Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
 ·Shaw
| reply to Link Logger
Re: El Cheapo Router Challenge
OK so that completes another edition of 'El Cheapo Router Challenge'. What I hope that everyone got from this is next time you hear someone say they can hack your cheap (but from a reputable vendor) router, your response ought to be 'prove it' or perhaps more simply 'bullshit'. If they are convinced that they can hack your router please by all means direct them here and I would be happy to put up a cheapo router for them to demonstrate on.
Even XP's built in firewall is tight (note no one picked up on my dialup connection as there is a bug there which you should be aware of and that Microsoft has patched, so all you folks who use XP's built in firewall for dialup connections, please check your patch level).
As I have always claimed these security devices will not solve world hunger or anything like that, but they will stop unsolicited inbound network attacks, which is one of the most common attack vectors if not the most common in terms of assaults per day on your system. They will not stop solicited attacks such as email viruses or browser drive-bys, but they are likely the easiest security devices you can install and require the least amount of upkeep (if any). To stop solicited attacks you need to have a current Anti-Virus and keep your system fully patched and of course practice safe hex on the internet.
The internet can be a safe place with at most only a small investment in time and money towards:
- firewall
- current Anti Virus
- staying current with patches
Things like Anti Spyware while optional are a good idea as well.
I'd like to thank everyone for participating and particularly qrkx who demonstrated some of the very real limits in protocol security.
Remember the router challenge is always open if you or someone else thinks they have an exploit I'm always willing to help them demonstrate it.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
rgillis70
Premium
join:2002-12-30
Herndon, VA | Many thanks to you Blake for your efforts.
It is truly appreciated!
 |
|
33591094
join:2002-11-19
Canada |  reply to Link Logger
Thanks for your all of your efforts Blake - and thanks to everyone that took a run at his routers. |
|
B
Premium,MVM
join:2000-10-28 | reply to Link Logger
Great wrap-up, Blake. This thread's an instant classic. Hey what happened to all the topic thumbs? It's down to 1 now. (Some kind of rollover error?)
-- B
--
In a realm outside causality and function |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | There is no rollover error, but thumbs up on a topic are only counted over the last 3 day period. |
|
cableb4me
join:2002-03-09
Dunlap, IL | reply to Link Logger
This has been such a great read. Thanks Link Logger and everyone that particitated! |
|
Arup65
join:2005-04-01
India
| I just have few points regarding this subject, from what I understand, some routers do basic DDoS and IP blocking as well as TCP count limit functions, I have seen in most cases, enabling these features sometimes causes more headaches than anything,under heavy use with multiple connections open, for example with P2P, best method of protecting behind a NAT router is to harden your OS thoroughly with something like Harden It fro YASC etc, let the router do simple NAT which it does quite well without any issues, let the OS protect itself if any attacks are let in by the router. The other important aspect is when a router is doing PPPoE, it is a potential security hole, most routers have by default, remote admin allowed and default password of admin:admin allows hackers with a unblocked WAN ping set router to be hacked easily and they also manage to get the password through remote telnet,this scenario is very likely happen to first time router user and it might be too late before he/she realizes it and sets the admin password and also changes the PPPoE password. |
|
