DI-704up

Discussion in 'Computer Security' started by peter, Jan 1, 2006.

  1. peter

    peter Guest

    Greetings

    I have a DI-704up router in front of 2 boxes. Was wondering if I
    should/can trust the in built firewall ? Can they be breached?, finding
    useful doc's about (that a layman can understand) this router is difficult.

    TIA peter
     
    peter, Jan 1, 2006
    #1
    1. Advertising

  2. From: "peter" <>

    | Greetings
    |
    | I have a DI-704up router in front of 2 boxes. Was wondering if I
    | should/can trust the in built firewall ? Can they be breached?, finding
    | useful doc's about (that a layman can understand) this router is difficult.
    |
    | TIA peter

    *IF* it was reachable you are not a Bank or source of highly data/information worth the
    effort. Therefore such a task would not be undertaken.

    On the Router...
    Block WAN access
    Block Remote Upgrades

    As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and 445 on *any* SOHO Router.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Jan 1, 2006
    #2
    1. Advertising

  3. peter

    optikl Guest

    David H. Lipman wrote:

    >
    > As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and 445 on *any* SOHO Router.
    >

    Dave, can you explain that a bit more? Are you talking about port
    forwarding those to a non-existant IP address?
     
    optikl, Jan 1, 2006
    #3
  4. From: "optikl" <>

    | David H. Lipman wrote:
    |
    >> As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and 445 on *any* SOHO
    >> Router.
    >>

    | Dave, can you explain that a bit more? Are you talking about port
    | forwarding those to a non-existant IP address?

    No. Specifically blocking inbound and outbound communication in both TCP and UDP in the
    range of 135 ~ 139 and the port 445. If NAT is a like a door that is closed but can be
    opened by the right protocol sequence, specifically blocking those posts locks that door and
    nothing will cause that door to be opened.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Jan 1, 2006
    #4
  5. peter

    Moe Trin Guest

    Happy New Year

    On Sun, 01 Jan 2006, in the Usenet newsgroup alt.computer.security, in article
    <tLJtf.4961$uv.4357@trnddc06>, David H. Lipman wrote:

    >From: "optikl" <>
    >
    >| David H. Lipman wrote:
    >|
    >>> As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and 445
    >>> on *any* SOHO Router.

    >
    >| Dave, can you explain that a bit more? Are you talking about port
    >| forwarding those to a non-existant IP address?
    >
    >No. Specifically blocking inbound and outbound communication in both TCP
    >and UDP in the range of 135 ~ 139 and the port 445. If NAT is a like a door
    >that is closed but can be opened by the right protocol sequence,


    It is not. NAT or Port Forwarding is a technique to forward the packet to
    another computer. It _MAY_ change the error message sent back to the remote
    host from a ICMP Type 3 Code 3 (Port Unreachable) to an ICMP Type 3 Code 1
    (Host Unreachable). The fallacy of this is that your ISP has given you
    _one_ IP address, and the "bad guy" is attempting to connect to that one
    address. Now, think for a moment who sends back the error message. Why of
    course, it's the computer the "bad guy" is attempting to connect to. So the
    bad guy sees

    To: IP.Of.Bad.Guy
    From: 67.163.108.96
    Message: 67.163.108.96 does not exist.

    Oh, REALLY???

    >specifically blocking those posts locks that door and nothing will cause
    >that door to be opened.


    which is exactly the same thing that the NAT does - or the same thing as
    if you had configured your computer correctly in the first place, and were
    not offering services to every one who connects.

    The real difference is that the ICMP Type 3 Code 1 (Host Unreachable)
    message from the computer that doesn't exist has the same effect as sending
    no reply at all - it shows that the computer exists, and was configured by
    someone who doesn't know what they were doing. Maybe it's worth looking at
    more stuff on this computer, to see what other configuration errors exist.

    Old guy
     
    Moe Trin, Jan 1, 2006
    #5
  6. peter

    Winged Guest

    David H. Lipman wrote:
    > From: "peter" <>
    >
    > | Greetings
    > |
    > | I have a DI-704up router in front of 2 boxes. Was wondering if I
    > | should/can trust the in built firewall ? Can they be breached?, finding
    > | useful doc's about (that a layman can understand) this router is difficult.
    > |
    > | TIA peter
    >
    > *IF* it was reachable you are not a Bank or source of highly data/information worth the
    > effort. Therefore such a task would not be undertaken.
    >
    > On the Router...
    > Block WAN access
    > Block Remote Upgrades
    >
    > As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and 445 on *any* SOHO Router.
    >

    I would block everything inbound below 1024 unless you have a require a
    specific server service. If you do ensure you only open the specific
    server service and only to the box required. Most users do not require
    any ports below 1024 exposed.

    Winged
     
    Winged, Jan 5, 2006
    #6
  7. From: "Winged" <>


    | I would block everything inbound below 1024 unless you have a require a
    | specific server service. If you do ensure you only open the specific
    | server service and only to the box required. Most users do not require
    | any ports below 1024 exposed.
    |
    | Winged

    SOHO Routers often don't differentiate between inbound and outbound. Such a block would
    mean no Internet access.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Jan 5, 2006
    #7
  8. peter

    Winged Guest

    David H. Lipman wrote:
    > From: "Winged" <>
    >
    >
    > | I would block everything inbound below 1024 unless you have a require a
    > | specific server service. If you do ensure you only open the specific
    > | server service and only to the box required. Most users do not require
    > | any ports below 1024 exposed.
    > |
    > | Winged
    >
    > SOHO Routers often don't differentiate between inbound and outbound. Such a block would
    > mean no Internet access.
    > Yup, routers are not the best security devices, and do not make good

    firewalls. I wasn't thinking router but of firewall. My bad for not
    considering. I guess I am forgetting how to live without a statefull
    inspection firewall....

    Winged
     
    Winged, Jan 9, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marcello

    DI-704UP DSL-500B DP-301U what can I do with IT?

    Marcello, May 31, 2007, in forum: Computer Security
    Replies:
    1
    Views:
    652
    Jim Watt
    May 31, 2007
Loading...

Share This Page