sockets (ports) in your firewall, you're generally considered safe. However, I suggest you try running the firewall exploits test at:

formatting link
formatting link
WRT54G with Sveasoft Alchemy 1.0 firmware, passes all the test. My BEFW11S4 hangs on two of the tests (I forgot which).

ZoneAlarm will also protect against incoming attacks, but also adds protection against outgoing "ET phone home" type of software that wants to send the mother ship everything it knows about you, your machine, and your finances. The WRT54G firewall will do nothing for detecting trojan horses, worms, and spyware that are delivered via web pages and email. Zone Alarm will catch these, but you need to pay attention when the popup boxes ask for confirmation.

Reply to
Jeff Liebermann
Loading thread data ...

Hello All

As I try to get my friend's WRT54G wireless to work permanently (an earlier post), I am wondering something. The box says the WRT54G has a built-in firewall. But I also installed Zone Alarm, which is reporting many ping and other attempts getting through to my friend's laptop through the WRT54G - using either the Ethernet card or the laptop wireless card.

We intend to keep Zone Alarm (we shut off the Windows XP firewall.) But I'm wondering: Is the WRT54G firewall not that good or do we have to turn something on?

Thanks.

Reply to
Anthony Giorgianni

See "Block WAN Requests" and make sure that the checkbox for "Block Anonymous Internet Requests " is ticked in the WRT54G Security/Firewall setting to prevent responses to Pings.Zone Alarm can also be configured so that there will be no response to ICMP Pings.

It has an SPI Firewall which will examine all incoming data transmission,if a packet is a legitimate reply to a request from within the network, the SPI Firewall would permit its passage through. Otherwise, access is denied. This allows relatively unrestricted transmission from within the network, and selective but flexible access from the outside. The SPI Firewall can also track individual connections and will grant temporary access in the firewall under appropriate conditions,for e.g Applications and Gaming.

Reply to
NBT

"Anthony Giorgianni" wrote in news:wD2ke.809633$ snipped-for-privacy@bgtnsc05-news.ops.worldnet.att.net:

The NAT router will stop unsolicited inbound traffic from reaching the machine by not forwarding those requests. And what do you mean that ping traffic is reaching the machine behind the router, unless the machine is making a solicitation for traffic/a test behind the router for the traffic, then the router is going to let it through? Otherwise, unsolicited inbound traffic is not going to come past that NAT router.

Just because SPI is being mentioned as a feature of the NAT (no firewall) router doesn't mean its an appliance running true FW software that meets the specs in the link for *What does a FW do?*.

formatting link
What you have there is NAT (no FW) router with some FW like features and that's it for home usage. It's good enough in the protection as long as one doesn't do high risk things like port forwarding. On the other hand a a NAT router can be attacked but most likely, it won't happen in your case.

formatting link
Some people supplement the NAT router with a PFW or some other packet filtering software such as IPsec to stop inbound or outbound by port, protocol or IP, since most NAT routers for home usage cannot do it.

formatting link
BTW, a personal firewall solution is not true FW software either as it doesn't separate two networks, but rather it provides machine level protection of the O/S, services and Internet applications when the machine is directly connected to the Internet.

You should learn about FW(s).

formatting link
If you had an appliance that was running FW software in the traditional sense, a PFW solution would not be needed to supplement it.

Duane :)

Reply to
Duane Arnold

Good plan.

Firewalls in routers are typcally turned off by default, so as to avoid people phoning support with obvious questions. RTFM to find how to enable it.

Reply to
Mark McIntyre

Excellent responses everyone! I'm now checking out all the links everyone provided. I will have my friend conduct those tests, Jeff. Yes, I've told my friend to be careful about what she enables to go out over ZA. Eventually, she'll shut off the incoming notices. We also are running AVG antivirus and AdAdware - running definition updates at least once daily. I'll double check to make sure the router firewall is on too. I'd like to keep this machine locked down tight.

Thanks again!

Reply to
Anthony Giorgianni

"Anthony Giorgianni" wrote in news:4rcke.812611$ snipped-for-privacy@bgtnsc05-news.ops.worldnet.att.net:

Well don't use IE, OE, or Outlook, make sure the user doesn't have the happy fingers that clicks on unknown things, practice safe hex and *harden* the NT based O/S to attack by disabling unneeded services/things on the O/S and you might have a change. Anything else you're talking about in the protection other than the AV at the machine level is snake oil.

And again, the 54g is a NAT router with FW like features, is not running true FW software in the traditional sense, is not a FW appliance and is wireless (even more attackable).

Duane :)

Reply to
Duane Arnold

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.