A couple questions about software and hardware firewalls

leeland

Diamond Member
Dec 12, 2000
3,658
0
76
well i am currently running zone alarm, and i admit it basically is because someone said it is a good idea when you are on a modem that allows you to connected to the internet continuously.

can someone please give me a little information as to how someone actually gets into your computer by your ip address....

what is port sniffing ?

and why is a hardware router with a firewall better than a software firewall (i.e. Zone alarm)

i do have a friend that has a router and basically from the sounds of his experiences it to me sounds like a huge pain in the arse !!!

but that may be because he has a router that doesn't support file sharing and video streaming ? is this possible ?

again...i am pretty ignorant to this subject and would simply like a little information....

all replies are appreciated

leeland
 

gopunk

Lifer
Jul 7, 2001
29,239
2
0
when they have your ip address they have a way of contacting your computer. then they try and find holes in your computer's security that will let them have access to it.

port sniffing is when they send packets to your computer to determine which ports on your computer are open.

hardware router with NAT is useful because it means your individual computer's ip addresses can't be accessed, since there is a router, which has it's own ip address.

but these are just the basics. you can find more info at grc.com i guess.
 

leeland

Diamond Member
Dec 12, 2000
3,658
0
76
thanks for the info i will check out that site and see if there is some noobie information for me

leeland


edit: if you are interested, this article even though it is pretty darn long...really struck me as shocking...i never knew this is how the hackers used computers for the large website attacks


!!!article

really amazing

 

bunker

Lifer
Apr 23, 2001
10,572
0
71
As a follow up question to this, let's say some loser gets my ip and I'm using a router with NAT. Can they do anything to the router?
 

leeland

Diamond Member
Dec 12, 2000
3,658
0
76
one other question....


hardware router with NAT is useful because it means your individual computer's ip addresses can't be accessed, since there is a router, which has it's own ip address.

what is NAT ?
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0


<< one other question....hardware router with NAT is useful because it means your individual computer's ip addresses can't be accessed, since there is a router, which has it's own ip address.what is NAT ? >>



ICS, NAT, IP MASQ, are different names for the same thing. They all mean 1 external ip address is used for multiple computers. All of the internal computers cannot be directly routed to, they all "hide" behind the 1 external ip address.
 

gopunk

Lifer
Jul 7, 2001
29,239
2
0
bunker - so they have the ip to which one, your router or your computer? if it's to your computer, they can't do anything, since your router is in the way, there's no way to contact your computer. if they have the one to your router, they still can't do anything since it's just to the router, not your computer. i think. if i'm wrong, feel free to correct me.

NAT is network address translation, or something like that. basically, it means you have an ip address for your router, which takes the place of all your computer's individual ip addresses.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
can someone please give me a little information as to how someone actually gets into your computer by your ip address...

Depends on how your computer is setup. Because they have your IP address they can connect to you, and if you have any services running they can use them and attempt to exploit or break them if you're running software with known problems.

what is port sniffing ?

I think you mean port scanning, or maybe packet sniffing.

Anyway port scanning is when I send a packet to every port on your PC to see which ones are open, this way I can make a rough determination what kind of OS you have and what services you're running and that lets me pick which attacks to try.
And packet sniffing is when I set my NIC to grab all packets it sees on the network, not just it's own like it normally does. On certain networks (cable modems most notably) I can get all the packets going through my local network and see what other people in my area are doing.

and why is a hardware router with a firewall better than a software firewall (i.e. Zone alarm)

NAT is probably the only real reason, well that and I don't trust Windows software. A hardware firewall still runs software, it has to to do anything, so it's still got the same chance of having exploitable bugs as the software one.

i do have a friend that has a router and basically from the sounds of his experiences it to me sounds like a huge pain in the arse !!

Depends on the setup. I have 2 friends with routers (one's a SMC barracade, other I'm not sure of) and they've had absolutely 0 problems.I have a seperate PC with Linux doing my routing, NAT and firewalling and I've had 0 problems (minus the ones I created f'ing around) too.

but that may be because he has a router that doesn't support file sharing and video streaming ? is this possible ?

I've never heard of such a restriction, it's more likely his ISP than his router.

And don't believe everything you read on GRC.com, the guy is technically pretty smart but most of the web page is worthless propoganda.
 

bunker

Lifer
Apr 23, 2001
10,572
0
71


<< bunker - so they have the ip to which one, your router or your computer? if it's to your computer, they can't do anything, since your router is in the way, there's no way to contact your computer. if they have the one to your router, they still can't do anything since it's just to the router, not your computer. i think. if i'm wrong, feel free to correct me.

NAT is network address translation, or something like that. basically, it means you have an ip address for your router, which takes the place of all your computer's individual ip addresses.
>>


Gopunk, basically I'm asking if the cheapo routers (like my linksys) can be hacked.
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0


<<

<< bunker - so they have the ip to which one, your router or your computer? if it's to your computer, they can't do anything, since your router is in the way, there's no way to contact your computer. if they have the one to your router, they still can't do anything since it's just to the router, not your computer. i think. if i'm wrong, feel free to correct me.NAT is network address translation, or something like that. basically, it means you have an ip address for your router, which takes the place of all your computer's individual ip addresses. >>

Gopunk, basically I'm asking if the cheapo routers (like my linksys) can be hacked.
>>



Yes.
 

AnyMal

Lifer
Nov 21, 2001
15,780
0
76
Here is the skinny on the port sniffing; I assume you are running some flavor of Windows on your machine. A typical Win system has over 64000 virtual ports that can be accessed individually. Port sniffing app will probe each port and will try to find a way in. Managing each port manually would be a total nightmare as you can imagine. That's were a good firewall comes in. Regardless wether it's hardware based, like a router, or software like Zone Alarm, it allows you to block out ports selectively, depending on your needs. Typically, the only port you'd use all the time is HTTP port 80. Other commonly used ports are 21, 23, 25, 110 for FTP, Telnet, SMTP, and POP respectively. Any PC old-timer will tell you that a hardware based solution is always better, since you have a dedicated device that won't tie up your system's resources, however, be aware that ANY device can be hacked into. I find it useful to have BOTH router and software firewall; I use Linksys BEFSR4 and Zone Alarm Pro. It is also a good idea to check a website like www.dslreports.com; they have web-based utilities that can probe your system's ports and tell you where your vulnerabilities are. Bottom line is, you can never be too protected. Hope this helps;PM me if you have any questions.
 

leeland

Diamond Member
Dec 12, 2000
3,658
0
76
thanks for all the great information....i guess that is the way to go...and you can never be too protected on a rig...reguardless

so if i am reading this right the hardware firewalls will allow voice and video always...??? just want to make sure if i go and buy a router that i don't go and get the wrong one

which ones do you guys recommend by the way ???

thanks again

leeland
 

Damascus

Golden Member
Jul 15, 2001
1,434
0
0
Hardware routers may or may not allow voice/video. It all depends. Some
applications use all sorts of weird ports to send and receive their data and
depending on what configuration options your router gives you access to.
It can be very easy, or very difficult to get it working properly. Usually this
involves port forwarding to the proper internal IP... (sending incoming
connections on certain ports to specific IP addresses on your LAN)

Tis a royal pain in the ass on my SMC Barricade as it only allows a handful
of ports to be forwarded, and you cannot specify ranges. A lot of hack
programmers for whatever reason, at some point decided that their programs
would be better off using dynamic ports... anyone know a good reason for
that? I hate it.
 

AnyMal

Lifer
Nov 21, 2001
15,780
0
76
I would recommend either DLink or Linksys. DLink has lifetime warranty and Linksys is probably the most popular. Yes, they will allow audio and video stream in by default unless you manually block it out, which I am sure you won't ;-) Zone Alarm will add an even greater flexibility by allowing you to control each application (such as instant messengers, Real Player, Win Media Player and others) individually whether they can access Internet or not. All in all, you have much greater chance of getting hacked through a trojan horse application which can attach itself to an e-mail or some file you download of the Net. So in addition to firewall, make sure you are running the latest version of virus scan software with most up to date definition which should be updated at least once a month. Regardless how trusted the source of an incoming file may be, make sure you scan it before opening.
 

mattcincinnati

Junior Member
Dec 18, 2001
1
0
0
I have a linksys dsl 4 port router with three computers networked. My question is can I use a p2p program, and if I do am protected by the router?