Vulnerability Development mailing list archives
Re: Linksys 4-port Router NAT/Firewall
From: Dragos Ruiu <dr () V-WAVE COM>
Date: Thu, 24 Aug 2000 17:35:40 -0700
On Thu, 24 Aug 2000, Litscher, Steven wrote:
Greetings All, I recently purchased a Linksys 4-port router (BEFSR41) for use with my soon-to-be-growing home network (it's only 2 pc's right now). I'm extremely new to networking, so please forgive me if these questions are too elementary... 1) Is the firewall that comes with the router safe enough that I don't have to continue using software firewalls (ZoneAlarm)?
It should provide about equivalent protection... but why not be safer if it's not a big performance hit? "Defence in Depth" and all....
2) I went to grc.com and received "Stealth" status with just the router running. However, grc doesn't probe high port numbers. Is the router effective at blocking high port numbers like B02K, Sub-7, etc?
It's a NAT so it doesn't have to do this. Connections have to be initiated from the inbound to the outbound.
3) Does anyone have any experience with this router and have some tips they could share?
Yes.... it's pretty nicely nailed down so far in my testing. You can Id it by the beaker gif on the external side port 80. When you try to brute force the admin page on the local side after 3000 rapid tries it will fall back to a mode allowing only 100 tries. Nice touch that. Negative: TFTP is open on it, connected to who knows what, and I have yet so set any brute forcers on it....
4) Does anyone have any links to some good sites (other than grc and robertgrahm) for tips on firewall configuration?
Well with this particular unit you do not have much to set other than addressing so the conventional tutorials may not apply. Be careful of the DMZ option, because it really opens up that host, and the host is still technically on the inside and can thus be a perfect springboard for local attacks/hijacks and all. It's far better just to drill open as few ports as possible to individual hosts. I have not tortured the routing protocols on these puppies much yet either so I can't speak for the stability of those.
I've upgraded the firmware and performed the tips that Linksys recommends for securing the router (changed admin password, etc).
I'm still poking at some of these off and on, maybe I'll collate together some notes when I'm closer to being done. I like them so far for the price. BTW the reset button on the front also resets the password to "admin". Cheers, --dr -- dursec.com ltd. / kyx.net - we're from the future pgp fingerprint: 18C7 E37C 2F94 E251 F18E B7DC 2B71 A73E D2E8 A56D pgp key: http://www.dursec.com/drkey.asc
Current thread:
- Linksys 4-port Router NAT/Firewall Litscher, Steven (Aug 24)
- Re: Linksys 4-port Router NAT/Firewall Larry D'Anna (Aug 24)
- Re: Linksys 4-port Router NAT/Firewall David Knaack (Aug 24)
- Re: Linksys 4-port Router NAT/Firewall Bluefish (P.Magnusson) (Aug 25)
- Re: Linksys 4-port Router NAT/Firewall Dragos Ruiu (Aug 24)
- Re: Linksys 4-port Router NAT/Firewall Jonathan Rickman (Aug 24)
- <Possible follow-ups>
- Re: Linksys 4-port Router NAT/Firewall Michael Wojcik (Aug 25)
- Re: Linksys 4-port Router NAT/Firewall Ed Padin (Aug 25)
- Message not available
- Re: Linksys 4-port Router NAT/Firewall Dragos Ruiu (Aug 26)
- Message not available
- Re: Linksys 4-port Router NAT/Firewall Dragos Ruiu (Aug 26)