Router Issue. - Firewalls

This is a discussion on Router Issue. - Firewalls ; Do I really need a router? I am presently on a dial-up 56K connection, an average homeuser with a desktop computer. My OS is WinXP SP2. I work with LUA, use the in-build firewall and Seconfig XP. I am going ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 21

Thread: Router Issue.

  1. Router Issue.

    Do I really need a router?
    I am presently on a dial-up 56K connection, an average homeuser with a
    desktop computer. My OS is WinXP SP2. I work with LUA, use the in-build
    firewall and Seconfig XP.

    I am going to subscribe to a high-speed internet service and the ISP will
    also supply a 'Hatary HW-AA 101 wireless ADSL2+ router'. The router comes
    with a Quick Installation Guide and a Starter Kit CD-ROM.
    ISP connection number, username and initial password will be provided by the
    ISP which have to be added during installation. The program will then setup
    the ADSL2+ router and make connection to the Internet automatically.

    According to Wikipedia, a router would be needed if a homeuser may want to
    set up a LAN or WLAN and connect all computers to the Internet without
    having to pay a full broadband subscription service to their ISP for each
    computer on the network.

    Since I am a single pc user, I was wondering if it is really necessary to
    install this router.

    Could I not just go to Network Connections | Network Tasks | Create a new
    connection and use the New Connection Wizard to Set up my connection
    manually?
    (Though my ISP refers to this type of connection as PPPoE LLC and not
    PPPoE).

    Also, the Trouble Shooting list of the Quick Installation Guide points out
    that the TCP/IP setting in network adapter of my pc should be set to obtain
    and IP address and DNS.
    Currently, the Service TCP/IP NetBIOS Helper is Disabled as are SMB and RPC
    over TCP/IP.

    Must these services be re-instated to achieve ADSL connection?

    TIA.


  2. Re: Router Issue.

    Am Tue, 16 Oct 2007 14:36:39 +0700 schrieb Cornelia Parsley:

    Hello,

    > Do I really need a router?


    no you don't.

    > Could I not just go to Network Connections | Network Tasks | Create a new
    > connection and use the New Connection Wizard to Set up my connection
    > manually?
    > (Though my ISP refers to this type of connection as PPPoE LLC and not
    > PPPoE).


    Sure you can, it uses the same stack.

    > Also, the Trouble Shooting list of the Quick Installation Guide points out
    > that the TCP/IP setting in network adapter of my pc should be set to obtain
    > and IP address and DNS.


    I'm pretty sure you have 'receive setting automatically' on your network
    adapter, that is all you need. The same thing happens in the router itself.

    > Currently, the Service TCP/IP NetBIOS Helper is Disabled as are SMB and RPC
    > over TCP/IP.
    >
    > Must these services be re-instated to achieve ADSL connection?


    No.

    cheers

  3. Re: Router Issue.


    "Cornelia Parsley" wrote in message
    news:ff1pjt$ndp$1@aioe.org...
    > Do I really need a router?
    > I am presently on a dial-up 56K connection, an average homeuser with a
    > desktop computer. My OS is WinXP SP2. I work with LUA, use the in-build
    > firewall and Seconfig XP.


    That's dia-up. But back a few years ago, they did have routers for dial-up,
    and if I was soley using dial-up for a single machine, that router would be
    sitting there to protect the machine from the Internet, even on a dial-up.

    >
    > I am going to subscribe to a high-speed internet service and the ISP will
    > also supply a 'Hatary HW-AA 101 wireless ADSL2+ router'. The router comes
    > with a Quick Installation Guide and a Starter Kit CD-ROM.
    > ISP connection number, username and initial password will be provided by
    > the ISP which have to be added during installation. The program will then
    > setup the ADSL2+ router and make connection to the Internet automatically.


    Why not? You do know that the router is a border device, and it acts more
    like a FW solution than XP's FW/packet filter does or any other 3rd party
    PFW/packet filter will do? The router has the two interfaces. One
    interface faces the WAN/Internet the untrusted zone, and the other interface
    faces the LAN the trusted zone. One of the definitions for a FW is it at
    least two interfaces.

    The router sits in front of the machine and stops unsolicted scans and
    attacks from reaching the computer so that a psersonal FW/packet filter
    along with the O/S, which the PFW/packet filter must run with the O/S, don't
    react to them slowing the computer down from doing other things as they
    react to the scans and attacks.

    >
    > According to Wikipedia, a router would be needed if a homeuser may want to
    > set up a LAN or WLAN and connect all computers to the Internet without
    > having to pay a full broadband subscription service to their ISP for each
    > computer on the network.


    That's part of it, but a router also provides protection too for a machine
    or machines from unsolicted scans and attacks from the Internet, as it sits
    in front of the computer to stop them.

    There is nothing wrong with a single machine sitting behind a router --
    none -- and is a better solution than just connecting the computer directly
    to the modem, which is a direct connetion to the Internet no border device
    in between the modem and the computer like a router

    You would be getting a NAT router.

    http://www.homenethelp.com/web/explain/about-NAT.asp

    >
    > Since I am a single pc user, I was wondering if it is really necessary to
    > install this router.
    >


    You don't, but some do try to do the right thing to provide better
    protection. You do know that anything like a 3rd PFW/packet filter or
    even Window's XP FW/packet filter can be taken out if malware can hit the
    computer and is executed, since it runs with the O/S, and the O/S can be
    attacked too and taken out leaving the computer wide open to the Internet.
    It's kind of hard to take down the router, since it's a standalone device
    and is not running with the O/S.

    > Could I not just go to Network Connections | Network Tasks | Create a new
    > connection and use the New Connection Wizard to Set up my connection
    > manually?


    > (Though my ISP refers to this type of connection as PPPoE LLC and not
    > PPPoE).
    >

    Sure you can.

    > Also, the Trouble Shooting list of the Quick Installation Guide points out
    > that the TCP/IP setting in network adapter of my pc should be set to
    > obtain and IP address and DNS.
    > Currently, the Service TCP/IP NetBIOS Helper is Disabled as are SMB and
    > RPC over TCP/IP.


