Security of hardware routers/firewalls?

[Hender]

A thought just occured to me as I was taking Steve Gibson's "Sheilds Up" test on his website (interesting if you've never taken it before, also necessary if you have a broadband connection, you can take it here.) and testing my Linksys router. How secure are these hardware firewalls/routers? I know that by not having a computer as the primary IP address, it reduces your risk of exposure to the Internet and all the people just clammoring to hack your machine (or so PC Magazine and PC World tell me), but are they still "hackable"? To set the options, I believe you can only access it from the LAN, because when I put in my IP from another machine not on the LAN, I just get a dead-end.

I don't the reliability of them, but I'm just curious if there's even a way to bypass them. I have my port 80 open on my router to run my website, so of course I should have my web server configured so that it's secure, but beyond that it seems like they're inpenetrable--which of course, is what someone say right before they get hacked. Thoughts?

 

[neuralfx]

nope they are not inpenetrable, i could see why the may seem that way.. but say when u access a website, through your port 80.. well that webserver got through didnt it? the possibilites are endless, but yes they provide a lil extra security..
-neural

 

[Hender]

No, the port 80 isn't open for outgoing traffic; there is no restricted outgoing traffic, but I opened up my port 80 so that my webserver behind the firewall could be accessed. If I closed it, there would be no open ports.

 

[AirMail1]

Hi,
I am not an a programmer but a script kiddie. I have no idea of how this 17 yr old did it, but he demonstrated how he could foil a linksys router.....once he had the IP address. (which if your going to a website, can be captured sans good proxy)

The strength that the linky (and other similar gateway routers) is its ability to be unpingable. But once you are sure of the IP its apparently possible with a few scripts to get around it. I am not sure how he did it and he would provide little detail, except he did NOT simply hack a password.

Other benefits would be the ability to do packet filtering and of course logs to view what has been going on to see if someone IS banging away at your door. I believe the SoHO is the best of the home/office models.

But the best thing I have read about is by a company called GnatBox.com
With their software, you build your OWN separate firewall on a spare 486/pentium box, 2 nics, and 16mg of ram. Supposedly the largest amount of features and filtering capabilities.

 

[Hender]

Do you have an article about that, or was it something you saw? That would be an interesting read, because I have two Linksys routers. I assume that the hack would apply to all the routers because they all are essentially the same, unless there happens to be a particular vulnerability in the Linksys models.

 

[n0cmonkey]

<< Hi,
I am not an a programmer but a script kiddie. >>



You admit to being a script kiddiot? Heh.

Anyways, ANYTHING is crackable. Some of the biggest firewalls in the industry have had major problems. I would not rely on one of these packet filters (they are not really full fledged firewalls just packet filters) to protect you.

 

[Hender]

Well, I rely on it to a certain extent knowing that I have security through obscurity at the very least, which may not be a great method, but it's a start. I have no doubt in my mind that anyone dedicated enough to the task could hack into my computer, but I'm really not worried about such a thing. I don't exactly have anything to offer, and no one would really benefit by DOSing me, they'd just make an ass out of themself.

 

[n0cmonkey]

<< Well, I rely on it to a certain extent knowing that I have security through obscurity at the very least, which may not be a great method, but it's a start. I have no doubt in my mind that anyone dedicated enough to the task could hack into my computer, but I'm really not worried about such a thing. I don't exactly have anything to offer, and no one would really benefit by DOSing me, they'd just make an ass out of themself. >>


DoSing you doesnt matter, its using you to DoS others that does. Security is best implemented in layers. So along with your &quot;router&quot; throw zone alarm and a good virus program on your machines and youll be a lot better off.

 

[Hender]

I used to use ZoneAlarm, but I got tired of the pop-up windows every time I used an application that accesses the Internet for the first time. I've had games lock up hard because I can't Alt-Tab back to the window. Now it's just the firewall, NAV, and my good sense not to run or download anything I don't know about.

 

[n0cmonkey]

<< I used to use ZoneAlarm, but I got tired of the pop-up windows every time I used an application that accesses the Internet for the first time. I've had games lock up hard because I can't Alt-Tab back to the window. Now it's just the firewall, NAV, and my good sense not to run or download anything I don't know about. >>



Security and usefulness go hand in hand. The more of one you have the less of the other. I understand that games are important to you, but you can turn the firewall off when you disconnect to play your games. Or if you have to play online games, get some that wont crash when you have an important application needing time on your computer.