Broadband Tech > Security > Security > firewall protection and Linksys router

firewall protection and Linksys router

You may be vulnerable to probes, depending on your configuration (if you've changed any of the settings in the router), but that's about the extent of it. To access one of the two computers on your LAN would be extremely difficult, and would pretty much require a user on the LAN to install a trojan, allowing access from the outside.
--
Having children is like being pecked to death by a duck.

reply to DixieWins

It's always a good idea to have a software firewall as a back up. NAT can be broken into. It also offers no protection at all for outbound attempts such as spyware or Trojans trying to call out, etc...something as simple as ZA on each station can go a long way in keeping you secure.

Thanks for your info. If I use ZA, are there any compatibility issues I should know about with Linksys and ZA ? I have no experience with ZA and that type of software and am still learning more about this router everyday.

I had dsl service for 3 weeks before I could access it - series of faulty Linksys routers / cable problems / phone co problems. It works now and I don't want it blowing up in my face, but the safety issues do concern me.

many thanks !

ZA will integrate just fine - it's software that runs off the target machine and waits for the traffic to try and pass through it. It doesn't know who LinkSys is, or what it does for a living.
--
Having children is like being pecked to death by a duck.

reply to Wildcatboy

said by Wildcatboy:

---

NAT can be broken into

---

reply to DixieWins
I agree with mbxcx8nlp! I use both the Linksys Router and ZAPro and with the exception of something I had done on my end have I ever gotten an alert. On my linksys I use Link-Logger and it will record on occasion a bunch of probes against various ports but never has it passed thru to get to ZA. Its like hitting a brick wall. I am sure there is a way or at least somebody knows how but maybe its easier to look for something easier to prey upon. But would still be interested in how it can be done.

Bill

reply to Nick8

said by mbcx8nlp:

---

If you know of a way to penetrate it please tell me!!

---

The article addresses general security issues and why you cannot rely solely upon NAT. The reasons stated are why I run Tiny behind it . However, it does not provide a mechanism to penetrate NAT (by penetrate I mean get packets past it that do not have an entry in the table - unrequested packets). The security risks are that of hostile code (of course outbound connections are not controlled) and abuse of an internally initiated connection to a hostile site (even a full stateful firewall can't protect against this - more an issue of browser security and surfing habits). I am not so sure that packets with spoofed local source IPs would get forwaded past NAT. The packets would not have an entry in the table and would therefore be blocked. The rest of the concerns are with forwaded ports, which by definition, are not protected by NAT.

I am not saying that NAT is an all-in-one security solution, but I am fairly convinced that NAT cannot be "broken into". The one mechanism I have thought of is similar to the hostile site situation, one could inject packets of spoofed source address into a internally initiated connection. Obviously, the injector would have to be on the route between you and the destination. AFAIK the worst case results would be crashing of the client application or possibly the computer. The attacker would really have to be at the destination site (most routers aren't too nasty ). Also the connection would have to be relatively long-lived (a download or something). As such, I think this is extremely unlikely and of little consequence anyway - just a theoretical way to get unrequested packets past NAT.

[text was edited by author 2001-06-13 12:12:33]

reply to merc669
Bill,

you say you use link-logger to monitor your linksys?

I've not come across this tool, but it sounds really useful. I've got a BEFSR41, too, and if you can point me toward the logger, I'd be grateful!

Thx,
Paul.

Here you go!!

»www.linklogger.com/

Works Great!

Bill

reply to DixieWins
I also have a Linksys BEFSR41 but have anywhere from three to six systems behind it. Each system also runs a software firewall of some sort as well.

My main system runs Tiny Personal Firewall; that system is under my direct control and so I can use a somewhat more technical solution. The systems that my kids use have ZoneAlarm for protection. (And my oldest son's Linux system uses Linux security features.)

Why run the software firewalls? After all, I have Block WAN Requests turned on and always come up fully stealth in the security scans that I've run. I've never logged an attack on one of my systems either; the Linksys has turned away all that has come my way so far.

Mostly, I'm interested in preventing outbound attacks should something get past my defenses. So far, nothing has and I doubt that I'm an interesting enough target to make breaking through NAT worth the while. But I'd rather not find out too late that I should have implemented better security.

said by notdedyet:

---

I've never logged an attack on one of my systems either; the Linksys has turned away all that has come my way so far.

---

When I was messing with Napster or ICQ some of the recommendations were to Port Forward to the system certain ports for their use. Then I would see alerts from ZA. Then I would have to go into ZA and tell it, its okay to let that one go thru. But since for a long while I do not do any port forwarding and block any WAN Requests on the Linksys, I am seeing nothing on ZA.

Bill
[text was edited by author 2001-06-13 13:24:28]

reply to DixieWins
This is my chance to make my "canonical" firewalling statement:

"Most of us will never see a real intrusion on a home system. However, most of us will see at least one trojan, worm, zombie... and no NAT device, standing alone and relying on NAT alone for firewalling, will do a thing to help us."

Nat makes it extremely difficult for someone on the outside to get in. It is a "single cylinder deadbolt," though, and anything on the inside can just turn the knob and get out anytime it wansts. Once it opens the door from the inside, it can hold it open for the burglar outside to get in... or just walk around the neighborhood looking for trouble and carrying ID with "your" name and address on it.

Forewarned is forearmed...
--
Man will occasionally stumble over the truth, but most times he will pick himself up and carry on. - Sir Winston Churchill

reply to DixieWins
I use both (Linksys & ZA) with no problems, and a stealth rating.:)

reply to Inspector

said by Inspector:

---

Does this mean they are getting past my Linksys and shouldn't be? Is my Linksys not doing its job?

---

reply to Inspector

said by Inspector:

---

I am a "bit" ignorant when it comes to firewalls. I have a Linksys 4-port router and ZA free version. I sometimes get pop-ups from ZA saying, "Zone Alarm has blocked access to your computer from..." Does this mean they are getting past my Linksys and shouldn't be? Is my Linksys not doing its job?

---