I'm sure peeps using Tiny or ZA, etc, on a stand alone computer straight connected to their Cable/DSL modem get tons of reports of probes, pings, etc.
But say you're behind a router using NAT, somebody here has to still be using a software firewall in addition, so is it picking up much activity?
I'm just curious how safe the boxes are behind a NAT router. I bind NetBEUI to networking, and unbind TCP/IP to networking.
Routers using NAT, software firewalls behind them.....
-
YeOldeStonecat
- SG VIP
- Posts: 51171
- Joined: Mon Jan 15, 2001 12:00 pm
- Location: Somewhere along the shoreline in New England
Routers using NAT, software firewalls behind them.....
MORNING WOOD Lumber Company
Guinness for Strength!!!
Guinness for Strength!!!
-
YeOldeStonecat
- SG VIP
- Posts: 51171
- Joined: Mon Jan 15, 2001 12:00 pm
- Location: Somewhere along the shoreline in New England
Thanks for that info Ken. Cool sig BTW, pretty funny.
I'm mostly looking at how useful software firewalls are in addition to all the basic NAT routers out there for broad bandwidth, such as the Linksys, NetGear, Netopia, etc.
I'm just guessing experienced hackers, since it's such an exploading problems, can easily hack through a Linksys or comparable router into a network. Or if you have some ports open in the NAT, such as for a public game server, or PcAnywhere, upper end ports like those.
I'm mostly looking at how useful software firewalls are in addition to all the basic NAT routers out there for broad bandwidth, such as the Linksys, NetGear, Netopia, etc.
I'm just guessing experienced hackers, since it's such an exploading problems, can easily hack through a Linksys or comparable router into a network. Or if you have some ports open in the NAT, such as for a public game server, or PcAnywhere, upper end ports like those.
MORNING WOOD Lumber Company
Guinness for Strength!!!
Guinness for Strength!!!
I agree with Fredra - the software firewall should be focused on the outbound traffic. NAT is great. Defeating it requires a hell'o'sophistication'n'timing or trojan infiltration (which having an outbound filter can help mitigate). Both is DEFINITELY the best answer.
PS - you are right about providing services to the net. This should be done carefully and only forward those ports when the service is required - and only for that long. Given enough time and resources, nothing connected is totally secure...
Cheers
[ 05-01-2001: Message edited by: cyberskye ]
PS - you are right about providing services to the net. This should be done carefully and only forward those ports when the service is required - and only for that long. Given enough time and resources, nothing connected is totally secure...
Cheers
[ 05-01-2001: Message edited by: cyberskye ]
anything is possible - nothing is free
Blisster wrote:It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)
I run the linky and sysgate PF and use to run ZoneAlarm. I rarely see anything in the Security Logs at all. If I do see anything it is usually like ICMP time exceeded and that garbage from my ISP(AT&T rr). By the way I love sysgate much more than ZA. To me the 2 just don't compare.
She's presenting like a mandrill!
As a router-newbie I agree with fredra. I get zero hits on ZA since installing it (RT314) and DrTCP's filters. I also show up total STEALTH on GRC.com.
I only use ZA for controlling outbound traffic and I'm about to the point where I'm going to shut it off and just do spot checks for calling-home software.
I only use ZA for controlling outbound traffic and I'm about to the point where I'm going to shut it off and just do spot checks for calling-home software.
We Remember...
9|11
40 miles SW of Mt. St. Helens
9|11
40 miles SW of Mt. St. Helens
Hi Yeold
I am using a hardware firewall and Tiny.
It depends on the hardware firewall, if it is using "packet Identification" or "Nat".
Tiny for me is there to pick up "outgoing" only, as most NAT's the hardware only does "incoming".
So it is likely that you will not see any action from your software firewall (assuming nothing is calling home)....lol
If you are using automatic updates, you have to tell the software firewall to let it through...e.g. InoculateIT. In the case of Tiny, you have to create a rule to allow that action, as it is considered "outgoing".
One of the moderators (KEN) is not here at the moment, however, when he returns, you can get a lot more information from him, as he has researched this combination and has numerous links.
Also others in here may also supply you with their feedback.
Hope that helps to address your question.
I am using a hardware firewall and Tiny.
It depends on the hardware firewall, if it is using "packet Identification" or "Nat".
Tiny for me is there to pick up "outgoing" only, as most NAT's the hardware only does "incoming".
So it is likely that you will not see any action from your software firewall (assuming nothing is calling home)....lol
If you are using automatic updates, you have to tell the software firewall to let it through...e.g. InoculateIT. In the case of Tiny, you have to create a rule to allow that action, as it is considered "outgoing".
One of the moderators (KEN) is not here at the moment, however, when he returns, you can get a lot more information from him, as he has researched this combination and has numerous links.
Also others in here may also supply you with their feedback.
Hope that helps to address your question.
A man with a watch knows what time it is. A man with two watches is never sure.
Checking for outbound traffic is important, particularly if you do collect bits and pieces from disks and load them.
Using the firewall this way will also tell you if any update manager is trying to get out.
It depends on your 1 to 10 level of paranoia. Mine is set at 11.
And I am going to agree with 64bit about Sygate. It seems to handle everything well.
That's hard for me to say after being involved with ZA for so long. Where is Storm90??
Using the firewall this way will also tell you if any update manager is trying to get out.
It depends on your 1 to 10 level of paranoia. Mine is set at 11.
And I am going to agree with 64bit about Sygate. It seems to handle everything well.
That's hard for me to say after being involved with ZA for so long. Where is Storm90??
Croc.
Remember: Wherever you go in life, you take yourself with you.It will be long, it will be hard and there will be no withdrawal.
Winston Churchill
-
LinkLogger
- Member
- Posts: 41
- Joined: Tue Apr 17, 2001 12:00 am
I use logging software with my Linksys. It shows me not only what is blocked by my Linksys, but what traffic is outbound as well and from what machine, etc. Alerts, Alarms, traffic history (both IP and Port), usage charts and reports, etc (Link Logger from [url=http://www.linklogger.com).]http://www.linklogger.com).[/url]
One of the best things about using the logging software is I can watch my whole network from one machine rather then installing ZA on each machine.
Blake
One of the best things about using the logging software is I can watch my whole network from one machine rather then installing ZA on each machine.
Blake
-
YeOldeStonecat
- SG VIP
- Posts: 51171
- Joined: Mon Jan 15, 2001 12:00 pm
- Location: Somewhere along the shoreline in New England
-
YeOldeStonecat
- SG VIP
- Posts: 51171
- Joined: Mon Jan 15, 2001 12:00 pm
- Location: Somewhere along the shoreline in New England
That LinkLogger looks pretty good...seems to just give reports of what's going on. Good for the at home user. I'm looking for something more for my smaller clients that I've setup their office LAN on a Linksys or NetGear router. Talking about LANs of 3,4,6,10..computers...have a couple of networks exceeding 20.
Brought up the software firewall question initially wondering if anything extra was deemed necessary on top of the routers NAT for security. I'm taking it something like Tiny or ZA gets applied to each and every computer? Or perhaps only needed on the computers with file and print sharing enabled? The NT servers? I just hate to pop a software firewall on the NT server then have the networked app not work, or exchange server start failing.
Anyone have experience with other mid range routers that would provide better protection from the outside world hackers than say a Linksys.
I've never had to deal with the security of a network before, I'm a peer to peer/small to mid NT Domain person, not really up on routers and firewalls, although now's sure the time to learn. Just with all this hacking junk getting to be so ever present and a daily thing, I'm wondering how safe my current networks are behind just a Linksys, what to do to them, and how to build future ones better.
The learning curve never stops!
Brought up the software firewall question initially wondering if anything extra was deemed necessary on top of the routers NAT for security. I'm taking it something like Tiny or ZA gets applied to each and every computer? Or perhaps only needed on the computers with file and print sharing enabled? The NT servers? I just hate to pop a software firewall on the NT server then have the networked app not work, or exchange server start failing.
Anyone have experience with other mid range routers that would provide better protection from the outside world hackers than say a Linksys.
I've never had to deal with the security of a network before, I'm a peer to peer/small to mid NT Domain person, not really up on routers and firewalls, although now's sure the time to learn. Just with all this hacking junk getting to be so ever present and a daily thing, I'm wondering how safe my current networks are behind just a Linksys, what to do to them, and how to build future ones better.
The learning curve never stops!
MORNING WOOD Lumber Company
Guinness for Strength!!!
Guinness for Strength!!!
-
LinkLogger
- Member
- Posts: 41
- Joined: Tue Apr 17, 2001 12:00 am
Link Logger doesn't block traffic, but it does let you know about suspicious traffic (including in/out and traffic blocked at the Linksys) and gives you the ability to quickly analyze it. Link Logger watches over 425 known trojan or other attack ports and can raise various levels of alerts and since Link Logger logs all traffic through the Router and stores it in real time, you can retrieve historical traffic to/from an IP address, or a port, or over a date range in order to determine the true nature of the traffic your seeing. Link Logger also has a number of usage reports and graphs that allow you to understand how your system is being used (both as a whole and on a system by system basis, including common destinations, usage times, attacks, etc). You can also set user configurable alarms within Link Logger which allow you to know the instant that traffic occurs over some port or to/from some IP address, so you can see what system, user, or application is causing said traffic.
Link Logger has more features then I have mention here. It is marketed as shareware ($21.95) and offers a free fully functional thirty-day trial. You can download Link Logger at http://www.linklogger.com and it works with all Linksys EtherFast Cable / DSL Routers (given the later firmware versions).
Blake
Link Logger has more features then I have mention here. It is marketed as shareware ($21.95) and offers a free fully functional thirty-day trial. You can download Link Logger at http://www.linklogger.com and it works with all Linksys EtherFast Cable / DSL Routers (given the later firmware versions).
Blake
-
YeOldeStonecat
- SG VIP
- Posts: 51171
- Joined: Mon Jan 15, 2001 12:00 pm
- Location: Somewhere along the shoreline in New England