    Why not, the machine even on a dial-up connection is set to obtain an IP and
    DNS so why can't a NIC do to it too? The computer's NIC can be set to not
    network too, which you should have been doing on the dial-up as well. So
    where is the problem?

    >
    > Must these services be re-instated to achieve ADSL connection?


    Just remove the Client for MS Networks and MS File & Printer Sharing off of
    the NIC and tell the NIC to Obtain an IP aitomatically, and you're good to
    go.


    IMHO, you need to do the right things like get the router. along with doing
    some other things if the O/S will allow it.

    http://labmice.techtarget.com/articl...ychecklist.htm


  4. Re: Router Issue.

    Am Tue, 16 Oct 2007 06:35:15 -0400 schrieb Mr. Arnold:

    > "Cornelia Parsley" wrote in message
    > news:ff1pjt$ndp$1@aioe.org...
    >> Do I really need a router?
    >> I am presently on a dial-up 56K connection, an average homeuser with a
    >> desktop computer. My OS is WinXP SP2. I work with LUA, use the in-build
    >> firewall and Seconfig XP.

    >
    > That's dia-up. But back a few years ago, they did have routers for dial-up,
    > and if I was soley using dial-up for a single machine, that router would be
    > sitting there to protect the machine from the Internet, even on a dial-up.


    ... or opening the backdoor, there are some funny devices out the, the last
    I remember was a Linksys and if you send an special string to a special
    port you got the administartive access plus the WEP Keys.

    > Why not? You do know that the router is a border device, and it acts
    > more like a FW solution than XP's FW/packet filter does or any other 3rd
    > party PFW/packet filter will do? The router has the two interfaces. One
    > interface faces the WAN/Internet the untrusted zone, and the other
    > interface faces the LAN the trusted zone. One of the definitions for a
    > FW is it at least two interfaces.


    Nope, depends on the firmware ther is everything possible, so the trusted
    zone tells you that you trust but you never know.
    Otherwise and thats my solution use an opensource os and build you own
    router, should be the safest way in my opinion.

    > The router sits in front of the machine and stops unsolicted scans and


    depends on the configuration

    > attacks from reaching the computer so that a psersonal FW/packet filter
    > along with the O/S, which the PFW/packet filter must run with the O/S,
    > don't react to them slowing the computer down from doing other things as
    > they react to the scans and attacks.


    the packset flow is still on the wan line, so a slow down might be
    possible, but I've never seen somebody who is scanning so stupid

    >> According to Wikipedia, a router would be needed if a homeuser may want
    >> to set up a LAN or WLAN and connect all computers to the Internet
    >> without having to pay a full broadband subscription service to their
    >> ISP for each computer on the network.


    the little flashbox is a coputer with a small embeded OS which acts as an
    router an filter (depends on the configuration)

    > That's part of it, but a router also provides protection too for a
    > machine or machines from unsolicted scans and attacks from the Internet,
    > as it sits in front of the computer to stop them.


    Nope, if you open with your browser a site which contains PoC for your
    browser you'll be infected, if you get an email with the super winner
    chance and click that you'll be infected.
    There is no chance for the router to detect that.

    > There is nothing wrong with a single machine sitting behind a router --
    > none -- and is a better solution than just connecting the computer
    > directly to the modem, which is a direct connetion to the Internet no
    > border device in between the modem and the computer like a router


    >I am going to subscribe to a high-speed internet service and the ISP will
    >also supply a 'Hatary HW-AA 101 wireless ADSL2+ router'.


    She want to switch, doesn't she?

    > You don't, but some do try to do the right thing to provide better
    > protection. You do know that anything like a 3rd PFW/packet filter or
    > even Window's XP FW/packet filter can be taken out if malware can hit


    Doesn't matter, you also could place a bot at this computer (via
    email,browser attacks or whatever), so the router will route every traffic
    which comes from this computer, think about all the spam which comes from
    dynamic dial up adresses, there are mostly no spammers

    >
    > IMHO, you need to do the right things like get the router. along with
    > doing some other things if the O/S will allow it.


    There is nothing wrong with a router, only the sentence "you're more
    protected..".

    "Security is a process not a product" (Bruce Schneier)

    cheers

  5. Re: Router Issue.

    Burkhard Ott wrote:
    > Am Tue, 16 Oct 2007 06:35:15 -0400 schrieb Mr. Arnold:
    >
    >> "Cornelia Parsley" wrote in message
    >> news:ff1pjt$ndp$1@aioe.org...
    >>> Do I really need a router?
    >>> I am presently on a dial-up 56K connection, an average homeuser with a
    >>> desktop computer. My OS is WinXP SP2. I work with LUA, use the in-build
    >>> firewall and Seconfig XP.

    >> That's dia-up. But back a few years ago, they did have routers for dial-up,
    >> and if I was soley using dial-up for a single machine, that router would be
    >> sitting there to protect the machine from the Internet, even on a dial-up.

    >
    > .. or opening the backdoor, there are some funny devices out the, the last
    > I remember was a Linksys and if you send an special string to a special
    > port you got the administartive access plus the WEP Keys.
    >
    >> Why not? You do know that the router is a border device, and it acts
    >> more like a FW solution than XP's FW/packet filter does or any other 3rd
    >> party PFW/packet filter will do? The router has the two interfaces. One
    >> interface faces the WAN/Internet the untrusted zone, and the other
    >> interface faces the LAN the trusted zone. One of the definitions for a
    >> FW is it at least two interfaces.

    >
    > Nope, depends on the firmware ther is everything possible, so the trusted
    > zone tells you that you trust but you never know.
    > Otherwise and thats my solution use an opensource os and build you own
    > router, should be the safest way in my opinion.
    >
    >> The router sits in front of the machine and stops unsolicted scans and

    >
    > depends on the configuration
    >
    >> attacks from reaching the computer so that a psersonal FW/packet filter
    >> along with the O/S, which the PFW/packet filter must run with the O/S,
    >> don't react to them slowing the computer down from doing other things as
    >> they react to the scans and attacks.

    >
    > the packset flow is still on the wan line, so a slow down might be
    > possible, but I've never seen somebody who is scanning so stupid
    >
    >>> According to Wikipedia, a router would be needed if a homeuser may want
    >>> to set up a LAN or WLAN and connect all computers to the Internet
    >>> without having to pay a full broadband subscription service to their
    >>> ISP for each computer on the network.

