Hardware firewall questions

Toggle sidebar Toggle sidebar
OILFIELDTRASH

OILFIELDTRASH

Lifer
May 13, 2009
12,333
612
126
I'm looking into getting a hardware firewall and have some questions. Right now I have a motorola surfboard modem that I run to my linksys wireless router. I read that my modem does not have a firewall and I'm guessing my wireless router doesn't either. How would I go about setting up a hardware firewall? What equipment is needed? Is this necessary? Looking to ditch those high dollar security suites and thinking a hardware firewall is a good first step. Thanks, any help appreciated.
 
lxskllr

lxskllr

No Lifer
Nov 30, 2004
59,484
10,005
126
You're router should have a firewall, and it should be enabled by default. What's the model?
 
S

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
regardless of whether or not you have a firewall, you should not get rid of the security software on your hosts. Firewalls protect against certain vulnerabilities...Antivirus/Antispyware/etc protect against others.
 
OILFIELDTRASH

OILFIELDTRASH

Lifer
May 13, 2009
12,333
612
126
It is a linksys wrt54gl wireless router. Does it have a firewall and if it does is it effective at all?


I will have antivirus, a software firewall, etc.. but probably freeware so it probably won't be as effective. Thats why I want to make sure I have a hardware firewall.
 
lxskllr

lxskllr

No Lifer
Nov 30, 2004
59,484
10,005
126
Originally posted by: OILFIELDTRASH
It is a linksys wrt54gl wireless router. Does it have a firewall and if it does is it effective at all?


I will have antivirus, a software firewall, etc.. but probably freeware so it probably won't be as effective. Thats why I want to make sure I have a hardware firewall.
Click to expand...

That's the router I use. It has an effective firewall that's enabled by default.

Freeware doesn't mean inferior. Here's my setup, all free...

Router firewall
Windows firewall
Avira antivirus free edition
SpyBot S&D not the best antispyware, but has passive protection which I like
Spywareblaster as above, passive protection, 0 resources
Malwarebytes(free) installed. great scanner, no real time protection. I scan every so often, but I've yet to have a problem.
 
OILFIELDTRASH

OILFIELDTRASH

Lifer
May 13, 2009
12,333
612
126
Are those all installed on the same system at the same time? No compatibility issues? Why windows firewall and not a freeware one like comodo or zone alarm?
 
lxskllr

lxskllr

No Lifer
Nov 30, 2004
59,484
10,005
126
Originally posted by: OILFIELDTRASH
Are those all installed on the same system at the same time? No compatibility issues? Why windows firewall and not a freeware one like comodo or zone alarm?
Click to expand...

They all stay out of each other's way. SpyBot and Spywareblaster are most useful for their hosts file updates. That blocks you from even going to bad sites.

Spywareblaster is completely passive, so it won't interfere with anything.

Spybot keeps an eye on things wanting to write to the registry. That can be helpful for browser hijacks, and other spyware install methods.

Free Malwarebytes doesn't have any real time protection. You just scan with that every so often, or if you're having issues you may think are malware related. No conflict with anything running.

Avira is antivirus of course, and like any A/V you only want to run 1 at a time. The only meaningful difference between the pay for and free versions, is the free version doesn't have POP3 scanning for email. Most ISPs cover that anyway, and if one does get through, it should be caught on execution. Avira has good heuristics and definition updates.

Windows firewall works fine. Vista+ does outbound filtering, and XP filters inbound only. Outbound protection isn't that important imo. Anything beyond scrip kiddie stuff(which a good A/V should pick up) can get around a firewall, and all outbound filtering will do is harass you whenever an app wants to check for updates. If your careful about what you install, giving that app net access shouldn't be a problem. If you don't trust an app with net access, maybe it shouldn't be on your machine at all ;^)
 
Lemon law

Lemon law

Lifer
Nov 6, 2005
20,984
3
0
To lxskller,

The problem with your security system is mainly on the outgoing side, not a horrible defect with vista but a more glaring one for win XP with its one way only incoming firewall.

