«

My GF is getting one of these soon. I've had lots of problems with
getting probed from what looks like infected external machines, but
I've got a Cisco 803 on which you can set this up...

I think a decent router is the only way forward these days...


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.

In article <>,
Peter <> wrote:
:My GF is getting one of these soon. I've had lots of problems with
:getting probed from what looks like infected external machines, but
:I've got a Cisco 803 on which you can set this up...

Linksys has a lot of different models. I don't know if any of them
has what you would recognize as access lists. I see a review for
the WAPG54G that indicates you can configure what outbound users
can connect to. I see indications that the WAP54G that you can
filter based upon MAC address (up to 20).


Hmmm, a number of the Amazon reviews for the WAP54G are pretty harsh.
I know though, that a number of people think that BEFSR41 is pretty
good, and the V equivilent is said to be quite good as long as
you stick to release 3 instead of release 4. So it appears that
experiences differ a lot based upon model and version.
--
Reviewers should be required to produce a certain number of
negative reviews - like police given quotas for handing out
speeding tickets. -- The Audio Anarchist

> My GF is getting one of these soon. I've had lots of problems with
> getting probed from what looks like infected external machines, but
> I've got a Cisco 803 on which you can set this up...

Well, all of the Linksys models stop all unsolicited inbound traffic on the
"WAN" port unless explicitly permitted (since it is really a Network Address
Translation (NAT) box, not a 'router'), so that should stop the probing at
the door. Using access-lists is moot, since the default is to deny
everyone. Compare this to IOS routing, where packets are allowed in unless
explicitly denied. Note that IOS NAT also denies all inbound packets unless
it matches an outbound stream or is explicitly permitted.

You can restrict wireless access by MAC address and WEP keys.

> Hmmm, a number of the Amazon reviews for the WAP54G are pretty harsh.
> I know though, that a number of people think that BEFSR41 is pretty
> good, and the V equivilent is said to be quite good as long as
> you stick to release 3 instead of release 4. So it appears that
> experiences differ a lot based upon model and version.

i replaced my dlink di-604 with a linksys wireless wrt54g - using it
with telewest blueyonder and so far its been great, thought i had a drop
out problem on one of the network ports but seems it was the network
cable.

covers the area i need (its upstairs front of house and signal fine
downstairs back of house) and works flawlessly so far after a few weeks
use.

"Phillip Remaker" <> wrote

>> My GF is getting one of these soon. I've had lots of problems with
>> getting probed from what looks like infected external machines, but
>> I've got a Cisco 803 on which you can set this up...
>
>Well, all of the Linksys models stop all unsolicited inbound traffic on the
>"WAN" port unless explicitly permitted (since it is really a Network Address
>Translation (NAT) box, not a 'router'), so that should stop the probing at
>the door. Using access-lists is moot, since the default is to deny
>everyone. Compare this to IOS routing, where packets are allowed in unless
>explicitly denied. Note that IOS NAT also denies all inbound packets unless
>it matches an outbound stream or is explicitly permitted.

I don't understand the last 2 lines above, unless you assume that the
access list start with a simple 'permit any any' line; then you have
to start restricting things...

The reason I posted the Linksys question is because over the last week
or two I have spent many hours, very well assisted by another man from
around here, setting up the following 803 access list

outbound:
>access-list 100 permit tcp any any eq www
>access-list 100 permit udp any any eq domain
>access-list 100 permit tcp any any eq domain
>access-list 100 permit tcp any any eq nntp
>access-list 100 permit tcp any any eq pop3
>access-list 100 permit tcp any any eq ftp
>access-list 100 permit tcp any any eq ftp-data
>access-list 100 permit tcp any eq ftp-data any
>access-list 100 permit tcp any any established

inbound:
>access-list 150 permit tcp any any established
>access-list 150 deny tcp any any eq ftp-data
>access-list 150 permit tcp any eq ftp-data any
>access-list 150 deny icmp any any echo
>access-list 150 permit icmp any any
>access-list 150 permit tcp any any eq ident
>access-list 150 permit tcp any any eq smtp
>access-list 150 permit udp any eq domain any
>access-list 150 deny ip any any

just so that the router works for the normal internet stuff (http,
pop3 email, ftp) while numerous Blaster (and possibly other) inbound
traffic does not keep the line up for long enough to stretch my normal
20hr/mo online time to beyond 250hrs/mo and get me kicked off the
flat-rate ISP !!

