Can hackers get through the Linksys DSL Router Firewall?

[blstriker]

Assuming my server is not on the DMZ and the only ports that are forwarded are 80 and 25, can hackers still hack themselves into my webserver or LAN? How "strong" is the firewall on the Linksys router? Commercial grade? Comsumer grade? What does that mean anyways?

Thanks.

 

[pm]

When I bought mine back in July I looked into this pretty thoroughly.

The firewall in a cheap router relies on the NAT (network address translation) function of the router - it's not really a true "firewall". When you make a request from a computer on your side of the router, it goes to the router which keeps track of the requesting computer and sends out the request to the 'net. When the reply comes back, the router routes the packet to your computer based on the record that the router kept when you made the outbound request. If a hacker were to start trying to get in, he'd need to work pretty hard and pretend to be one of the requested packets. Apparently this is very difficult, but not impossible. Then, he/she'd need an exploit for your OS. All in all, this scenario is extremely unlikely. You'd need a very good hacker, with a lot of time on his hands and a lot of patience. They probably aren't targetting DSL accounts. But this only holds for the HTTP port.

Probably the biggest concern is port forwarding and the DMZ. Port forwarding eliminates NAT - since you are now saying "send every packet to port xxx to computer xyz". So, if you are running any exploitable app on a port that you are forwarding then this is not "firewalled" at all. If you put your computer on the DMZ, then you are basically forwarding all ports to that computer. Same problem. As long as you don't forward any ports and you aren't on the DMZ, then you should be pretty safe.

Routers are "packet filters" - they don't consider past events when they block packets, they don't act "intelligent" they just filter packets and they aren't able to look for suspicious activities. Commercial firewalls maintain internal information about the state of connections passing through them, the contents of some of the data streams, etc.

Specifically answering your question. You are forwarding ports 25 and 80 - can someone hack into them? By forwarding the ports, you eliminate the NAT security. My question is what programs are you running that monitor those ports and how secure are they? As long as you stay up to date on releases of the programs that you have running on those ports, you should be ok. But, yes, by opening ports, you have eliminated the limited form of protection offered by your router.

 

[blstriker]

Thanks for an extremely complete answer. I'm running a website using w2k 2000 advanced server IIS 5.0 and have installed sp1 and a few more patches. It's not a business site so I don't think anybody will mess with me since there is no profit to be had. Thanks again for your reply.

 

[Batti]

There's certainly no harm in running something like ZoneAlarm on the machines inside the Linksys - why not?