A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Router and software firewalls?



 
 
Thread Tools Display Modes
  #1  
Old June 5th 04, 11:55 PM posted to uk.telecom.broadband
Gareth
external usenet poster
 
Posts: 75
Default Router and software firewalls?

Since I ditched my external USB modem and started to use a Netgear
router/modem I've noticed that ZoneAlarm isn't detecting any inbound alerts.
I know that the Netgear router/modem has its own basic firmware firewall but
I'm a bit confused as to why that firewall log is only displaying 1 or 2
inbound alerts per day instead of the 20 to 30 or more per hour I was
receiving when not using the router/modem.

Is it normal for no inbound alerts at all to register with a software
firewall when a basic hardware firewall is being used earlier on in the
chain?

Gareth.


  #2  
Old June 6th 04, 12:13 AM posted to uk.telecom.broadband
Brian Gregory [UK]
external usenet poster
 
Posts: 208
Default Router and software firewalls?

"Gareth" wrote in message

Since I ditched my external USB modem and started to use a Netgear
router/modem I've noticed that ZoneAlarm isn't detecting any inbound
alerts. I know that the Netgear router/modem has its own basic
firmware firewall but I'm a bit confused as to why that firewall log
is only displaying 1 or 2 inbound alerts per day instead of the 20 to
30 or more per hour I was receiving when not using the router/modem.

Is it normal for no inbound alerts at all to register with a software
firewall when a basic hardware firewall is being used earlier on in
the chain?


Yes it's normal.

Put in the simplest terms - the default configuration of a router is to
allow connection of more than one computer to the internet this means
that when something totally un-invited arrives the router by default has
no way of deciding where it should send it (which computer) so it just
gets dropped.

This works like a simple firewall but it's actually inherent to the NAT
(Network Address Translation) the router performs in order to allow
sharing of the internet connection between more than one computer.

--

Brian Gregory (In the UK).

To email me remove the letter vee.


  #3  
Old June 6th 04, 12:24 AM posted to uk.telecom.broadband
Mark McIntyre
external usenet poster
 
Posts: 1,835
Default Router and software firewalls?

On Sat, 5 Jun 2004 23:55:29 +0100, "Gareth"
wrote:

Since I ditched my external USB modem and started to use a Netgear
router/modem I've noticed that ZoneAlarm isn't detecting any inbound alerts.
I know that the Netgear router/modem has its own basic firmware firewall but
I'm a bit confused as to why that firewall log is only displaying 1 or 2
inbound alerts per day instead of the 20 to 30 or more per hour I was
receiving when not using the router/modem.


The h/w firewall is probably blocking everything inbound except email,
but is not logging the junk traffic such as ARP packets, harmless
script-kiddy probes etc. Thats probably a good thing as there's no
point logging low-danger junk when there's plenty of real stuff to
log. My own f/w is somewhat more chatty in its logs, which can be a
slight pain sometimes.

Is it normal for no inbound alerts at all to register with a software
firewall when a basic hardware firewall is being used earlier on in the
chain?


Yes. I get ~20 alerts per day, but only because I opened port 80 for
my webserver. With port 80 closed, I get almost none.
  #4  
Old June 6th 04, 12:29 AM posted to uk.telecom.broadband
Graham
external usenet poster
 
Posts: 106
Default Router and software firewalls?


This works like a simple firewall but it's actually inherent to the NAT
(Network Address Translation) the router performs in order to allow
sharing of the internet connection between more than one computer.



Does this mean that computers on an ICS network are safer than a single
machine directly connected to the internet, assuming no h/w or s/w firewall
in ether case?

And if that is the case, does the added immunity from attack apply to the
ICS gateway itself,or just the computers behind it?


Graham.



%profound_observation%





  #5  
Old June 6th 04, 10:22 AM posted to uk.telecom.broadband
shope
external usenet poster
 
Posts: 15
Default Router and software firewalls?


"Mark McIntyre" wrote in message
...
On Sat, 5 Jun 2004 23:55:29 +0100, "Gareth"
wrote:

Since I ditched my external USB modem and started to use a Netgear
router/modem I've noticed that ZoneAlarm isn't detecting any inbound

alerts.
I know that the Netgear router/modem has its own basic firmware firewall

but
I'm a bit confused as to why that firewall log is only displaying 1 or 2
inbound alerts per day instead of the 20 to 30 or more per hour I was
receiving when not using the router/modem.


The h/w firewall is probably blocking everything inbound except email,
but is not logging the junk traffic such as ARP packets, harmless
script-kiddy probes etc. Thats probably a good thing as there's no
point logging low-danger junk when there's plenty of real stuff to
log. My own f/w is somewhat more chatty in its logs, which can be a
slight pain sometimes.


email forwarding through the h/w firewall is only likely if you run your own
local email server, otherwise you probably use POP to get it from an ISP
server - in which case your PC has to initiate a connection for mail as
well.

i dont know which netgear you have, but my fr314 does log most things - it
is set to email the log when full, or each sunday to my PC.
If you havent set email alerts, there should be a log you can access from
the web management interface.

the fr314 doesnt log ARP queries though - which is probably a good thing on
a cable broadband link with dozens of ARPs per minute.

Is it normal for no inbound alerts at all to register with a software
firewall when a basic hardware firewall is being used earlier on in the
chain?


