A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Stateful stealth firewall, router, modem all-in-one



 
 
Thread Tools Display Modes
  #1  
Old February 20th 04, 09:24 PM posted to uk.telecom.broadband,uk.media.broadband,free.uk.internet.broadband
James Harris
external usenet poster
 
Posts: 4
Default Stateful stealth firewall, router, modem all-in-one


I know similar questions have been asked so my apologies for another whats-the-best
question. I'm wanting to replace my current broadband connection via my main PC with an
all-in-one box. Primary wants are

1) stateful firewall with packet inspection, rejection of common attacks, non-responsive
to unauthorised access attempts ("stealth" mode)
2) router working with DHCP client (for WAN) and server (for LAN)
3) NAT to present the outside world with one IP address and many TCP and UDP ports
representing the many internal IP addresses
4) Four or more Lan ports at 10/100
5) Compatible with UK ADSL

Despite searching I cannot find any single box that clearly does all of the above - and
it's not a long list! Ones I have looked at include the Netgear DG834 which does stateful
inspection but I can't see that is has a stealth mode. Also I'm not sure that its NAT will
assign TCP and UDP ports as described. It says it has NAT many-to-one. Is this the same?

The other one I've looked at is the Trust 445A but I'm not sure its firewall engine is
truly stateful and "stealthy"

Much appreciate any guidance. As you can see the firewall functionality is key.
--
Cheers,
James


  #2  
Old February 20th 04, 09:34 PM posted to uk.telecom.broadband,uk.media.broadband,free.uk.internet.broadband
Alexander Mann
external usenet poster
 
Posts: 17
Default Stateful stealth firewall, router, modem all-in-one

James Harris wrote:

I know similar questions have been asked so my apologies for another whats-the-best
question. I'm wanting to replace my current broadband connection via my main PC with an
all-in-one box. Primary wants are

1) stateful firewall with packet inspection, rejection of common attacks, non-responsive
to unauthorised access attempts ("stealth" mode)
2) router working with DHCP client (for WAN) and server (for LAN)
3) NAT to present the outside world with one IP address and many TCP and UDP ports
representing the many internal IP addresses
4) Four or more Lan ports at 10/100
5) Compatible with UK ADSL

Despite searching I cannot find any single box that clearly does all of the above - and
it's not a long list! Ones I have looked at include the Netgear DG834 which does stateful
inspection but I can't see that is has a stealth mode. Also I'm not sure that its NAT will
assign TCP and UDP ports as described. It says it has NAT many-to-one. Is this the same?

The other one I've looked at is the Trust 445A but I'm not sure its firewall engine is
truly stateful and "stealthy"

Much appreciate any guidance. As you can see the firewall functionality is key.


Stealth mode isn't everything. A closed port is just that - closed.

Anyways, I think the SAR715 from Solwise would do what you want and the
Vigor 2600 from Draytek seems to do everything.

It might be more sensible to go for separate boxes, though.

--
Alexander Mann
  #3  
Old February 20th 04, 10:34 PM posted to uk.telecom.broadband,uk.media.broadband,free.uk.internet.broadband
James Harris
external usenet poster
 
Posts: 4
Default Stateful stealth firewall, router, modem all-in-one

Stealth mode isn't everything. A closed port is just that - closed.

Ah, but doesn't a closed port report back to the sender that the IP exists but that the
port is not available - perhaps an ICMP port or protocol unreachable? Am currently using
Zone Alarm. It does a great job on one PC but tells me how many times I am hit with a ping
or a Netbios connect from another computer. Presumably if my PC were to respond to these I
would then be hit with a flurry of port scans.

I have been using Vsocks Light to proxy other machines and I have twice caught what look
like hack attempts working through that software, one from Australia and the other from
Israel. The first was transferring a lot of data when I caught it. Hence my desire for the
IP to remain hidden.

Thanks for your recommendations.
--
Cheers,
James


  #4  
Old February 20th 04, 10:55 PM posted to uk.telecom.broadband,uk.media.broadband,free.uk.internet.broadband
John Mason
external usenet poster
 
Posts: 1
Default Stateful stealth firewall, router, modem all-in-one


"James Harris" no.email.please wrote in message
.. .
Stealth mode isn't everything. A closed port is just that - closed.