To start out with, hardware firewalls are good at blocking incoming ports, but do nothing at blocking outgoing. Something like the XP firewall do nothing at blocking outgoing. And while the vista firewall can block outgoing, its my understanding that it takes a super effort on the part of the user to access any of the log files that tell what is going on regarding outbound.

Which is why I want and use a two way software firewall with easy access to log files that tell me what traffic is going in and out. And if I do not want my computer to communicate with a given website, I simply block it and am done with it, while you have no idea who your computer is communicating with on the incoming and outgoing sides.

I happen to use the comodo3 software firewall because of its hosts and HIPS files, but there are a plethora of very light weight freeware firewalls that have excellent log files and no bloat.
 
lxskllr

lxskllr

No Lifer
Nov 30, 2004
59,484
10,005
126
I used outbound filtering when I was on 56k. I played UT2k4 on 56k until 2006. I locked down communications from my box as I needed every single bit to go to the game, and didn't have the bandwidth to support apps checking for updates and stuff. AFAIC that's only reasonable use of outbound filtering(administrative software control). Any malware your A/V didn't catch, won't get caught by outbound filtering. If your box is pwned, it's no longer under your control. Malware can very easily launch a invisible instance of IE to communicate out, and I'm sure most of us would have IE green lighted for our systems.

I'm careful about what I install on my system. I implicitly trust everything on my box with net access, and don't want to harassed by a firewall when something wants to look for updates, or some other pedestrian activity.
 
Lemon law

Lemon law

Lifer
Nov 6, 2005
20,984
3
0
Lxskller asserts, "If your box is pwned, it's no longer under your control. Malware can very easily launch a invisible instance of IE to communicate out, and I'm sure most of us would have IE green lighted for our systems."

But with log files I can tell which websites that bogus internet explorer is communicating with and you can't with the windows firewall alone. Which gives me an edge you do not have, and it need not come with any extra bloat.

I am fairly sure your mommy like my mommy told you not to talk to strangers, but my computer and your computer is so dumb that it will talk with anyone, and if mine is screwing up, I want to know about it. We can hide behind dumb computer software but it can't be effective unless we add our own brains. You seem to have the safe surfing practices down way better than most, but the blind faith of I can't be got is just that, blind faith.
 
lxskllr

lxskllr

No Lifer
Nov 30, 2004
59,484
10,005
126
Here's my output from about 15 seconds of monitoring...

