Allow all ports in?

I've a DSL-504 router/firewall. How safe is it to allow everything coming
into the router from the internet? Ie. Is it possible for a hacker to get
through the fact that the packet has nowhere to go once it hits the router
unless you specify port forwarding?

Cheers for any info,
Dan.

On Mon, 12 Jan 2004 10:00:45 +0000, Dan wrote:

> I've a DSL-504 router/firewall. How safe is it to allow everything coming
> into the router from the internet? Ie. Is it possible for a hacker to get
> through the fact that the packet has nowhere to go once it hits the router
> unless you specify port forwarding?
>
> Cheers for any info,
> Dan.

Well it makes it that bit easier for those script kiddies.

Dave
--
And you were born knowing all about ms windows....??

"Dave Stanton" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> On Mon, 12 Jan 2004 10:00:45 +0000, Dan wrote:
>
> > I've a DSL-504 router/firewall. How safe is it to allow everything
coming
> > into the router from the internet? Ie. Is it possible for a hacker to
get
> > through the fact that the packet has nowhere to go once it hits the
router
> > unless you specify port forwarding?
> >
> > Cheers for any info,
> > Dan.
>
> Well it makes it that bit easier for those script kiddies.
>
> Dave
> --
> And you were born knowing all about ms windows....??
>

I don't really understand what you mean. Are you saying it's not safe to
allow everything to the router? Can these scripts get to your PC through
the router even if you don't have any port forwarding enabled? If so, how
do they do this?

Cheers,
Dan.

On Mon, 12 Jan 2004 10:00:45 -0000, "Dan" <(E-Mail Removed)> wrote:

>I've a DSL-504 router/firewall. How safe is it to allow everything coming
>into the router from the internet? Ie. Is it possible for a hacker to get
>through the fact that the packet has nowhere to go once it hits the router
>unless you specify port forwarding?
>
>Cheers for any info,
>Dan.
>
You've answered your own question, if you allow everything in, then you've
effectivly opened all your ports (forwarded them )

the trick is to only allow in what you need and block everything else.

Clansman

"Clansman" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Mon, 12 Jan 2004 10:00:45 -0000, "Dan" <(E-Mail Removed)> wrote:
>
> >I've a DSL-504 router/firewall. How safe is it to allow everything
coming
> >into the router from the internet? Ie. Is it possible for a hacker to
get
> >through the fact that the packet has nowhere to go once it hits the
router
> >unless you specify port forwarding?
> >
> >Cheers for any info,
> >Dan.
> >
> You've answered your own question, if you allow everything in, then
you've
> effectivly opened all your ports (forwarded them )
>
> the trick is to only allow in what you need and block everything else.
>
> Clansman


Forwarded them to where though? If I don't block any ports coming into the
router, and don't explicitly forward them - then where do the packets go?
Do they not just get thrown away?

Cheers,
Dan.

In article <bttr73$mv3$1$(E-Mail Removed)>, "Dan"
(E-Mail Removed) says...
> I've a DSL-504 router/firewall. How safe is it to allow everything coming
> into the router from the internet? Ie. Is it possible for a hacker to get
> through the fact that the packet has nowhere to go once it hits the router
> unless you specify port forwarding?
>
If that were the case you'd need a firewall to protect your firewall
:-) A dropped packet might as well never have arrived, so it's
inconsequential unless it causes DOS to legitimate traffic.
Of course it's possible to spoof packets so it looks like they're
legitimate, but if someone's doing that they probably won't be put off
by a basic firewall.

In message <(E-Mail Removed)>, Clansman
<(E-Mail Removed)> writes
>On Mon, 12 Jan 2004 10:00:45 -0000, "Dan" <(E-Mail Removed)> wrote:
>
>>I've a DSL-504 router/firewall. How safe is it to allow everything coming
>>into the router from the internet? Ie. Is it possible for a hacker to get
>>through the fact that the packet has nowhere to go once it hits the router
>>unless you specify port forwarding?
>>
>>Cheers for any info,
>>Dan.
>>
>You've answered your own question, if you allow everything in, then you've
>effectivly opened all your ports (forwarded them )
>
>the trick is to only allow in what you need and block everything else.

Not so. If the router has no open ports and no forwarded ports then it's
safe. Routers don't usually have any open ports on their external
interface and the default is not to forward any. That makes them safe.




--
Bernard Peek
London, UK. DBA, Manager, Trainer & Author. Will work for money.

In message <btuj8n$5f2$1$(E-Mail Removed)>, Dan
<(E-Mail Removed)> writes


>Forwarded them to where though? If I don't block any ports coming into the
>router, and don't explicitly forward them - then where do the packets go?
>Do they not just get thrown away?

There are four possible responses when a packet arrives at the router.

It can accept the packet and forward it to an internal application. This
is what happens when you send traffic to port 80 of the internal
interface. Routers don't usually allow this on the external interface.

It can forward it to the internal interface, but it will only do that if
programmed to do it.

It can accept the packet and discard it, or it can reject the packet.
Either of these is safe but rejecting the packet tells the originator
that the router exists and might have some other port open.


--
Bernard Peek
London, UK. DBA, Manager, Trainer & Author. Will work for money.

In article <(E-Mail Removed)>, "Clansman"
(E-Mail Removed) says...
> On Mon, 12 Jan 2004 10:00:45 -0000, "Dan" <(E-Mail Removed)> wrote:
>
> >I've a DSL-504 router/firewall. How safe is it to allow everything coming
> >into the router from the internet? Ie. Is it possible for a hacker to get
> >through the fact that the packet has nowhere to go once it hits the router
> >unless you specify port forwarding?
> >
> >Cheers for any info,
> >Dan.
> >
> You've answered your own question, if you allow everything in, then you've
> effectivly opened all your ports (forwarded them )
>
No he hasn't.

> the trick is to only allow in what you need and block everything else.
>
That's pretty much what NAT does. The router doesn't run any services
on its WAN interface, and if you want to expose any services running on
your computers then you need to explicitly set the port forwarding.

In article <btuj8n$5f2$1$(E-Mail Removed)>, "Dan"
(E-Mail Removed) says...
> "Clansman" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > On Mon, 12 Jan 2004 10:00:45 -0000, "Dan" <(E-Mail Removed)> wrote:
> >
> > >I've a DSL-504 router/firewall. How safe is it to allow everything
> coming
> > >into the router from the internet? Ie. Is it possible for a hacker to
> get
> > >through the fact that the packet has nowhere to go once it hits the
> router
> > >unless you specify port forwarding?
> > >
> > >Cheers for any info,
> > >Dan.
> > >
> > You've answered your own question, if you allow everything in, then
> you've
> > effectivly opened all your ports (forwarded them )
> >
> > the trick is to only allow in what you need and block everything else.
> >
> > Clansman
>
>
> Forwarded them to where though? If I don't block any ports coming into the
> router, and don't explicitly forward them - then where do the packets go?
> Do they not just get thrown away?
>
Yes, they are dropped or rejected depending on how you have the packet
filtering set up.