    >
    > the little flashbox is a coputer with a small embeded OS which acts as an
    > router an filter (depends on the configuration)
    >
    >> That's part of it, but a router also provides protection too for a
    >> machine or machines from unsolicted scans and attacks from the Internet,
    >> as it sits in front of the computer to stop them.

    >
    > Nope, if you open with your browser a site which contains PoC for your
    > browser you'll be infected, if you get an email with the super winner
    > chance and click that you'll be infected.
    > There is no chance for the router to detect that.
    >
    >> There is nothing wrong with a single machine sitting behind a router --
    >> none -- and is a better solution than just connecting the computer
    >> directly to the modem, which is a direct connetion to the Internet no
    >> border device in between the modem and the computer like a router

    >
    >> I am going to subscribe to a high-speed internet service and the ISP will
    >> also supply a 'Hatary HW-AA 101 wireless ADSL2+ router'.

    >
    > She want to switch, doesn't she?
    >
    >> You don't, but some do try to do the right thing to provide better
    >> protection. You do know that anything like a 3rd PFW/packet filter or
    >> even Window's XP FW/packet filter can be taken out if malware can hit

    >
    > Doesn't matter, you also could place a bot at this computer (via
    > email,browser attacks or whatever), so the router will route every traffic
    > which comes from this computer, think about all the spam which comes from
    > dynamic dial up adresses, there are mostly no spammers
    >
    >> IMHO, you need to do the right things like get the router. along with
    >> doing some other things if the O/S will allow it.

    >
    > There is nothing wrong with a router, only the sentence "you're more
    > protected..".
    >
    > "Security is a process not a product" (Bruce Schneier)
    >
    > cheers

    i think it is : security is a process not a state.
    and one has to strive, test, experiment, implement new ideas (eg
    portkocking, wep chaffing, ...) regarding security.

    but we can say however that in general if you have a router in front of
    your box
    that you're more protected than you would be without (eg direct
    connection) but
    you're NOT secure.

  6. Re: Router Issue.


    "Burkhard Ott" wrote in message
    news:ff2c64$s3t$1@el-srv04-CHE.srvnet.eastlink.de...
    > Am Tue, 16 Oct 2007 06:35:15 -0400 schrieb Mr. Arnold:
    >
    >> "Cornelia Parsley" wrote in message
    >> news:ff1pjt$ndp$1@aioe.org...
    >>> Do I really need a router?
    >>> I am presently on a dial-up 56K connection, an average homeuser with a
    >>> desktop computer. My OS is WinXP SP2. I work with LUA, use the in-build
    >>> firewall and Seconfig XP.

    >>
    >> That's dia-up. But back a few years ago, they did have routers for
    >> dial-up,
    >> and if I was soley using dial-up for a single machine, that router would
    >> be
    >> sitting there to protect the machine from the Internet, even on a
    >> dial-up.

    >
    > .. or opening the backdoor, there are some funny devices out the, the last
    > I remember was a Linksys and if you send an special string to a special
    > port you got the administartive access plus the WEP Keys.
    >


    That's wireless and that's Linksys. One egg doesn't apply to all solutions.

    >> Why not? You do know that the router is a border device, and it acts
    >> more like a FW solution than XP's FW/packet filter does or any other 3rd
    >> party PFW/packet filter will do? The router has the two interfaces. One
    >> interface faces the WAN/Internet the untrusted zone, and the other
    >> interface faces the LAN the trusted zone. One of the definitions for a
    >> FW is it at least two interfaces.

    >
    > Nope, depends on the firmware ther is everything possible, so the trusted
    > zone tells you that you trust but you never know.
    > Otherwise and thats my solution use an opensource os and build you own
    > router, should be the safest way in my opinion.


    I set behind a WatchGuard when at home if you know what that is about. When
    I am on the road contracting, then I am using something like the Vista FW on
    dial-up and wireless connections in a hotel or elsewhere.

    The solution that you're talking about requires two things. 1) That one
    knows the FW solution very well to use it and configure it properly. 2) That
    one knows the O/S or platform. Both are learning curves that the average
    home user CANNOT accomplish this.

    A router, a packet filter FW router or FW appliance is a plug it up and go
    device that provides instant protection from the Internet and most need very
    little configuration on the end-users part. Granted, some of these solutions
    are more complicated than that. But the fact remains that for the most part,
    one can take one of these devices out of the box and go with it.

    >
    >> The router sits in front of the machine and stops unsolicted scans and

    >
    > depends on the configuration


    Yes. some are stupid enough to connect the router to a computer acting as a
    gateway with the router stitting behind it, when it should be the other way
    around. But some have no choice but to do that. But most are going to do the
    right thing and let the router act as the gateway device with what
    protection it can provide from the Internet from unsolicated inbound
    traffic.

    >
    >> attacks from reaching the computer so that a psersonal FW/packet filter
    >> along with the O/S, which the PFW/packet filter must run with the O/S,
    >> don't react to them slowing the computer down from doing other things as
    >> they react to the scans and attacks.

    >
    > the packset flow is still on the wan line, so a slow down might be
    > possible, but I've never seen somebody who is scanning so stupid


    What are you talking about?????? The router is going to stop unsolicted
    scans and attacks from the Internet at the border. Let's clarifiy here. We
    are talking about a home user sitting there with one machine or maybe the
    home user has two machines or more on a home network. We're not talking
    about business class solution, and the home user is really small potatoes in
    the long run, unless they start opening ports for someting like a Web server
    that they have any bussiness doing in the first place, because they don't
    know how to protect the Web server nor the O/S or anything else.


    >
    >>> According to Wikipedia, a router would be needed if a homeuser may want
    >>> to set up a LAN or WLAN and connect all computers to the Internet
    >>> without having to pay a full broadband subscription service to their
    >>> ISP for each computer on the network.

    >
    > the little flashbox is a coputer with a small embeded OS which acts as an
    > router an filter (depends on the configuration)
    >
    >> That's part of it, but a router also provides protection too for a
    >> machine or machines from unsolicted scans and attacks from the Internet,
    >> as it sits in front of the computer to stop them.

