Hi!

I'm using a netgear wgt624 v3 router.


my main concern is about trojans and worms.
If I happen to get infected with a trojan.. my router wouldn't let the attacker in right? Because he'd see my public IP but not my private one. Is this correct?

if this is correct.. then I could uninstall Comodo Firewall from my computer. Since I only use it to control outgoing connections.

But since my firewall "should" block incoming connections from attackers.... then there isn't much use for a software firewall.... right?

"If I happen to get infected with a trojan"

If you have already been infected, then the hardware Firewall (the router) will not help the infected PC in any way. However, a software firewall can inhibit the propagation of these worms/trojans WITHIN your LAN (the Router will gladly let the worm/trojan run all across your network once it gets in as your LAN is BEHIND the NAT portion of the router). So Hardware Firewalls protect your LAN from "the cloud". Software firewalls protect your LAN from internal attacks via infected PC's.

I'm slightly paranoid, but a Hardware Firewall (NAT Router) and the Windows Firewall is all I need to feel safe. And for god's sake if you use WiFi, MAKE SURE YOU USE WPA (NOT WEP or MAC Address Filtering - they are 100% useless)!!!!!! Otherwise, you might as well run an ethernet cable to your front lawn with a big "Free Internet access" sign on it, and let anyone who wanders by into your LAN!!!

Regardless, if you invite a virus into your system by opting to download an infected file, then you are sunk... The main point of entry is usually done by intentionally downloading a file that is infected or opening an e-mail attachment (stuff the user initiates, not stuff that forces its way into your system through a router).

:cool:

MAC Address Filtering - 100% useless!!!!!!


WHAT??
i thought mac address filtering was a good way of stopping unwanted hardware logging on to your router? was i wrong?

mac addresses can be cloned.. However, unless you've allowed file sharing on your machines, anyone who does log onto your wifi will be able to access the internet, and not much else. You could go a step further and turn on AP isolation, which put each wireless connection into a virtual network where they see no other computers, basicly making a free wifi..

Here's a scenario:

You have a good software firewall with host-based intrusion detection/prevention (something like the full version of Sunbelt firewall), and anti-virus, installed and running on your machine. You download a file, scan it with your AV, and run it. The file came up clean, according to your anti-virus, however, after running the file, your software firewall alerts you of malicious code injection, and/or outbound connection attempt, to a WAN IP address. You know that this app is not suppose to be accessing the internet, and you know that it shouldn't be injecting code into any file, especially if it's a critical system file. You now know you've downloaded and ran something that you shouldn't have.

Had the same scenario happened, without a software firewall, your AV probably would have notified you, a day or two later, that ntoskrnl.exe/winlogon.exe/svchost.exe is infected with some trojan. Nothing would have stopped it from dialing out, and giving someone access to all your passwords, and other personal information.

by default, hardware firewalls let everything out, and block incomming. so if the worm initiates a connection from your pc to outbound, depending on what it does it could open up a hole in the firewall to let someone in...

dont download all sorts of crap to your pc and you will be ok.

i only use mac filtering on my wireless, because i frequently check logs, and i only have a certain amount of addresses in my subnet meaning it would be hard for someone to get on to my network..

there may be a program to brute force clone a mac address to hack a router.. but i would guess it would take AGES..?

i only use mac filtering on my wireless, because i frequently check logs, and i only have a certain amount of addresses in my subnet meaning it would be hard for someone to get on to my network..

there may be a program to brute force clone a mac address to hack a router.. but i would guess it would take AGES..?

Someone can easily sniff your your packets, and since your permitted hosts MAC addresses will be printed on every ethernet frame, they'll be able to spoof their MAC and access your network. I hope you have transmit power, on all your wireless devices, set to the minimum.

WHAT??
i thought mac address filtering was a good way of stopping unwanted hardware logging on to your router? was i wrong?

Even though it can be completely spoofed in a short amount of time, it is one more step that someone has to go through. If there is someone casually trying to 'break' into your network, this might be enough to make them move on. It doesn't hurt to use it at all...

Even though it can be completely spoofed in a short amount of time, it is one more step that someone has to go through. If there is someone casually trying to 'break' into your network, this might be enough to make them move on. It doesn't hurt to use it at all...

if someone's determined to break into your network, yes, they will see this with no issue and break it really easy, within a few mintues with cain or even etheral / wireshark. (note: i'm not condoning this, but i'm using the software names as a example of what is capable of sniffing packets)


now your tipical user, they wont know a dammed thing why they wouldn't be able to connect to joe scmhoe's WIFI AP down the street.

For securing a wireless network I would suggest using WPA2 at least. I myself am looking into WPA2-Enterprise with a radius server. Cracking WEP and I believe WPA is as easy as "apt-get install ********" on a linux box with a wireless card.

As long as you have a good long/strong/random password, WPA is all you'll need IMO. I'm talking like 20 or more ASCII Charachters if you want to be safe. GRC.com has a killer SSL encrypted Password Generator page that ROCKS for this type of stuff :)

:cool:

As long as you have a good long/strong/random password, WPA is all you'll need IMO. I'm talking like 20 or more ASCII Charachters if you want to be safe. GRC.com has a killer SSL encrypted Password Generator page that ROCKS for this type of stuff :)

:cool:

IIRC WPA is harder to crack, however, doable. keep that in mind too :)