Vulnerability Development mailing list archives

Re: Linksys 4-port Router NAT/Firewall

From: Dragos Ruiu <dr () V-WAVE COM>
Date: Thu, 24 Aug 2000 17:35:40 -0700

On Thu, 24 Aug 2000, Litscher, Steven wrote:

Greetings All,

I recently purchased a Linksys 4-port router (BEFSR41) for use with my
soon-to-be-growing home network (it's only 2 pc's right now).  I'm extremely
new to networking, so please forgive me if these questions are too
elementary...

1) Is the firewall that comes with the router safe enough that I don't have
to continue using software firewalls (ZoneAlarm)?


It should provide about equivalent protection... but why not be safer
if it's not a big performance hit? "Defence in Depth" and all....

2) I went to grc.com and received "Stealth" status with just the router
running.  However, grc doesn't probe high port numbers.  Is the router
effective at blocking high port numbers like B02K, Sub-7, etc?


It's a NAT so it doesn't have to do this.  Connections have to be initiated
from the inbound to the outbound.

3) Does anyone have any experience with this router and have some tips they
could share?


Yes....  it's pretty nicely nailed down so far in my testing.  You can Id it by
the beaker gif on the external side port 80.  When you try to brute force the
admin page on the local side after 3000 rapid tries it will fall back to a mode
allowing only 100 tries.  Nice touch that.

Negative: TFTP is open on it, connected to who knows what, and I have yet so
set any brute forcers on it....

4) Does anyone have any links to some good sites (other than grc and
robertgrahm) for tips on firewall configuration?


Well with this particular unit you do not have much to set other than
addressing so the conventional tutorials may not apply.  Be careful of
the DMZ option, because it really opens up that host, and the host is
still technically on the inside and can thus be a perfect springboard for
local attacks/hijacks and all.  It's far better just to drill open as few ports
as possible to individual hosts. I have not tortured the routing protocols on
these puppies much yet either so I can't speak for the stability of those.

I've upgraded the firmware and performed the tips that Linksys recommends
for securing the router (changed admin password, etc).


I'm still poking at some of these off and on, maybe I'll collate together some
notes when I'm closer to being done. I like them so far for the price.  BTW
the reset button on the front also resets the password to "admin".

Cheers,
--dr

--
dursec.com ltd. / kyx.net - we're from the future
pgp fingerprint: 18C7 E37C 2F94 E251 F18E  B7DC 2B71 A73E D2E8 A56D
pgp key: http://www.dursec.com/drkey.asc

Current thread:

Linksys 4-port Router NAT/Firewall Litscher, Steven (Aug 24)
- Re: Linksys 4-port Router NAT/Firewall Larry D'Anna (Aug 24)
- Re: Linksys 4-port Router NAT/Firewall David Knaack (Aug 24)
  - Re: Linksys 4-port Router NAT/Firewall Bluefish (P.Magnusson) (Aug 25)
- Re: Linksys 4-port Router NAT/Firewall Dragos Ruiu (Aug 24)
- Re: Linksys 4-port Router NAT/Firewall Jonathan Rickman (Aug 24)
- <Possible follow-ups>
- Re: Linksys 4-port Router NAT/Firewall Michael Wojcik (Aug 25)
- Re: Linksys 4-port Router NAT/Firewall Ed Padin (Aug 25)
  - Message not available
    - Re: Linksys 4-port Router NAT/Firewall Dragos Ruiu (Aug 26)
  - Re: Linksys 4-port Router NAT/Firewall Dragos Ruiu (Aug 26)