1 0.000000 NetmonFilter NetmonFilter:Updated Capture Filter: None
2 0.000000 NetworkInfoEx NetworkInfoEx:Network info for , Network Adapter Count = 5
3 0.000000 firefox.exe {TCP:1, IPv4:0} 208.167.225.13 192.168.1.115 TCP TCP:Flags=...A...F, SrcPort=HTTP(80), DstPort=63273, PayloadLen=0, Seq=33257729, Ack=1190495031, Win=59
4 0.000000 firefox.exe {TCP:1, IPv4:0} 192.168.1.115 208.167.225.13 TCP TCP:Flags=...A...., SrcPort=63273, DstPort=HTTP(80), PayloadLen=0, Seq=1190495031, Ack=33257730, Win=16324
5 2.571147 sidebar.exe {TCP:3, IPv4:2} 192.168.1.115 66.165.70.6 TCP TCP:Flags=...A...F, SrcPort=63263, DstPort=HTTP(80), PayloadLen=0, Seq=2367882117, Ack=1737155182, Win=63546
6 2.572147 sidebar.exe {TCP:4, IPv4:2} 192.168.1.115 66.165.70.6 TCP TCP:Flags=......S., SrcPort=63274, DstPort=HTTP(80), PayloadLen=0, Seq=1694284366, Ack=0, Win=8192 ( Negotiating scale factor 0x2 ) = 8192
7 2.621149 sidebar.exe {TCP:3, IPv4:2} 66.165.70.6 192.168.1.115 TCP TCP:Flags=...A...F, SrcPort=HTTP(80), DstPort=63263, PayloadLen=0, Seq=1737155182, Ack=2367882118, Win=64240
8 2.621149 sidebar.exe {TCP:3, IPv4:2} 192.168.1.115 66.165.70.6 TCP TCP:Flags=...A...., SrcPort=63263, DstPort=HTTP(80), PayloadLen=0, Seq=2367882118, Ack=1737155183, Win=63546
9 2.636150 sidebar.exe {TCP:4, IPv4:2} 66.165.70.6 192.168.1.115 TCP TCP:Flags=...A..S., SrcPort=HTTP(80), DstPort=63274, PayloadLen=0, Seq=4159989875, Ack=1694284367, Win=8192 ( Scale factor not supported ) = 8192
10 2.636150 sidebar.exe {TCP:4, IPv4:2} 192.168.1.115 66.165.70.6 TCP TCP:Flags=...A...., SrcPort=63274, DstPort=HTTP(80), PayloadLen=0, Seq=1694284367, Ack=4159989876, Win=64240 (scale factor 0x0) = 64240
11 2.636150 sidebar.exe {HTTP:5, TCP:4, IPv4:2} 192.168.1.115 66.165.70.6 HTTP HTTP:Request, GET /salerss.aspx
12 2.700154 sidebar.exe {HTTP:5, TCP:4, IPv4:2} 66.165.70.6 192.168.1.115 HTTP HTTP:Response, HTTP/1.1, Status Code = 200, URL: /salerss.aspx
13 2.700154 sidebar.exe {TCP:4, IPv4:2} 66.165.70.6 192.168.1.115 TCP TCP:[Continuation to #12]Flags=...A...., SrcPort=HTTP(80), DstPort=63274, PayloadLen=1460, Seq=4159991336 - 4159992796, Ack=1694284697, Win=64240 (scale factor 0x0) = 64240
14 2.700154 sidebar.exe {TCP:4, IPv4:2} 192.168.1.115 66.165.70.6 TCP TCP:Flags=...A...., SrcPort=63274, DstPort=HTTP(80), PayloadLen=0, Seq=1694284697, Ack=4159992796, Win=64240 (scale factor 0x0) = 64240
15 2.752157 sidebar.exe {TCP:4, IPv4:2} 66.165.70.6 192.168.1.115 TCP TCP:[Continuation to #12]Flags=...A...., SrcPort=HTTP(80), DstPort=63274, PayloadLen=1460, Seq=4159992796 - 4159994256, Ack=1694284697, Win=64240 (scale factor 0x0) = 64240
16 2.753157 sidebar.exe {TCP:4, IPv4:2} 66.165.70.6 192.168.1.115 TCP TCP:[Continuation to #12]Flags=...A...., SrcPort=HTTP(80), DstPort=63274, PayloadLen=1460, Seq=4159994256 - 4159995716, Ack=1694284697, Win=64240 (scale factor 0x0) = 64240