Ah, but doesn't a closed port report back to the sender that the IP exists

but that the
port is not available - perhaps an ICMP port or protocol unreachable? Am

currently using
Zone Alarm. It does a great job on one PC but tells me how many times I am

hit with a ping
or a Netbios connect from another computer. Presumably if my PC were to

respond to these I
would then be hit with a flurry of port scans.

I have been using Vsocks Light to proxy other machines and I have twice

caught what look
like hack attempts working through that software, one from Australia and

the other from
Israel. The first was transferring a lot of data when I caught it. Hence

my desire for the
IP to remain hidden.

Thanks for your recommendations.
--
Cheers,
James


Yep Draytek is the way to go. Any unauthorised inbound packets are just
dropped. Nothing sent back.


  #5  
Old February 20th 04, 10:58 PM posted to uk.telecom.broadband,uk.media.broadband,free.uk.internet.broadband
Josey
external usenet poster
 
Posts: 103
Default Stateful stealth firewall, router, modem all-in-one


"James Harris" no.email.please wrote in message

The other one I've looked at is the Trust 445A but I'm not sure its

firewall engine is
truly stateful and "stealthy"


Solwise SAR130 (and the similar, but older SAR110) have statefull
inspection, and a couple of IP rules later you have a system that attains
"truestealth" from shieldsup.

In fact I think (do check the specs) the only thing it doesn't have is the 4
ports, but a 10/100 4 port switch can be purchased for less than 20.

Checkout www.solwise.co.uk and http://www.chrismarsh.co.uk/sar110/ for the
rules to stealth the router.

Jc.


  #6  
Old February 20th 04, 11:09 PM posted to uk.telecom.broadband,uk.media.broadband,free.uk.internet.broadband
Alexander Mann
external usenet poster
 
Posts: 17
Default Stateful stealth firewall, router, modem all-in-one

James Harris wrote:

Stealth mode isn't everything. A closed port is just that - closed.



Ah, but doesn't a closed port report back to the sender that the IP exists but that the
port is not available - perhaps an ICMP port or protocol unreachable? Am currently using
Zone Alarm. It does a great job on one PC but tells me how many times I am hit with a ping
or a Netbios connect from another computer. Presumably if my PC were to respond to these I
would then be hit with a flurry of port scans.


No, not really. These scans are automated - most are from viruses.
Closed is the "correct" response but sites like GRC.com recommend
"stealthing" your ports - previously referred to as "filtering". Pings
aren't dangerous and most systems on the net reply to ping requests.
There's not a lot in it, though.

I'm using a SAR-130 which does the job well. My only gripe is that it
insists on "stealthing" ports rather than responding with closed but
that wouldn't bother you :-) It only has one LAN port, though, so you'd
need a separate hub/switch.

Alex
--
Alexander Mann
  #7  
Old February 20th 04, 11:15 PM posted to uk.telecom.broadband,uk.media.broadband,free.uk.internet.broadband
Graham Tavener
external usenet poster
 
Posts: 30
Default Stateful stealth firewall, router, modem all-in-one

James,
If you have any closed ports visible, you can find out using
http://scan.sygate.com/probe.html
The ones that are seen as closed can be made stealthy by forwarding them to
a bogus internal IP and port.

For example you have an external 'closed' port 80, you forward this to
internal IP 192.168.0.254 Port 49151, you can forward a number of external
ports to the same internal IP and port, that way from an external source it
looks as if there is no reply and the traffic disappears into a black hole.
Just make sure you have your DHCP server set to only give out addresses up
to .253 and nothing will be on the other end, also port 49151 or similar
will reduce the chance of there being an application using the same.

So you just need a router that allows you to do port forwarding and a decent
configuration interface.

Works for me.

Graham



"James Harris" no.email.please wrote in message
.. .
Stealth mode isn't everything. A closed port is just that - closed.


Ah, but doesn't a closed port report back to the sender that the IP exists

but that the
port is not available - perhaps an ICMP port or protocol unreachable? Am

currently using
Zone Alarm. It does a great job on one PC but tells me how many times I am

hit with a ping
or a Netbios connect from another computer. Presumably if my PC were to

respond to these I
would then be hit with a flurry of port scans.