I am getting a Blaster attack every minute at least, from different
people.

Until a few months ago, I was able to use

>access-list 100 deny udp any any eq netbios-ns
>access-list 100 deny udp any any eq netbios-dgm
>access-list 100 deny udp any any eq netbios-ss
>access-list 100 deny udp host 0.0.0.0 eq 135 any
>access-list 100 permit ip any any

(straight out of the Cisco 800 handbook) and that worked for the
previous 3 years without a single problem.

Times are changing...

Is the above sort of thing possible on the Linksys 54G wifi broadband
router, or would people rely on the fact that with broadband nobody
cares (or notices) what gets retransmitted following the receipt of
Blaster packet?


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.

In article <1070646350.91342@sj-nntpcache-5>,
Phillip Remaker <> wrote:
:Well, all of the Linksys models stop all unsolicited inbound traffic on the
:"WAN" port unless explicitly permitted (since it is really a Network Address
:Translation (NAT) box, not a 'router'), so that should stop the probing at
:the door.

And how do they do that for UDP? How can they tell whether the traffic
is "unsolicited" ?

Linksys has an extensive model line, and not all of the models use
any kind of stateful inspection.
--
Suppose there was a test you could take that would report whether
you had Free Will or were Pre-Destined. Would you take the test?

On Sat, 06 Dec 2003 11:59:21 -0600, Walter Roberson wrote:

> In article <1070646350.91342@sj-nntpcache-5>, Phillip Remaker
> <> wrote: :Well, all of the Linksys models stop all
> unsolicited inbound traffic on the :"WAN" port unless explicitly
> permitted (since it is really a Network Address :Translation (NAT) box,
> not a 'router'), so that should stop the probing at :the door.
>
> And how do they do that for UDP? How can they tell whether the traffic
> is "unsolicited" ?
>
> Linksys has an extensive model line, and not all of the models use any
> kind of stateful inspection.

It builds a translation for the outbound UDP stream, and subsequent
packets are permitted in.

If I were to send a UDP datagram to one of these devices, and it does not
have a translation for that particular port to an internal host, the
packet will be dropped.

Rik Bain <> wrote:

>> In article <1070646350.91342@sj-nntpcache-5>, Phillip Remaker
>> <> wrote: :Well, all of the Linksys models stop all
>> unsolicited inbound traffic on the :"WAN" port unless explicitly
>> permitted (since it is really a Network Address :Translation (NAT) box,
>> not a 'router'), so that should stop the probing at :the door.
>>
>> And how do they do that for UDP? How can they tell whether the traffic
>> is "unsolicited" ?
>>
>> Linksys has an extensive model line, and not all of the models use any
>> kind of stateful inspection.
>
>It builds a translation for the outbound UDP stream, and subsequent
>packets are permitted in.
>
>If I were to send a UDP datagram to one of these devices, and it does not
>have a translation for that particular port to an internal host, the
>packet will be dropped.

The One I was thinking of was WRT54G-UK, details at


http://uk.insight.com/apps/productpr..._id=LNKNA03D8S

This one is going to be getting Blaster attacks all day long... but it
needs to work for www, email, ftp, and also yahoo and hotmail
messenger.

Re the messenger, the yahoo one can be configured to use http only and
the msn one can too I think... The file transfer in both of these
stops working (even through a wide-open Cisco router) but that's OK.


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.