Results 1 to 14 of 14

Thread: Firewalls

  1. #1
    Star Lounger
    Join Date
    Mar 2001
    Posts
    94
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Firewalls

    Is a hardware firewall such as in a router simply a software firewall embedded in ROM or is there actually hardware doing the job?

    Bruce

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Firewalls

    Ultimately, it's all software, isn't it? <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15>

    A router may follow a different approach to packet filtering than a "stateful packet inspection" firewall, which is the most common kind. Most home routers don't offer a lot of configuration flexibility. The more you see, the more SPI firewall functions they have grafted on. Which can be good for consumers, as long as we don't forget their limitations or end up with confusing conflicts among our gatekeepers.

  3. #3
    New Lounger
    Join Date
    Aug 2003
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Firewalls

    How do you know/control what the firewall is stopping and letting pass through. I can see that it makes your ports "stealth" but does it stop any attacks. I know I have spyware on my system that is sending out information, but it seems the microsoft router is not detecting this, nor is it stopping this. The software firewall (outpost) I was using before detected this and stopped its transmission.

    Ross

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Firewalls

    If by "Microsoft Router" you mean the Microsoft Internet Connection Firewall, this is a one-way mechanism, namely it prevents naughty information reaching your PC FROM the internet... NOT vice versa.

    Time for something like Zone Alarm, if you want to protect both directions?
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Firewalls

    The stealth/non-stealth option usually means this:

    Stealth: throw away the incoming packet as if nothing happened
    Non-stealth: tell the sender that the incoming packet is rejected

    The latter informs the sender that there it found a live host (machine), and may encourage additional probing. Unless a vendor is very confused, allowing communications through a port would never be called stealth mode.

  6. #6
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Seattle, Washington
    Posts
    320
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Firewalls

    I would appreciate clarification on what I'm about to say, as my knowledge is that of a consumer and not a technician, but a router provides "NAT", or network address translation. What this means is that the address the world sees is that of the router, not your computer. The router assigns an address to each computer or device on your network, which is not visible to the internet side of the router. This provides an effective firewall, unless and until, of course, you allow ports to be forwarded across the router. Boy, I'm more than willing to be shot down, here, but I believe this is how this all works, and in my case, in practice, without any software firewall installed (other than the NAT provided by the router), my computer is not visible to any detection scan that I have tried.

    How'd I do?

    kip

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Firewalls

    Your description is perfect so far as it goes. But - if you start a session with a third party, then it has "inside information" that might allow it to reach out and touch your other ports. So NAT can protect you from random probes, but might not protect you from a rogue web site you visit or rogue IM "buddy" to whom you advertise your presence. I can't point you to any specific exploits, but the foregoing seems to be in the realm of possibility.

  8. #8
    Banned Member
    Join Date
    Jul 2002
    Location
    Newport Richey, Florida, USA
    Posts
    2,149
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Firewalls

    I have a Question. Could you Daisy Chain Routers and protect your Computer even more? Or is this possible. I use a Router but I have never tried to hook more then one up at a time. Like if I had two four port routers would this be possible, and would I have to use a crossover between the two routers to make it work.

  9. #9
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Brantford, Ontario, Canada
    Posts
    2,391
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Firewalls

    I think you're already in that situation Cowboy. It would seem to me, any ISP will have a router SOMEWHERE in the line you're using to get to the internet.

    If you've got a spare computer and NIC laying around, you could try to setup the Internet Connection Sharing between the ISP and your modem... to see what happens.

    Hmm... I'm interested in this now <img src=/S/grin.gif border=0 alt=grin width=15 height=15>.

    Second thought.... I think I did this, while I was without broadband a few months ago. I was using AOL (it was free for 3 months) on dialup. I was using the AnalogX Proxy software on my main computer. Then, using my Linksys 4 Port Router AND Linksys Wireless Access Point, I was able to configure my laptop to go through each device to the Internet.

    Let me tell you.. it was interesting.
    Christopher Baldrey

  10. #10
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Firewalls

    I think trying to use multiple routers would only make your life more difficult, not more secure, unless you're trying to protect yourself from someone in your own network. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

  11. #11
    Banned Member
    Join Date
    Jul 2002
    Location
    Newport Richey, Florida, USA
    Posts
    2,149
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Firewalls

    Nah, I just have a peer to peer at home. I just wondering if it would just be more protection from the Internet. No big deal I was just curious.

  12. #12
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Firewalls

    <P ID="edit" class=small>(Edited by jscher2000 on 20-Aug-03 17:05. Whoops)</P>Some peer to peer programs can bypass a firewall like so:

    (1) Stranger wants to visit your computer, sees you listed in the network, sends a request for you to contact him.
    (2) Your computer constantly polls the network for requests, sees the request, makes an outbound connection to Stranger.
    (3) Firewall allows Stranger to talk to you over the connection because it think you initiated it.

    Moral: don't talk to Stranger.

    Added: I interpreted "peer-to-peer" in its Gnutella sense. If that's not what you meant, then never mind. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

  13. #13
    Banned Member
    Join Date
    Jul 2002
    Location
    Newport Richey, Florida, USA
    Posts
    2,149
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Firewalls

    I was talking about Home Networking.

  14. #14
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Firewalls

    "Home Networking" and "peer to peer" are one in the same. Anything else will require some "Domain network" software, i.e., NT Server, Novell, and etc.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •