[Dshield] firewall help request

Al Reust areust at comcast.net
Fri Oct 3 04:08:17 GMT 2003


Hello Gary et Al

As topic should be what to use as personal router/firewalls. Those 
recommendations and information gleaned by the group can make a difference 
in the Internet Weather. Provided proper information to friends and family 
(who pass it on) can make a small differences in the number of machines 
that are owned by unfriendlies in the community. So while it may be off 
topic, there should be information at some location other than profit 
driven sources. Perhaps a compiled web page about experiences and opinions.

Basically DSL provides a router and Cable provides a modem. DSL provides a 
Point to Point  protocol and Cable provides very similar to NetBios. 
Neither really provides a Firewall other than you purchase your own at a 
higher pricetag. In the DSL area the router was designed for NAT and in the 
cable area designed to provide the number of DHCP addresses paid for. Thus 
a Firewall is desired in both instances.

Thankfully my Linksys BEFSR41 (and more things stopped happening after the 
last firmware upgrade that was installed and re-installed) died (just out 
of warranty) I moved to a Netgear. After many discussions with Linksys 
"support" with No Joy. I was faced with basically telling them that in no 
way if you compare it with the RFC does it really qualify as a Router, and 
should be 'better" described as a DHCP enable NAT-Hub with DNS forwarding. 
I also, after having spent many hours (frustrated) stated that I would 
become one of their best advertisers.

The primary reason this came about was as I rebuilt the server on my home 
(cable access) network before I had reinstalled Zone Alarm, literally 
watched people trying to break into my machine. They were attempting to 
crack my administrator password. My eventlog showed that my administrator 
account was locked out due to failed password attempts. Out of curiosity I 
renamed the administrator account and within 15 minutes watched them 
attempt to break the newly renamed administrator account. So during this 
whole evolution, I was happy when the Linksys died. I purchased a Netgear 
MR814v2 (including a WAP which I have not turned on) took less than 15 
minutes to have up and running and about 5 minutes to start setting up the 
Firewall to block ports that I do not desire. As soon as I started blocking 
135, 137~139 and 445 I was amazed at how quiet things started to became 
(not to mention other undesirable ports). Then besides "expected" specifics 
my Zone Alarm logs say there is No activity. It was very easy to configure 
for my live-in web server and SSL Ftp.

So after having closed the holes again. I have found that the script 
kiddies have pretty much stopped trying to get in from that vector (NetBios 
ports). My IIS logs show that they still try from that vector. My logs 
continue to show that they are given the "You are the #1 hand sign."

The Netgear was purchased at Best buy for $79.00 with $40.00 of mail in 
rebates. That was hard to beat. Ease of setup compared to some others that 
I have configured (family and friends, that is usually a non paid function. 
So ease of setup and decreased maintenance are important, which usually 
ends up in a couple of beers or a bad meal. Remote maintenance (tech 
support) is allowed/disallowed and you can plug in your Internet IP 
Address) would be 5 stars.

R/

Al

At 01:29 PM 10/2/2003 -0400, you wrote:
>Forgive me if this is too far off topic but it should be an easy question 
>for most of you on this list.  I simply(?) need an affordable firewall 
>appliance ASAP and would greatly appreciate advice from anyone on the 
>list.  I get conflicting information from sales people and media and have 
>finally been stumped on which way to go.
>
>I've decided to go with an appliance rather than running more software on 
>our one server we have in house.  We have a dedicated cable internet 
>connection with 1 server and 20 workstations on the network.  I've been 
>told the Linksys BEFSX41 router/firewall (this is my easily affordable 
>range) could be used as just a firewall in front of or behind our current 
>router provided by our ISP.  The Linksys sales person I talked with said 
>the SPI firewall will take care of 'everything we need it to' do (chuckle) 
>in our SOHO setting but couldn't answer my questions about user 
>configuration.  The price is right though I wouldn't mind buying someone 
>else's product as the salesman dumped me off to a tech support queue 
>without so much as a 'good luck'.
>
>I just hope this is allowed through to the list (please please).  I need 
>to do something now and I don't know where else to go for a straight 
>answer.  Feel free to reply off list to keep the traffic down and I thank 
>you ahead of time for your time.
>
>Guy
>gbarnum at armscole.com
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list