    >
    > Nope, if you open with your browser a site which contains PoC for your
    > browser you'll be infected, if you get an email with the super winner
    > chance and click that you'll be infected.
    > There is no chance for the router to detect that.


    Look man, the router's job is to stop unsolicited inbound traffic from
    reaching the computer. That's the router's job. What you're talking about is
    solicited traffic. Nothing can stop the user sitting behind the mouse doing
    the pointing and clicking with the mouse or typing at the keyboard, doing
    the solictation for traffic. And no software running on the computer is
    going to do it either, protect them fro him or herself. Most PFW solutions
    have snake-oil in them with the impression that it's some kind of security
    blanket that's going to do just that. They can't do it.

    >
    >> There is nothing wrong with a single machine sitting behind a router --
    >> none -- and is a better solution than just connecting the computer
    >> directly to the modem, which is a direct connetion to the Internet no
    >> border device in between the modem and the computer like a router

    >
    >>I am going to subscribe to a high-speed internet service and the ISP will
    >>also supply a 'Hatary HW-AA 101 wireless ADSL2+ router'.

    >
    > She want to switch, doesn't she?
    >
    >> You don't, but some do try to do the right thing to provide better
    >> protection. You do know that anything like a 3rd PFW/packet filter or
    >> even Window's XP FW/packet filter can be taken out if malware can hit

    >
    > Doesn't matter, you also could place a bot at this computer (via
    > email,browser attacks or whatever), so the router will route every traffic
    > which comes from this computer, think about all the spam which comes from
    > dynamic dial up adresses, there are mostly no spammers


    If it's going to happen, then it's better that something is there that is
    not going to be taken down so easily. as something running on the computer
    with the O/S that has a direct connection to the Internet. That's not the
    case with a standalone border device. Its software is not running on the
    computer as opposed to the software running on the computer with the O/S
    when it's knocked out. At least with the border device, the machine is not
    left wide open to attack while connected to the Internet. Or maybe, you
    can't understand this, and you cannot think out side the box.

    The other thing is one has to know that the computer has been compormised,
    and no junk in PFW(s) are going to help to do that.

    One have to use the right tools to make the discovery and most don't know
    how to do it.



    And if they do discover something, then most won't do the right thing either
    and just wipe the machine out. One doesn't know whatelse can be there, but
    they think they have gotten it when most likey they didn't get all of it.



    >
    >>
    >> IMHO, you need to do the right things like get the router. along with
    >> doing some other things if the O/S will allow it.

    >
    > There is nothing wrong with a router, only the sentence "you're more
    > protected..".


    Where did I say that? You point it out. All I said is that the machine is
    better protected with the use of a border device such as a router, which can
    be used in combination with ohter solutions. The router is NOT a stop all
    and ends all solution. The router's job is to stop unsolicited inbound scans
    and attacks from the Internet from reaching the computer.

    The router's job is NOT to protect the user from him or herself, and no
    software running on the computer can do it either. The job of a PFW/packet
    filter should be to filter inbound or outbound packets. Its job is not to be
    trying to do all this other BS trying to protect the user from him or
    herself that it cannot do.

    >
    > "Security is a process not a product" (Bruce Schneier)
    >


    I have been in this NG since year 2000. I have heard it all, seen it all,
    and I have learned from the best. And I wouldn't connect to the Internet if
    I have the control of it without a border device such as a packet filtering
    FW router, FW appliance or gateway computer using a network FW solution
    running on the machine with the machine/OS properly locked down to face the
    Internet, which I don't include PFW(s)/personal packet filters running at
    the machine level as they are NOT FW solutions. I don't care if it's a MS,
    Linux, Apple or anything else solution.

    And about the process thing, the buck stops with the end-user what he or she
    is doing, not doing, knows how to do and what not to do.

    And they can start here.

    http://www.claymania.com/safe-hex.html

    And then they can start here. You have already seen this.

    http://labmice.techtarget.com/articl...ychecklist.htm

    And I want to make this clear. I am not in a debate with you about this. If
    you start going in that direction, then I am going to drop you like a hot
    potato. I don't think you can do it, as it doesn't seem that you could mind
    your own business in the first place -- nothing against you personally. ;-)


  7. Re: Router Issue.

    Thanks for detailed explanation and links. I am going to install this
    router

    Best wishes...

    "Mr. Arnold" Arnold@Arnold.com> wrote in message
    news:13h94vf2d03qfcc@corp.supernews.com...
    >
    > "Cornelia Parsley" wrote in message
    > news:ff1pjt$ndp$1@aioe.org...
    >> Do I really need a router?
    >> I am presently on a dial-up 56K connection, an average homeuser with a
    >> desktop computer. My OS is WinXP SP2. I work with LUA, use the in-build
    >> firewall and Seconfig XP.

    >
    > That's dia-up. But back a few years ago, they did have routers for
    > dial-up, and if I was soley using dial-up for a single machine, that
    > router would be sitting there to protect the machine from the Internet,
    > even on a dial-up.
    >
    >>
    >> I am going to subscribe to a high-speed internet service and the ISP will
    >> also supply a 'Hatary HW-AA 101 wireless ADSL2+ router'. The router
    >> comes with a Quick Installation Guide and a Starter Kit CD-ROM.
    >> ISP connection number, username and initial password will be provided by
    >> the ISP which have to be added during installation. The program will
    >> then setup the ADSL2+ router and make connection to the Internet
    >> automatically.

    >
    > Why not? You do know that the router is a border device, and it acts more
    > like a FW solution than XP's FW/packet filter does or any other 3rd party
    > PFW/packet filter will do? The router has the two interfaces. One
    > interface faces the WAN/Internet the untrusted zone, and the other
    > interface faces the LAN the trusted zone. One of the definitions for a FW
    > is it at least two interfaces.
    >
    > The router sits in front of the machine and stops unsolicted scans and
    > attacks from reaching the computer so that a psersonal FW/packet filter
    > along with the O/S, which the PFW/packet filter must run with the O/S,
    > don't react to them slowing the computer down from doing other things as
    > they react to the scans and attacks.
    >
    >>
    >> According to Wikipedia, a router would be needed if a homeuser may want
    >> to set up a LAN or WLAN and connect all computers to the Internet without
    >> having to pay a full broadband subscription service to their ISP for each
    >> computer on the network.

    >
    > That's part of it, but a router also provides protection too for a machine
    > or machines from unsolicted scans and attacks from the Internet, as it
    > sits in front of the computer to stop them.
    >
    > There is nothing wrong with a single machine sitting behind a router --
    > none -- and is a better solution than just connecting the computer
    > directly to the modem, which is a direct connetion to the Internet no
    > border device in between the modem and the computer like a router
    >
    > You would be getting a NAT router.
    >
    > http://www.homenethelp.com/web/explain/about-NAT.asp
    >
    >>
    >> Since I am a single pc user, I was wondering if it is really necessary to
    >> install this router.
    >>

    >
    > You don't, but some do try to do the right thing to provide better
    > protection. You do know that anything like a 3rd PFW/packet filter or
    > even Window's XP FW/packet filter can be taken out if malware can hit the
    > computer and is executed, since it runs with the O/S, and the O/S can be
    > attacked too and taken out leaving the computer wide open to the Internet.
    > It's kind of hard to take down the router, since it's a standalone device
    > and is not running with the O/S.
    >
    >> Could I not just go to Network Connections | Network Tasks | Create a new
    >> connection and use the New Connection Wizard to Set up my connection
    >> manually?

    >
    >> (Though my ISP refers to this type of connection as PPPoE LLC and not
    >> PPPoE).
    >>

    > Sure you can.
    >
    >> Also, the Trouble Shooting list of the Quick Installation Guide points
    >> out that the TCP/IP setting in network adapter of my pc should be set to
    >> obtain and IP address and DNS.
    >> Currently, the Service TCP/IP NetBIOS Helper is Disabled as are SMB and
    >> RPC over TCP/IP.

    >
    > Why not, the machine even on a dial-up connection is set to obtain an IP
    > and DNS so why can't a NIC do to it too? The computer's NIC can be set to
    > not network too, which you should have been doing on the dial-up as well.
    > So where is the problem?
    >
    >>
    >> Must these services be re-instated to achieve ADSL connection?

    >
    > Just remove the Client for MS Networks and MS File & Printer Sharing off
    > of the NIC and tell the NIC to Obtain an IP aitomatically, and you're good
    > to go.
    >
    >
    > IMHO, you need to do the right things like get the router. along with
    > doing some other things if the O/S will allow it.
    >
    > http://labmice.techtarget.com/articl...ychecklist.htm



  8. Re: Router Issue.

    Hi Burkhard,
    Your response and clarification was very much appreciated. I am going to
    install this router.

    Best wishes...

    "Burkhard Ott" wrote in message
    news:ff2c64$s3t$1@el-srv04-CHE.srvnet.eastlink.de...
    > Am Tue, 16 Oct 2007 06:35:15 -0400 schrieb Mr. Arnold:
    >
    >> "Cornelia Parsley" wrote in message
    >> news:ff1pjt$ndp$1@aioe.org...
    >>> Do I really need a router?
    >>> I am presently on a dial-up 56K connection, an average homeuser with a
    >>> desktop computer. My OS is WinXP SP2. I work with LUA, use the in-build
    >>> firewall and Seconfig XP.

    >>
    >> That's dia-up. But back a few years ago, they did have routers for
    >> dial-up,
    >> and if I was soley using dial-up for a single machine, that router would
    >> be
    >> sitting there to protect the machine from the Internet, even on a
    >> dial-up.

    >
    > .. or opening the backdoor, there are some funny devices out the, the last
    > I remember was a Linksys and if you send an special string to a special
    > port you got the administartive access plus the WEP Keys.
    >
    >> Why not? You do know that the router is a border device, and it acts
    >> more like a FW solution than XP's FW/packet filter does or any other 3rd
    >> party PFW/packet filter will do? The router has the two interfaces. One
    >> interface faces the WAN/Internet the untrusted zone, and the other
    >> interface faces the LAN the trusted zone. One of the definitions for a
    >> FW is it at least two interfaces.

    >
    > Nope, depends on the firmware ther is everything possible, so the trusted
    > zone tells you that you trust but you never know.
    > Otherwise and thats my solution use an opensource os and build you own
    > router, should be the safest way in my opinion.
    >
    >> The router sits in front of the machine and stops unsolicted scans and

    >
    > depends on the configuration
    >
    >> attacks from reaching the computer so that a psersonal FW/packet filter
    >> along with the O/S, which the PFW/packet filter must run with the O/S,
    >> don't react to them slowing the computer down from doing other things as
    >> they react to the scans and attacks.

    >
    > the packset flow is still on the wan line, so a slow down might be
    > possible, but I've never seen somebody who is scanning so stupid
    >
    >>> According to Wikipedia, a router would be needed if a homeuser may want
    >>> to set up a LAN or WLAN and connect all computers to the Internet
    >>> without having to pay a full broadband subscription service to their
    >>> ISP for each computer on the network.

    >
    > the little flashbox is a coputer with a small embeded OS which acts as an
    > router an filter (depends on the configuration)
    >
    >> That's part of it, but a router also provides protection too for a
    >> machine or machines from unsolicted scans and attacks from the Internet,
    >> as it sits in front of the computer to stop them.

    >
    > Nope, if you open with your browser a site which contains PoC for your
    > browser you'll be infected, if you get an email with the super winner
    > chance and click that you'll be infected.
    > There is no chance for the router to detect that.
    >
    >> There is nothing wrong with a single machine sitting behind a router --
    >> none -- and is a better solution than just connecting the computer
    >> directly to the modem, which is a direct connetion to the Internet no
    >> border device in between the modem and the computer like a router

    >
    >>I am going to subscribe to a high-speed internet service and the ISP will
    >>also supply a 'Hatary HW-AA 101 wireless ADSL2+ router'.