17 2.753157 sidebar.exe {TCP:4, IPv4:2} 192.168.1.115 66.165.70.6 TCP TCP:Flags=...A...., SrcPort=63274, DstPort=HTTP(80), PayloadLen=0, Seq=1694284697, Ack=4159995716, Win=64240 (scale factor 0x0) = 64240
18 2.753157 sidebar.exe {TCP:4, IPv4:2} 66.165.70.6 192.168.1.115 TCP TCP:[Continuation to #12]Flags=...AP..., SrcPort=HTTP(80), DstPort=63274, PayloadLen=694, Seq=4159995716 - 4159996410, Ack=1694284697, Win=64240 (scale factor 0x0) = 64240
19 2.944168 sidebar.exe {TCP:4, IPv4:2} 192.168.1.115 66.165.70.6 TCP TCP:Flags=...A...., SrcPort=63274, DstPort=HTTP(80), PayloadLen=0, Seq=1694284697, Ack=4159996410, Win=63546 (scale factor 0x0) = 63546
20 3.548202 {HTTP:8, UDP:7, IPv4:6} 192.168.1.1 239.255.255.250 SSDP SSDP:Request, NOTIFY *
21 3.549203 {HTTP:8, UDP:7, IPv4:6} 192.168.1.1 239.255.255.250 SSDP SSDP:Request, NOTIFY *
22 3.550203 {HTTP:8, UDP:7, IPv4:6} 192.168.1.1 239.255.255.250 SSDP SSDP:Request, NOTIFY *
23 3.551203 {HTTP:8, UDP:7, IPv4:6} 192.168.1.1 239.255.255.250 SSDP SSDP:Request, NOTIFY *
24 3.552203 {HTTP:8, UDP:7, IPv4:6} 192.168.1.1 239.255.255.250 SSDP SSDP:Request, NOTIFY *
25 3.552203 {HTTP:8, UDP:7, IPv4:6} 192.168.1.1 239.255.255.250 SSDP SSDP:Request, NOTIFY *
26 3.553203 {HTTP:8, UDP:7, IPv4:6} 192.168.1.1 239.255.255.250 SSDP SSDP:Request, NOTIFY *
27 3.554203 {HTTP:8, UDP:7, IPv4:6} 192.168.1.1 239.255.255.250 SSDP SSDP:Request, NOTIFY *
28 3.555203 {HTTP:8, UDP:7, IPv4:6} 192.168.1.1 239.255.255.250 SSDP SSDP:Request, NOTIFY *
29 3.556203 {HTTP:8, UDP:7, IPv4:6} 192.168.1.1 239.255.255.250 SSDP SSDP:Request, NOTIFY *
30 4.556260 firefox.exe {TCP:1, IPv4:0} 192.168.1.115 208.167.225.13 TCP TCP:Flags=...A...F, SrcPort=63273, DstPort=HTTP(80), PayloadLen=0, Seq=1190495031, Ack=33257730, Win=16324
31 4.556260 firefox.exe {TCP:9, IPv4:0} 192.168.1.115 208.167.225.13 TCP TCP:Flags=......S., SrcPort=63275, DstPort=HTTP(80), PayloadLen=0, Seq=4223401121, Ack=0, Win=8192 ( Negotiating scale factor 0x2 ) = 8192
32 4.573261 firefox.exe {TCP:1, IPv4:0} 208.167.225.13 192.168.1.115 TCP TCP:Flags=...A...., SrcPort=HTTP(80), DstPort=63273, PayloadLen=0, Seq=33257730, Ack=1190495032, Win=59
33 4.583262 firefox.exe {TCP:9, IPv4:0} 208.167.225.13 192.168.1.115 TCP TCP:Flags=...A..S., SrcPort=HTTP(80), DstPort=63275, PayloadLen=0, Seq=35573864, Ack=4223401122, Win=5840 ( Negotiated scale factor 0x7 ) = 747520
34 4.583262 firefox.exe {TCP:9, IPv4:0} 192.168.1.115 208.167.225.13 TCP TCP:Flags=...A...., SrcPort=63275, DstPort=HTTP(80), PayloadLen=0, Seq=4223401122, Ack=35573865, Win=16425 (scale factor 0x2) = 65700
35 4.583262 firefox.exe {HTTP:10, TCP:9, IPv4:0} 192.168.1.115 208.167.225.13 HTTP HTTP:Request, GET /ajax_requests.php
36 4.616264 firefox.exe {TCP:9, IPv4:0} 208.167.225.13 192.168.1.115 TCP TCP:Flags=...A...., SrcPort=HTTP(80), DstPort=63275, PayloadLen=0, Seq=35573865, Ack=4223401974, Win=59 (scale factor 0x7) = 7552
37 4.643265 firefox.exe {HTTP:10, TCP:9, IPv4:0} 208.167.225.13 192.168.1.115 HTTP HTTP:Response, HTTP/1.1, Status Code = 200, URL: /ajax_requests.php
38 4.834276 firefox.exe {TCP:9, IPv4:0} 192.168.1.115 208.167.225.13 TCP TCP:Flags=...A...., SrcPort=63275, DstPort=HTTP(80), PayloadLen=0, Seq=4223401974, Ack=35574268, Win=16324 (scale factor 0x2) = 65296
39 10.001572 firefox.exe {TCP:9, IPv4:0} 208.167.225.13 192.168.1.115 TCP TCP:Flags=...A...F, SrcPort=HTTP(80), DstPort=63275, PayloadLen=0, Seq=35574268, Ack=4223401974, Win=59 (scale factor 0x7) = 7552
40 10.001572 firefox.exe {TCP:9, IPv4:0} 192.168.1.115 208.167.225.13 TCP TCP:Flags=...A...., SrcPort=63275, DstPort=HTTP(80), PayloadLen=0, Seq=4223401974, Ack=35574269, Win=16324 (scale factor 0x2) = 65296
41 14.146809 firefox.exe {TCP:9, IPv4:0} 192.168.1.115 208.167.225.13 TCP TCP:Flags=...A...F, SrcPort=63275, DstPort=HTTP(80), PayloadLen=0, Seq=4223401974, Ack=35574269, Win=16324 (scale factor 0x2) = 65296
42 14.163810 firefox.exe {TCP:9, IPv4:0} 208.167.225.13 192.168.1.115 TCP TCP:Flags=...A...., SrcPort=HTTP(80), DstPort=63275, PayloadLen=0, Seq=35574269, Ack=4223401975, Win=59 (scale factor 0x7) = 7552
43 14.318819 LogMeIn.exe {SSL:13, TCP:12, IPv4:11} 192.168.1.115 64.94.18.193 SSL SSL: Application Data.
44 14.338820 LogMeIn.exe {SSL:13, TCP:12, IPv4:11} 64.94.18.193 192.168.1.115 SSL SSL: Application Data.
45 14.534831 LogMeIn.exe {TCP:12, IPv4:11} 192.168.1.115 64.94.18.193 TCP TCP:Flags=...A...., SrcPort=61030, DstPort=HTTPS(443), PayloadLen=0, Seq=2921737640, Ack=1454669145, Win=16475
46 14.556832 {TCP:14, IPv4:0} 192.168.1.115 208.167.225.13 TCP TCP:Flags=......S., SrcPort=63276, DstPort=HTTP(80), PayloadLen=0, Seq=2553289139, Ack=0, Win=8192 ( Negotiating scale factor 0x2 ) = 8192
47 14.573833 {TCP:14, IPv4:0} 208.167.225.13 192.168.1.115 TCP TCP:Flags=...A..S., SrcPort=HTTP(80), DstPort=63276, PayloadLen=0, Seq=52663533, Ack=2553289140, Win=5840 ( Negotiated scale factor 0x7 ) = 747520
48 14.573833 {TCP:14, IPv4:0} 192.168.1.115 208.167.225.13 TCP TCP:Flags=...A...., SrcPort=63276, DstPort=HTTP(80), PayloadLen=0, Seq=2553289140, Ack=52663534, Win=16425 (scale factor 0x2) = 65700
49 14.573833 {HTTP:15, TCP:14, IPv4:0} 192.168.1.115 208.167.225.13 HTTP HTTP:Request, GET /ajax_requests.php
50 14.604835 {TCP:14, IPv4:0} 208.167.225.13 192.168.1.115 TCP TCP:Flags=...A...., SrcPort=HTTP(80), DstPort=63276, PayloadLen=0, Seq=52663534, Ack=2553289992, Win=59 (scale factor 0x7) = 7552
51 14.631836 {HTTP:15, TCP:14, IPv4:0} 208.167.225.13 192.168.1.115 HTTP HTTP:Response, HTTP/1.1, Status Code = 200, URL: /ajax_requests.php
52 14.824847 {TCP:14, IPv4:0} 192.168.1.115 208.167.225.13 TCP TCP:Flags=...A...., SrcPort=63276, DstPort=HTTP(80), PayloadLen=0, Seq=2553289992, Ack=52663937, Win=16324 (scale factor 0x2) = 65296

Honestly I have better things to do than review logs like this as a routine occurrence. If I'm having issues I can look into it, but for day to day activity, it isn't worth it.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom