what does my firewall do ?

I now have my router up and running. Does the router only block applications
accessing the Internet or does it stop incoming attacks?
Info:
2 PC's running XP one wired one wireless through a D-Link DSL-G604T ADSL
router.

--
Muzz
reply to uglyduck NOT spamfrog

On Tue, 28 Dec 2004 06:23:52 +0000, spamfrog wrote:

> I now have my router up and running. Does the router only block
> applications accessing the Internet or does it stop incoming attacks?
> Info:
> 2 PC's running XP one wired one wireless through a D-Link DSL-G604T ADSL
> router.

Well if the router has a firewall and not just NAT then its defaul;t
should be to deny everything in and out. You then tell it WHAT you want to
happen ie what ports are allowed.

Dave

--

Some people use windows, others have a life.

In article <cqqu60$f76$(E-Mail Removed)>, "spamfrog"
(E-Mail Removed) says...
> I now have my router up and running. Does the router only block applications
> accessing the Internet or does it stop incoming attacks?
> Info:
> 2 PC's running XP one wired one wireless through a D-Link DSL-G604T ADSL
> router.
>
>
A hardware router/firewall can't provide application-level filtering
- only a software firewall running on the client machine can do that.
What your router can probably do is totally block certain ports,
either incoming or outgoing, stop incoming traffic that isn't
associated with an outgoing connection, restrict access to certain IP
addresses and allow incoming connections to a server running on one
of your LAN machines.

In article spamfrog says...
> I now have my router up and running. Does the router only block applications
> accessing the Internet or does it stop incoming attacks?
> Info:
> 2 PC's running XP one wired one wireless through a D-Link DSL-G604T ADSL
> router.
>
>
If you're running NAT on the router which allows multiple computers to
use one internet connection then it works as follows:

733t0R hAx0r goes looking for IP addresses and finds the one your ISP
assigned you...222.222.222.222

He then tries exploits targetted at 222.222.222.222 on port 21.

Because you're behind a NAT router and your IP address is 192.168.0.2
plus the router isn't set up so that any inbound requests on port 21 are
forwarded to 192.168.0.2 then it doesn't get any futher than the router.

Depending on the router, you can only allow certain ports WAN (internet)
access thus blocking off other applications.

--
Conor

An imperfect plan executed violently is far superior to a perfect plan.
-- George Patton

Conor wrote:
> Because you're behind a NAT router and your IP address is
> 192.168.0.2 plus the router isn't set up so that any
> inbound requests on port 21 are forwarded to 192.168.0.2
> then it doesn't get any futher than the router.
>
> Depending on the router, you can only allow certain ports
> WAN (internet) access thus blocking off other
> applications.

My router does have NAT enabled.
So because I have not named any other IP for access, they simply cannot gain
access?
If attackers can only get as far as the router can they do any damage to it?
Also can I expect to see no activity on my Norton firewall alert tracker, I
have norton on both PC's.

--
Muzz
reply to uglyduck NOT spamfrog

Hackers have broken into the Pentagon...

There is no way to keep people out ABSOLUTELY.

However, more than 95% of the hackers can't open a locked door, even if it's
just a simple lock.

The other 5% can get in, no matter what you do.

The good news is, in order to be that good, it takes years. In those years,
the odds of getting caught/arrested increases and the hacks get bigger and
better. This weeds the great hackers from the wannabe's and those great
hackers won't want to be bothered with you unless you give them a reason to.
They have bigger fish to fry.

Just as there is no way to completely prevent car theft, the idea is that
you discourage it so the criminal will move to an easier target. And all
that requires is the simplest of security.

Now, if you go and mouth off to a stranger on the Internet who, unbeknownst
to you, happens to be a great hacker, there's not much you can do to keep
him/her out of your system short of turning off the computer and never
getting on the Internet again.

Carey

"spamfrog" <(E-Mail Removed)> wrote in message
news:cqtqpc$u7v$(E-Mail Removed)...
> Conor wrote:
>> Because you're behind a NAT router and your IP address is
>> 192.168.0.2 plus the router isn't set up so that any
>> inbound requests on port 21 are forwarded to 192.168.0.2
>> then it doesn't get any futher than the router.
>>
>> Depending on the router, you can only allow certain ports
>> WAN (internet) access thus blocking off other
>> applications.
>
> My router does have NAT enabled.
> So because I have not named any other IP for access, they simply cannot
> gain access?
> If attackers can only get as far as the router can they do any damage to
> it?
> Also can I expect to see no activity on my Norton firewall alert tracker,
> I have norton on both PC's.
>
> --
> Muzz
> reply to uglyduck NOT spamfrog
>

Hi,
This is a good source for information
http://computer.howstuffworks.com/firewall.htm

Ashok S.

"spamfrog" <(E-Mail Removed)> ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ
ÓÌÅÄÕÀÝÅÅ: news:cqqu60$f76$(E-Mail Removed)...
>I now have my router up and running. Does the router only block
>applications accessing the Internet or does it stop incoming attacks?
> Info:
> 2 PC's running XP one wired one wireless through a D-Link DSL-G604T ADSL
> router.
>
> --
> Muzz
> reply to uglyduck NOT spamfrog
>

Ashok S. wrote:
> Hi,
> This is a good source for information
> http://computer.howstuffworks.com/firewall.htm
>
> Ashok S.

Very interesting. I went to the link and ran shields up with perfect
results. I then turned of the Norton firewall on my PC and got perfect
results again!

--
Muzz
reply to uglyduck NOT spamfrog

In article <cqu71g$2d2$(E-Mail Removed)>, "spamfrog"
(E-Mail Removed) says...
> Ashok S. wrote:
> > Hi,
> > This is a good source for information
> > http://computer.howstuffworks.com/firewall.htm
>
> Very interesting. I went to the link and ran shields up with perfect
> results. I then turned of the Norton firewall on my PC and got perfect
> results again!
>
A software firewall will make little or no difference to incoming
traffic when it's behind a NAT router - run Leaktest
http://www.grc.com/lt/leaktest.htm
to see the difference that it makes to outgoing traffic.
And remember to take everything on the GRC website with a pinch of
salt - that guy is a notorious sensationalist/self-publicist.

but his spinrite proggy works wonders...


"Rob Morley" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) t...
> In article <cqu71g$2d2$(E-Mail Removed)>, "spamfrog"
> (E-Mail Removed) says...
>> Ashok S. wrote:
>> > Hi,
>> > This is a good source for information
>> > http://computer.howstuffworks.com/firewall.htm
>>
>> Very interesting. I went to the link and ran shields up with perfect
>> results. I then turned of the Norton firewall on my PC and got perfect
>> results again!
>>
> A software firewall will make little or no difference to incoming
> traffic when it's behind a NAT router - run Leaktest
> http://www.grc.com/lt/leaktest.htm
> to see the difference that it makes to outgoing traffic.
> And remember to take everything on the GRC website with a pinch of
> salt - that guy is a notorious sensationalist/self-publicist.
>