Yes. I get ~20 alerts per day, but only because I opened port 80 for
my webserver. With port 80 closed, I get almost none.

--
Regards

Stephen Hope - return address needs fewer xxs


  #6  
Old June 6th 04, 11:17 AM posted to uk.telecom.broadband
Mark McIntyre
external usenet poster
 
Posts: 1,835
Default Router and software firewalls?

On Sun, 6 Jun 2004 00:29:56 +0100, "Graham" wrote:


This works like a simple firewall but it's actually inherent to the NAT
(Network Address Translation) the router performs in order to allow
sharing of the internet connection between more than one computer.



Does this mean that computers on an ICS network are safer than a single
machine directly connected to the internet, assuming no h/w or s/w firewall
in ether case?


Not really, because the ICS machine is not a NAT box, and a probe of
the ICS machine might compromise it, and thus your entire network. Its
much harder to compromise a dedicated NAT unit because its not running
any s/w except that routing protocols, and so has less vulnerabilities
than a windows machine running a zillion other pieces of s/w.

And if that is the case, does the added immunity from attack apply to the
ICS gateway itself,or just the computers behind it?


Neither.
  #7  
Old June 6th 04, 11:27 AM posted to uk.telecom.broadband
Greg Hennessy
external usenet poster
 
Posts: 97
Default Router and software firewalls?

On Sat, 5 Jun 2004 23:55:29 +0100, "Gareth"
wrote:

Since I ditched my external USB modem and started to use a Netgear
router/modem I've noticed that ZoneAlarm isn't detecting any inbound alerts.


As expected.

I know that the Netgear router/modem has its own basic firmware firewall but
I'm a bit confused as to why that firewall log is only displaying 1 or 2
inbound alerts per day instead of the 20 to 30 or more per hour I was
receiving when not using the router/modem.


Thats because the public address on the router is now the endpoint for the
those connections, not your PC as previously.

Is it normal for no inbound alerts at all to register with a software
firewall


Quite, the packets are being stopped dead at your perimeter router.



greg

--
"vying with Platt for the largest gap
between capability and self perception"
  #8  
Old June 6th 04, 11:27 AM posted to uk.telecom.broadband
Greg Hennessy
external usenet poster
 
Posts: 97
Default Router and software firewalls?

On Sun, 6 Jun 2004 00:29:56 +0100, "Graham" wrote:


This works like a simple firewall but it's actually inherent to the NAT
(Network Address Translation) the router performs in order to allow
sharing of the internet connection between more than one computer.



Does this mean that computers on an ICS network are safer than a single
machine directly connected to the internet, assuming no h/w or s/w firewall
in ether case?


Assuming the PC running ICS has been suitably hardened, the answer to that
question is yes.

And if that is the case, does the added immunity from attack apply to the
ICS gateway itself,or just the computers behind it?


If you harden the ICS gateway that is indeed the case.


If the PC running ICS is not used for anything else, It would be prudent to
replace the win32 bit and install any one of the following on there instead

www.astaro.com
www.smoothwall.org
www.ipcop.org
http://m0n0.ch/wall/


All are good and would provide additional defence in depth for your
existing network.



greg



--
"vying with Platt for the largest gap
between capability and self perception"
  #9  
Old June 6th 04, 06:27 PM posted to uk.telecom.broadband
Gareth
external usenet poster
 
Posts: 75
Default Router and software firewalls?


"Brian Gregory [UK]" wrote in message
...

Put in the simplest terms - the default configuration of a router is to
allow connection of more than one computer to the internet this means
that when something totally un-invited arrives the router by default has
no way of deciding where it should send it (which computer) so it just
gets dropped.

This works like a simple firewall but it's actually inherent to the NAT
(Network Address Translation) the router performs in order to allow
sharing of the internet connection between more than one computer.


Hmm, is the implication of this that when using a single PC with a NAT
router it is not really necessary to use a software firewall under XP?

Gareth.


  #10  
Old June 6th 04, 07:24 PM posted to uk.telecom.broadband
Greg Hennessy
external usenet poster
 
Posts: 97
Default Router and software firewalls?

On Sun, 6 Jun 2004 18:27:35 +0100, "Gareth"
wrote:


This works like a simple firewall but it's actually inherent to the NAT
(Network Address Translation) the router performs in order to allow
sharing of the internet connection between more than one computer.


Hmm, is the implication of this that when using a single PC with a NAT
router it is not really necessary to use a software firewall under XP?


Defence in depth is the key to securing any network, big or small.

For the sake of 30 odd quid, you are *lot* more secure using a router.


greg

--
"vying with Platt for the largest gap
between capability and self perception"
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Router firewalls - no need for Zonealarm ? zero uk.telecom.broadband (UK broadband) 28 February 16th 04 06:24 PM
ICS & Firewalls Trevor Dennis uk.telecom.broadband (UK broadband) 11 September 19th 03 08:44 PM
firewalls / anti virus John Hood uk.telecom.broadband (UK broadband) 9 September 11th 03 10:53 PM
Newbie confused by firewalls John Edwards uk.telecom.broadband (UK broadband) 7 August 12th 03 09:26 PM
software recommendations Josey uk.telecom.broadband (UK broadband) 0 July 22nd 03 10:53 AM


All times are GMT +1. The time now is 01:14 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.