[Dshield] Home LANs, firewalls, and DShield submissions

Neil Richardson neilr at ieee.org
Wed May 29 06:45:58 GMT 2002


Hi, All.

    I assume I'm like the majority of people here when I say that I have 
several home computers connected with a router and sharing an internet 
connection.  (I'm just a User with a firewall--not an Admin with Experience.)

    While testing some internet software, I ended up moving the test 
machine into the router's "DMZ", and discovered to my delight that the 
various probes and packets the router had been blocking were being passed 
in and captured by my machine's firewall (like I said: I'm just a User.)

    Having captured a bunch of packets, I went to submit them using the 
Windows client and discovered that the default rules block submission of 
traffic to/from 192.168.0.x.  Because I'm behind the router, my machine 
only knows it's address on the local network.  I can think of a couple of 
ways to automatically get the address assigned to the router, but none of 
them seem foolproof (i.e.: gets address, loses connection, gets new 
address, doesn't get new address for several hours.)

    My question is this: Is the knowledge that 1.2.3.4 sent a packet to 
port 80 of "some machine" useful enough information to submit?  (Obviously 
it'd be useless for FightBack, but I'm not sure whether it'd be useful for 
tracking net trends in general, which is the only other reason I can think 
to submit.)  If not, how are other people dealing with this issue?  (In 
case it makes a difference, it's a NetGear "Web Safe" RP114 router.  It 
claims the ability to send logs to a local *nix machine, but I have neither 
the expertise to configure this nor a suitable host--I'm running all 
Winblows machines here.)


Thanks,

Neil R.

-- 
Supreme Lord High Commander and Keeper of the Holy Potato
----------
Random thought for the day:

    I am NOT Paranoid! And why are you always watching me??





More information about the list mailing list