why is it safer behind a router/firewall

greenhorn

greenhorn

Enclave Plus
Herald
Usually after i install my windoze XP ( my install cd is of SP1 vintage :P) i install all the updates etc, but last time , since i got my router , i didnt :ashamed:

I mean, it worked , so why bother :P

it worked till a friend of mine borrowd the router. since i was using netlimiter as a software firewall, i guesses that the router didnt make a difference, but within seconds of connecting , all sorts of funny processes started coming up, and net usage shot up.my firefighting was in vain, and my xp has been 0wned, so to speak. Right now I'm in my ubuntu install, waiting to get my router back

I've heard folks say that nothing beats a hardware firewall.. why :huh:.. why is it safer behind a router or a hardware firewall ?
 
Hold on a sec, netlimiter isn't really a firewall, so don't think it is.

As for patches, you had better install them because a firewall will only protect against _some_ of the vulnerabilities that patches prevent.

What you had there was not a router protecting you, but rather NAT protecting you. If it had been a true router (and not a NAT), you would have been hosed long ago.

Basically, the NAT does not forward any incoming connections unless you specifically tell it to.

When you removed the NAT box, incoming connections from the net were able to get through to your machine and attack any vulnerable services listening on those ports....

Basically what the NAT did was create two zones - the internet and the intranet. The Internet was listed as bad (i.e. no incoming allowed) and the intranet was listed as good (all incoming allowed).

You can do this with a software firewall just as well. The real advantage of a hardware firewall is simply that it is dedicated.
 
kingkrool has put it across pretty well..

basically the router firewall blocks any and every incoming connection that u have not authorized or configured the router to allow.

this is the reason why one needs to carry out "port forwarding" to use torrents on net connections via routers.

the same thing can be done on software firewalls as well..I have been using the ZoneAlarm firewall for a while now, and i must say i'm really impressed with it..no spyware..no adware..
 
Software firewalls theoretically have some other advantages (based on protocol scrubbing and deep packet inspection), but with suitable hardware, that can be obtained too.

One simple way of obtaining a cheap hardware firewall is to setup an old PC running routing software on it and switching off every other service on it.

If nothing else, why not use WinXP SP2 firewall? It is pretty decent at preventing incoming packets from attacking you...
 
netlimiter 2 pro has a firewall :) , with rules and everything. I have a Linksys WRT54G

Oh, and thanks for the replies guys :D
 
KingKrool said:
One simple way of obtaining a cheap hardware firewall is to setup an old PC running routing software on it and switching off every other service on it.
Click to expand...
Only works in countries where cost of electricity is cheap.

In our country, you will get the same effect with something similar to D-Link 502T and you wont have much to learn to setup and your electricity bills will be low. :)

Unless if this sort of thing really thrills (which i really doubt) then by all means set up a bsd box with PF.
 
Back
Top