[Dshield] firewall help request
areust at comcast.net
Fri Oct 3 04:08:17 GMT 2003
Hello Gary et Al
As topic should be what to use as personal router/firewalls. Those
recommendations and information gleaned by the group can make a difference
in the Internet Weather. Provided proper information to friends and family
(who pass it on) can make a small differences in the number of machines
that are owned by unfriendlies in the community. So while it may be off
topic, there should be information at some location other than profit
driven sources. Perhaps a compiled web page about experiences and opinions.
Basically DSL provides a router and Cable provides a modem. DSL provides a
Point to Point protocol and Cable provides very similar to NetBios.
Neither really provides a Firewall other than you purchase your own at a
higher pricetag. In the DSL area the router was designed for NAT and in the
cable area designed to provide the number of DHCP addresses paid for. Thus
a Firewall is desired in both instances.
Thankfully my Linksys BEFSR41 (and more things stopped happening after the
last firmware upgrade that was installed and re-installed) died (just out
of warranty) I moved to a Netgear. After many discussions with Linksys
"support" with No Joy. I was faced with basically telling them that in no
way if you compare it with the RFC does it really qualify as a Router, and
should be 'better" described as a DHCP enable NAT-Hub with DNS forwarding.
I also, after having spent many hours (frustrated) stated that I would
become one of their best advertisers.
The primary reason this came about was as I rebuilt the server on my home
(cable access) network before I had reinstalled Zone Alarm, literally
watched people trying to break into my machine. They were attempting to
crack my administrator password. My eventlog showed that my administrator
account was locked out due to failed password attempts. Out of curiosity I
renamed the administrator account and within 15 minutes watched them
attempt to break the newly renamed administrator account. So during this
whole evolution, I was happy when the Linksys died. I purchased a Netgear
MR814v2 (including a WAP which I have not turned on) took less than 15
minutes to have up and running and about 5 minutes to start setting up the
Firewall to block ports that I do not desire. As soon as I started blocking
135, 137~139 and 445 I was amazed at how quiet things started to became
(not to mention other undesirable ports). Then besides "expected" specifics
my Zone Alarm logs say there is No activity. It was very easy to configure
for my live-in web server and SSL Ftp.
So after having closed the holes again. I have found that the script
kiddies have pretty much stopped trying to get in from that vector (NetBios
ports). My IIS logs show that they still try from that vector. My logs
continue to show that they are given the "You are the #1 hand sign."
The Netgear was purchased at Best buy for $79.00 with $40.00 of mail in
rebates. That was hard to beat. Ease of setup compared to some others that
I have configured (family and friends, that is usually a non paid function.
So ease of setup and decreased maintenance are important, which usually
ends up in a couple of beers or a bad meal. Remote maintenance (tech
support) is allowed/disallowed and you can plug in your Internet IP
Address) would be 5 stars.
At 01:29 PM 10/2/2003 -0400, you wrote:
>Forgive me if this is too far off topic but it should be an easy question
>for most of you on this list. I simply(?) need an affordable firewall
>appliance ASAP and would greatly appreciate advice from anyone on the
>list. I get conflicting information from sales people and media and have
>finally been stumped on which way to go.
>I've decided to go with an appliance rather than running more software on
>our one server we have in house. We have a dedicated cable internet
>connection with 1 server and 20 workstations on the network. I've been
>told the Linksys BEFSX41 router/firewall (this is my easily affordable
>range) could be used as just a firewall in front of or behind our current
>router provided by our ISP. The Linksys sales person I talked with said
>the SPI firewall will take care of 'everything we need it to' do (chuckle)
>in our SOHO setting but couldn't answer my questions about user
>configuration. The price is right though I wouldn't mind buying someone
>else's product as the salesman dumped me off to a tech support queue
>without so much as a 'good luck'.
>I just hope this is allowed through to the list (please please). I need
>to do something now and I don't know where else to go for a straight
>answer. Feel free to reply off list to keep the traffic down and I thank
>you ahead of time for your time.
>gbarnum at armscole.com
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
More information about the list