    >
    > She want to switch, doesn't she?
    >
    >> You don't, but some do try to do the right thing to provide better
    >> protection. You do know that anything like a 3rd PFW/packet filter or
    >> even Window's XP FW/packet filter can be taken out if malware can hit

    >
    > Doesn't matter, you also could place a bot at this computer (via
    > email,browser attacks or whatever), so the router will route every traffic
    > which comes from this computer, think about all the spam which comes from
    > dynamic dial up adresses, there are mostly no spammers
    >
    >>
    >> IMHO, you need to do the right things like get the router. along with
    >> doing some other things if the O/S will allow it.

    >
    > There is nothing wrong with a router, only the sentence "you're more
    > protected..".
    >
    > "Security is a process not a product" (Bruce Schneier)
    >
    > cheers



  9. Re: Router Issue.


    You are welcomed.

    Here are two other links that will help with FW technology understanding. A
    PFW/personal packet filter is NOT FW technology, and neither is NAT. NAT is
    mapping technology.

    http://www.vicomsoft.com/knowledge/r...irewalls1.html
    http://www.more.net/technical/netserv/tcpip/firewalls/


    "Cornelia Parsley" wrote in message
    news:ff3laj$3fc$1@aioe.org...
    > Thanks for detailed explanation and links. I am going to install this
    > router
    >
    > Best wishes...
    >
    > "Mr. Arnold" Arnold@Arnold.com> wrote in message
    > news:13h94vf2d03qfcc@corp.supernews.com...
    >>
    >> "Cornelia Parsley" wrote in message
    >> news:ff1pjt$ndp$1@aioe.org...
    >>> Do I really need a router?
    >>> I am presently on a dial-up 56K connection, an average homeuser with a
    >>> desktop computer. My OS is WinXP SP2. I work with LUA, use the in-build
    >>> firewall and Seconfig XP.

    >>
    >> That's dia-up. But back a few years ago, they did have routers for
    >> dial-up, and if I was soley using dial-up for a single machine, that
    >> router would be sitting there to protect the machine from the Internet,
    >> even on a dial-up.
    >>
    >>>
    >>> I am going to subscribe to a high-speed internet service and the ISP
    >>> will also supply a 'Hatary HW-AA 101 wireless ADSL2+ router'. The
    >>> router comes with a Quick Installation Guide and a Starter Kit CD-ROM.
    >>> ISP connection number, username and initial password will be provided by
    >>> the ISP which have to be added during installation. The program will
    >>> then setup the ADSL2+ router and make connection to the Internet
    >>> automatically.

    >>
    >> Why not? You do know that the router is a border device, and it acts more
    >> like a FW solution than XP's FW/packet filter does or any other 3rd party
    >> PFW/packet filter will do? The router has the two interfaces. One
    >> interface faces the WAN/Internet the untrusted zone, and the other
    >> interface faces the LAN the trusted zone. One of the definitions for a FW
    >> is it at least two interfaces.
    >>
    >> The router sits in front of the machine and stops unsolicted scans and
    >> attacks from reaching the computer so that a psersonal FW/packet filter
    >> along with the O/S, which the PFW/packet filter must run with the O/S,
    >> don't react to them slowing the computer down from doing other things as
    >> they react to the scans and attacks.
    >>
    >>>
    >>> According to Wikipedia, a router would be needed if a homeuser may want
    >>> to set up a LAN or WLAN and connect all computers to the Internet
    >>> without having to pay a full broadband subscription service to their ISP
    >>> for each computer on the network.

    >>
    >> That's part of it, but a router also provides protection too for a
    >> machine or machines from unsolicted scans and attacks from the Internet,
    >> as it sits in front of the computer to stop them.
    >>
    >> There is nothing wrong with a single machine sitting behind a router --
    >> none -- and is a better solution than just connecting the computer
    >> directly to the modem, which is a direct connetion to the Internet no
    >> border device in between the modem and the computer like a router
    >>
    >> You would be getting a NAT router.
    >>
    >> http://www.homenethelp.com/web/explain/about-NAT.asp
    >>
    >>>
    >>> Since I am a single pc user, I was wondering if it is really necessary
    >>> to install this router.
    >>>

    >>
    >> You don't, but some do try to do the right thing to provide better
    >> protection. You do know that anything like a 3rd PFW/packet filter or
    >> even Window's XP FW/packet filter can be taken out if malware can hit the
    >> computer and is executed, since it runs with the O/S, and the O/S can be
    >> attacked too and taken out leaving the computer wide open to the
    >> Internet. It's kind of hard to take down the router, since it's a
    >> standalone device and is not running with the O/S.
    >>
    >>> Could I not just go to Network Connections | Network Tasks | Create a
    >>> new connection and use the New Connection Wizard to Set up my connection
    >>> manually?

    >>
    >>> (Though my ISP refers to this type of connection as PPPoE LLC and not
    >>> PPPoE).
    >>>

    >> Sure you can.
    >>
    >>> Also, the Trouble Shooting list of the Quick Installation Guide points
    >>> out that the TCP/IP setting in network adapter of my pc should be set to
    >>> obtain and IP address and DNS.
    >>> Currently, the Service TCP/IP NetBIOS Helper is Disabled as are SMB and
    >>> RPC over TCP/IP.

    >>
    >> Why not, the machine even on a dial-up connection is set to obtain an IP
    >> and DNS so why can't a NIC do to it too? The computer's NIC can be set
    >> to not network too, which you should have been doing on the dial-up as
    >> well. So where is the problem?
    >>
    >>>
    >>> Must these services be re-instated to achieve ADSL connection?

    >>
    >> Just remove the Client for MS Networks and MS File & Printer Sharing off
    >> of the NIC and tell the NIC to Obtain an IP aitomatically, and you're
    >> good to go.
    >>
    >>
    >> IMHO, you need to do the right things like get the router. along with
    >> doing some other things if the O/S will allow it.
    >>
    >> http://labmice.techtarget.com/articl...ychecklist.htm

    >



  10. Re: Router Issue.

    Am Wed, 17 Oct 2007 06:31:20 -0400 schrieb Mr. Arnold:

    > "Burkhard Ott" wrote in message
    > news:ff4h3r$mla$1@el-srv04-CHE.srvnet.eastlink.de...
    >> Am Tue, 16 Oct 2007 20:02:11 -0400 schrieb Mr. Arnold:
    >>
    >>> That's wireless and that's Linksys. One egg doesn't apply to all
    >>> solutions.

    >>
    >> Do you have the firmware source code?
    >> I read about serveral others, but mostly dos issues.

    >
    > Does anyone have the source code? You have to know that this is a moot
    > point.


    The point is you are not more secure with one of these router, you
    shouldn't suggest it to others.

    > The average home user knows nothing about this. So, this is a moot point
    > as well.

    read above

    > Nothing is going to protect in this situation. What is your point?


    r.a.

    > So what about a router that's using SPI? What about a router that's a
    > packet filtering FW router working with the OSI model to filter packets? You
    > know they do exist.


    Have you ever seen a networkdevice which supports tcp/ip and does not
    working with the OSI model?
    So every existing device which supports the tcp/ip stack has to work with.

    > Once again, if the computer is compromised and software is doing this
    > running on the computer, it's not the router, FW appliance, gateway
    > computer running FW software or anything else's responsibility to stop it.
    > It's over and it's moot. I don't care if the solution cost $10,000 that's
    > sitting there.
    > Once again, this is a software situation/issue running on the computer,
    > with the O/S. It's whoever is sitting behind the mouse doing the
    > pointing, clicking and using the keyboard responsibility. One has to
    > know what one has, and what one is doing with any program, application
    > or technology. How is this the fault of the router? How is this the
    > responsibility of the router?


    It doesn't depend on the price there are a lot of models which
    could be comprimized by buffer overflows (the filter inside the router is
    mostly the problem), also the firmware is mostly pretty old etc. you name
    it.



    > BTW, I am a programmer by profession, for Windows Web, desktop and
    > client server solutions, and I have been doing it since 1980. I do
    > know what you're talking about. You can take it to the bank too that I
    > understand and know what you're talking about.


    And..? I am systemprogrammer under unix/linux, it has nothing to say.


    > Some can and are more than a simple FW. They cost more than $50-$70
    > considerably more than $50-$70, a typical price for a router for home
    > usage, and they are using NAT too, which NAT is not FW technology.


    has nothing to do with the price

    >> I only say you are not saver with an router, thats it.

    >
    > I disagree.


    Sure, accepted.


    > I only update a firmware when there is a need to update the firmware due
    > to some fuctionallity that I may need or a secuirty related issue, just
    > like what you are doing with your Open Source solution you talked about.
    > Just because a vendor comes out with an update does one need to go to an
    > update. In other words, if it's not broke, then you don't fix it some
    > cases and not all cases.


    What I try to tell you is, it is never impossible to break in and no
    device can protect you 100%.


    > To be honest, I don't think you can do it. I think you have a one track
    > mind.


    No you're totally wrong.

    > So? I use them both and none of the machines I use have been compormised
    > due to it. Again, it all depends upon who is sitting behind the wheel
    > and is doing the driving.


    Absolutely right, read above and you find that you told others a router
    makes it more secure, I said thats not true.

    > I guess you don't know what a packet filtering FW router is about. There
    > are FW routers that are more than some solution for home usage.


    Ok, big guru tell me what is the differnce between a packetfilter and the
    filter in tose routers.
    The most devices run a embedded linux/BSD with iptables or pf or similar.
    Filter on application layer looks (mostly) only for the protocollcode.

    Now I am really curious what I can learn from you.

    > That's the point. And did the OP listen to you, and not go with the
    > router based upon what you were and are saying? All I saw was he
    > complimented his secuirty by including the router, a wise decision. ;-)


    I understand and I diagree and wrote my points to that stuff.

    > I want to make very clear. I have nothing against you personally.


    Ok, I understood, I repeat it if necessary you are not more secure with an
    router.

    cheers

  11. Re: Router Issue.

    goarilla <"kevin DOT paulus AT skynet DOT be"> wrote:
    > i'm sorry to reply to this post but i was just reading it while i was
    > eager to ask this
    > you are clearly against personal firewalls on workstations but what
    > about dedicated machines with personal firewalls eg: a shorewall,
    > monowall, OpenBSD firewall for instance


    Those are not personal firewalls.

    Aside from that: trim your quotes.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  12. Re: Router Issue.



    > i'm sorry to reply to this post but i was just reading it while i was
    > eager to ask this
    > you are clearly against personal firewalls on workstations but what about
    > dedicated machines
    > with personal firewalls eg: a shorewall, monowall, OpenBSD firewall for
    > instance
    > or is your opinion just that all of them are simply snakeoil and the only
    > way to go for security
    > appliances is dedicated hardware solutions (eg the code is firmware).


    No I didn't say that, I got nothing against packet filters as long as they
    are acting as packet filters. If a personal FW or personal packet filter
    starts going beyond that with application control and things of that
    nature, then I have a problem with that. It's snake-oil those features in
    the packet filter, trying to protect the end-user from his or herself that
    the features cannot do. I will disable those features.

    I use the Vista packet filter on the laptop computer while away from my
    Watchguard FW appliance. When I am at home,
    then I have no need for any packet filter running on the Windows or Linux
    machines. I want to make a point that this is my situation. It may not fit
    your situation depending upon who else is on your LAN that you may need to
    protect the machine from using a personal packet filter on the machine.

    >
    > because i do use personal firewalls on my workstations since i don't have
    > a dedicated firewall sitting


    I have been in shops that not only had a $10,000 FW solution protecting from
    the Internet, but all the machines had the XP pro FW enabled too.

    > between my NAT router and switch. now in your opinion should i just flush
    > all my iptables, remove inetd, remove comodo on
    > windows machines and just buy one hw firewall appliance ?


    I would say to get a FW router or a low-end FW appliance to better protect
    the LAN and the machines on the LAN from the Internet. What other protection
    you may need to provide beyond that you'll need to make that determination.

    May I suggest that you read the two links that I gave with my last post to
    the OP. You should understand *What is a FW* and *What does the FW do?* in
    the first link. If the solutions you're talking about don't use two or more
    NIC(s) facing the WAN/Internet and use one or more NIC(s) facing the LAN,
    then it's not a FW solution and is just a machine level packet filter.

    I'll paste it here. I have to get some a little sleep before I have this
    phone interview at 2:30 pm.

    Bye

    What is a firewall?
    A firewall protects networked computers from intentional hostile intrusion
    that could compromise confidentiality or result in data corruption or denial
    of service. It may be a hardware device (see Figure 1) or a software program
    (see Figure 2) running on a secure host computer. In either case, it must
    have at least two network interfaces, one for the network it is intended to
    protect, and one for the network it is exposed to.
    A firewall sits at the junction point or gateway between the two networks,
    usually a private network and a public network such as the Internet. The
    earliest firewalls were simply routers. The term firewall comes from the
    fact that by segmenting a network into different physical subnetworks, they
    limited the damage that could spread from one subnet to another just like
    firedoors or firewalls. Figure 1: Hardware Firewall
    Hardware firewall providing protection to a Local Network






  13. Re: Router Issue.

    There is nothing else to discusse with you as you have missed the point
    entrierly.

    Bye


  14. Re: Router Issue.

    Mr. Arnold wrote:

    >
    >
    >> i'm sorry to reply to this post but i was just reading it while i was
    >> eager to ask this
    >> you are clearly against personal firewalls on workstations but what about
    >> dedicated machines
    >> with personal firewalls eg: a shorewall, monowall, OpenBSD firewall for
    >> instance
    >> or is your opinion just that all of them are simply snakeoil and the only
    >> way to go for security
    >> appliances is dedicated hardware solutions (eg the code is firmware).

    >
    > No I didn't say that, I got nothing against packet filters as long as they
    > are acting as packet filters. If a personal FW or personal packet filter



    Ah, at first a PFW should even get so far to become a usable packet filter
    at all. Means:

    - not being vulnerable to decade-old attacks (IP fragment reassembly...)
    - not being vulnerable to trivial DoS conditions (SYN/FIN/ICMP/UDP flooding)
    - providing access to TCP flags, packet filter states and Layer 7 states (if
    it interprets such protocols) in the rules
    - scriptability

    > starts going beyond that with application control and things of that
    > nature, then I have a problem with that. It's snake-oil those features in
    > the packet filter, trying to protect the end-user from his or herself that
    > the features cannot do. I will disable those features.



    You typically can't. It will still hook functions and still be vulnerable to
    DoS and validation problems (typically leading to privilege escalation).

  15. Re: Router Issue.

    Sebastian G. wrote:
    > Mr. Arnold wrote:
    >
    >>
    >>
    >>> i'm sorry to reply to this post but i was just reading it while i was
    >>> eager to ask this
    >>> you are clearly against personal firewalls on workstations but what
    >>> about
    >>> dedicated machines
    >>> with personal firewalls eg: a shorewall, monowall, OpenBSD firewall for
    >>> instance
    >>> or is your opinion just that all of them are simply snakeoil and the
    >>> only
    >>> way to go for security
    >>> appliances is dedicated hardware solutions (eg the code is firmware).

    >>
    >> No I didn't say that, I got nothing against packet filters as long as
    >> they
    >> are acting as packet filters. If a personal FW or personal packet filter

    >
    >
    > Ah, at first a PFW should even get so far to become a usable packet
    > filter at all. Means:
    >
    > - not being vulnerable to decade-old attacks (IP fragment reassembly...)
    > - not being vulnerable to trivial DoS conditions (SYN/FIN/ICMP/UDP
    > flooding)
    > - providing access to TCP flags, packet filter states and Layer 7 states
    > (if it interprets such protocols) in the rules
    > - scriptability
    >


    ok iptables doesn't doesn't allow to filter on application headers
    but you can however only allow certain apps

    >> starts going beyond that with application control and things of that
    >> nature, then I have a problem with that. It's snake-oil those features in
    >> the packet filter, trying to protect the end-user from his or herself
    >> that
    >> the features cannot do. I will disable those features.

    >
    >
    > You typically can't. It will still hook functions and still be
    > vulnerable to DoS and validation problems (typically leading to
    > privilege escalation).


  16. Re: Router Issue.

    goarilla wrote:


    > ok iptables doesn't doesn't allow to filter on application headers
    > but you can however only allow certain apps



    iptables/netfilter doesn't filter by applications/PIDs/whatever, only by
    e(U|G)ID at best, and even that just for management issues. Anything beyond
    is the scope of SELinux, and even there it's just for completeness, not for
    actually providing any hard security boundary.

  17. Re: Router Issue.

    Sebastian G. wrote:
    > goarilla wrote:
    >
    >
    >> ok iptables doesn't doesn't allow to filter on application headers
    >> but you can however only allow certain apps

    >
    >
    > iptables/netfilter doesn't filter by applications/PIDs/whatever, only by
    > e(U|G)ID at best, and even that just for management issues. Anything
    > beyond is the scope of SELinux, and even there it's just for
    > completeness, not for actually providing any hard security boundary.

    from the man page
    --cmd-owner name
    Matches if the packet was created by a process with the
    given
    command name. (this option is present only if iptables
    was com-
    piled under a kernel supporting this feature)

    offcorse this is only for outbound traffic
    and if you rename a cmd to an allowed command all bets are off

  18. Re: Router Issue.

    On Tue, 16 Oct 2007 14:36:39 +0700, "Cornelia Parsley"
    wrote:

    >
    >Could I not just go to Network Connections | Network Tasks | Create a new
    >connection and use the New Connection Wizard to Set up my connection
    >manually?
    >(Though my ISP refers to this type of connection as PPPoE LLC and not


    That's what I did with my dsl. I don't like it connected all the time.
    Supposedly my modem is a combo modem / router. I use Zone Alarm Pro
    and have no troubles.

    I even turned 'workstation' off in Services. - WinXP Home

  19. Re: Router Issue.

    WaIIy wrote:

    > I use Zone Alarm Pro and have no troubles.



    That's an obvious contradiction.

  20. Re: Router Issue.

    Sebastian G. wrote:
    > WaIIy wrote:
    >
    >> I use Zone Alarm Pro and have no troubles.

    >
    >
    > That's an obvious contradiction.

    you really hate ZA don't you ?

+ Reply to Thread
Page 1 of 2 1 2 LastLast