I have been using Vsocks Light to proxy other machines and I have twice

caught what look
like hack attempts working through that software, one from Australia and

the other from
Israel. The first was transferring a lot of data when I caught it. Hence

my desire for the
IP to remain hidden.

Thanks for your recommendations.
--
Cheers,
James



  #8  
Old February 20th 04, 11:36 PM posted to uk.telecom.broadband,uk.media.broadband,free.uk.internet.broadband
James Harris
external usenet poster
 
Posts: 4
Default Stateful stealth firewall, router, modem all-in-one


"Josey" wrote in message
...

Solwise SAR130 (and the similar, but older SAR110) have statefull
inspection, and a couple of IP rules later you have a system that attains
"truestealth" from shieldsup.


Checkout www.solwise.co.uk and http://www.chrismarsh.co.uk/sar110/ for the
rules to stealth the router.


I'm indebted for this info. From the Solwise advertising I didn't see any reference to a
stateful engine but it's there in the info on the second URL. Hiding a light under a
measuring basket?

The link to Shieldsup was excellent too. For the record, when running against my PC I got,
Your system has achieved a perfect "TruStealth" rating. Not a single packet - solicited or
otherwise - was received from your system as a result of our security probing tests. Your
system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the
standpoint of the passing probes of any hacker, this machine does not exist on the
Internet. Some questionable personal security systems expose their users by attempting to
"counter-probe the prober", thus revealing themselves. But your system wisely remained
silent in every way. Very nice.
which is exactly what I want to see when the router is in place!
--
Thanks again,
James


  #9  
Old February 20th 04, 11:50 PM posted to uk.telecom.broadband,uk.media.broadband,free.uk.internet.broadband
Greg Hennessy
external usenet poster
 
Posts: 97
Default Stateful stealth firewall, router, modem all-in-one

On Fri, 20 Feb 2004 21:24:15 -0000, "James Harris" no.email.please wrote:



1) stateful firewall with packet inspection, rejection of common attacks, non-responsive
to unauthorised access attempts ("stealth" mode)


Stealth is overrated, and for some operations like delivering smtp mail,
logging into some ftp sites etc, 100% stealth causes severe problems.



2) router working with DHCP client (for WAN) and server (for LAN)


Most do that.

3) NAT to present the outside world with one IP address and many TCP and UDP ports
representing the many internal IP addresses


I've yet to see one which didn't support some form of hide mode nat/PAT.


4) Four or more Lan ports at 10/100
5) Compatible with UK ADSL

Despite searching I cannot find any single box that clearly does all of the above - and
it's not a long list!


A cisco 827 with Firewall feature set will most definitely do it. As will
the Speedtouch 510V4 I have here.

Much appreciate any guidance. As you can see the firewall functionality is key.


If its firewall functionality you're after, it doesn't get much tighter
than a crisco.



greg.
--
You do a lot less thundering in the pulpit against the Harlot
after she marches right down the aisle and kicks you in the nuts.
  #10  
Old February 21st 04, 03:26 AM posted to uk.telecom.broadband,uk.media.broadband,free.uk.internet.broadband
tHatDudeUK
external usenet poster
 
Posts: 87
Default Stateful stealth firewall, router, modem all-in-one


"Greg Hennessy" wrote in message
...
If its firewall functionality you're after, it doesn't get much tighter
than a crisco.


Or expensive :-)


 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Does any ISP provide a combo Wireless Modem, Router, Firewall...? Grumpycrab uk.telecom.broadband (UK broadband) 8 December 28th 03 05:59 PM
firewall with low-end cpu (K5-75) and USB modem robert w hall uk.telecom.broadband (UK broadband) 5 September 11th 03 09:45 AM
ADSL alcatel speedtouch router stealth ports Mori uk.telecom.broadband (UK broadband) 1 September 7th 03 05:31 PM
Router,ADSL modem, firewall and 54g wireless all in one. Ian McNeill uk.telecom.broadband (UK broadband) 7 August 31st 03 08:55 PM
cpu to run usb adsl modem on dedicated firewall robert w hall uk.telecom.broadband (UK broadband) 9 August 13th 03 09:00 AM


All times are GMT +1. The time now is 09:40 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.