Security and hacking - Basic Knowledge

About to go live with ADSL, and I have shiny new router to play with.

I know very little about ports, TCP, UDP, firewalls, DoS, port-scan
attacks, etc.

What are the done things with firewalls etc? How does one set them up to be
effective?

ISP is plusnet, and useage will be per-perr filesharing, websurfing,
newsgroups and email. Not into remote management although I should like to
find out about it if I can.

Any good resources for these sorts of things?
--
www.unlockingshop.co.uk
Motorola remote unlocking - £10 (includes A920 on '3')
Now unlocking Siemens x5x (SL55, S55, A55 etc) - £10
Change 'spam' to 'jon' to email

"Webmaster" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> About to go live with ADSL, and I have shiny new router to play with.
>
> I know very little about ports, TCP, UDP, firewalls, DoS, port-scan
> attacks, etc.
>
> What are the done things with firewalls etc? How does one set them up to
be
> effective?

Once you get on Broadband you are going to get regular port scans etc. I use
Norton Firewall 2003 and Norton Antivirus 2004 and every file that
enters/exits my pc is checked for Trojans etc..

BitsAndBobs reckoned that:
> Once you get on Broadband you are going to get regular port scans etc. I use
> Norton Firewall 2003 and Norton Antivirus 2004 and every file that
> enters/exits my pc is checked for Trojans etc..

I see.

My router is a netgear DG824M and features and in-built firewall. I have
been lead to believe that hardware-type firewalls are virtually impregnable
compared to software ones.

What I want to do is to utilise the firewall in my router, and I should
like to learn how to do so, and give myself some background knowledge about
security etc.
--
www.unlockingshop.co.uk
Motorola remote unlocking - £10 (includes A920 on '3')
Now unlocking Siemens x5x (SL55, S55, A55 etc) - £10
Change 'spam' to 'jon' to email

On Sun, 19 Oct 2003 13:15:57 +0100, Webmaster
<(E-Mail Removed)> wrote:

>My router is a netgear DG824M and features and in-built firewall. I have
>been lead to believe that hardware-type firewalls are virtually impregnable
>compared to software ones.

Of course you can create large holes in any type of firewall (hardware
or software based) if you aren't careful.

--
Hiram Hackenbacker

In article <(E-Mail Removed)>, Webmaster
<(E-Mail Removed)> writes
>BitsAndBobs reckoned that:
>> Once you get on Broadband you are going to get regular port scans etc. I use
>> Norton Firewall 2003 and Norton Antivirus 2004 and every file that
>> enters/exits my pc is checked for Trojans etc..
>
>I see.
>
>My router is a netgear DG824M and features and in-built firewall. I have
>been lead to believe that hardware-type firewalls are virtually impregnable
>compared to software ones.
>
>What I want to do is to utilise the firewall in my router, and I should
>like to learn how to do so, and give myself some background knowledge about
>security etc.

There is some info here on setting up the firewall.
http://www.adslguide.org.uk/hardware...ear-dg824m.asp
--
Les

On Sun, 19 Oct 2003 13:15:57 +0100, in article
<(E-Mail Removed)> Webmaster
<(E-Mail Removed)> wrote:

> What I want to do is to utilise the firewall in my router, and I should
> like to learn how to do so, and give myself some background knowledge about
> security etc.

Essentially what you need to do is to learn which protocols use which TCP
ports and the decide which ones you need to run and which holes need to be
dug through the firewall to do it.

So for instance POP3 uses port 110 in the default configuration, SMTP uses
port 25, DNS uses port 53 etc etc.

What you then need is to arrange for incoming stuff on these ports to be
passed through.

I'd suggest a look about on the net for an explanation of Network Address
Translation (NAT) which is used to allow multiple IP addresses on an
internal LAN that is not visible to the internet at large to access the
wider net using a single assigned routable IP address, and Port
Translation (PT) which is a way of sending traffic to a specific server
like a web server to a specific machine in the internal network.

--

Brian Morrison

please observe reply-to address

In article <(E-Mail Removed)>,
(E-Mail Removed) says...
> > What I want to do is to utilise the firewall in my router, and I should
> > like to learn how to do so, and give myself some background knowledge about
> > security etc.
>
> Essentially what you need to do is to learn which protocols use which TCP
> ports and the decide which ones you need to run and which holes need to be
> dug through the firewall to do it.
>
> So for instance POP3 uses port 110 in the default configuration, SMTP uses
> port 25, DNS uses port 53 etc etc.
>
> What you then need is to arrange for incoming stuff on these ports to be
> passed through.
>

Can I point something out here...

If you opened port 110 on incoming ports on my ZyXEL Prestige, then you'd
allow _outsiders_ to access your POP email system (assuming you have one
installed).

I personally close _all_ incoming ports (bar 80, because I run a
webserver).

I can still access the net etc, because the sockets are opened from inside
the network on those ports, and the data comes back in that way.

Therefore if I blocked port 80 on outgoing connections, I couldn't browse
the web, even though the data is incoming.

TBH, at the moment, my router choice is going to be a Speedtouch 510v4,
and I'm going to set it up to block _all_ incoming ports (again, bar 80,
if I decide to), and use UNPnP to allow anything that needs incoming data
access (not that I've really needed that in the 5 years+ of having a
hardware firewall!).

HTH.

Pete.

--
NOTE! Email address is spamtrapped. Any email will be bounced to you
Remove the news and underscore from my address to reply by mail

Pete Smith reckoned that:
> Can I point something out here...
> If you opened port 110 on incoming ports on my ZyXEL Prestige, then you'd
> allow _outsiders_ to access your POP email system (assuming you have one
> installed).

Indeed, I thought that. Having spent a few hours reading up, I can now see
that the default configuration of the DG824M is for all incoming to be
blocked, and for all outbound to be open. This seems like a fairly sensible
arrangement, and as you say although there is 2-way data flowing when using
most applications because the connection has been initiated from inside the
firewall there won't be a problem.

What I will do however is close off eveything except 110, 25, 119, HTTPS
and AIM, just to be sure.
--
www.unlockingshop.co.uk
Motorola remote unlocking - £10 (includes A920 on '3')
Now unlocking Siemens x5x (SL55, S55, A55 etc) - £10
Change 'spam' to 'jon' to email

Webmaster reckoned that:
> What I will do however is close off eveything except 110, 25, 119, HTTPS
> and AIM, just to be sure.

PlusNet came online this morning... lovely!
--
www.unlockingshop.co.uk
Motorola remote unlocking - £10 (includes A920 on '3')
Now unlocking Siemens x5x (SL55, S55, A55 etc) - £10
Change 'spam' to 'jon' to email

On Sun, 19 Oct 2003 21:02:06 +0100, in article
<(E-Mail Removed)> Pete Smith
<(E-Mail Removed)> wrote:

> Can I point something out here...
>
> If you opened port 110 on incoming ports on my ZyXEL Prestige, then you'd
> allow _outsiders_ to access your POP email system (assuming you have one
> installed).
>
> I personally close _all_ incoming ports (bar 80, because I run a
> webserver).

<Sigh!>

What I was trying to do was explain some of the information the OP would
need without giving him a full description.

I did say he'd need to work out which holes to open based on what was
incoming, what I didn't do is start on about source and destination ports
because at this stage it would probably confuse him.

I could send him a copy of the iptables rules I use on my Linux box while
still on dialup I suppose, but that would probably blow his mind totally
before he's grasped the concepts needed ;-)

--

Brian Morrison

please observe reply-to address