[oclug] DSL Question

Jacques B. jjrboucher at gmail.com
Tue Aug 14 07:13:47 EDT 2007 

On 8/13/07, miden <miden at travel-net.com> wrote:
> I'm getting DSL service soon. I have a friend who is getting the same
> service from the same provider. I run Linux. He runs XP. We will both be
> using a SpeedTouch ADSL2+ Gateway. He believes having his system behind
> this nice little piece of hardware means that his worries about being
> attacked/hacked etc. will be over. Does this make any kind of sense?
>
> How much should I be worried? I must admit I've become rather complacent
> about security on dial-up with Linux. I do run a firewall but haven't
> bothered with anti-virus for years.
>
> Neither of us will have a static IP.
>
> Any and all comments welcomed.
>
> Thanks
>
> -m

I Googled it and it is a gateway/router.  A gateway/router will look
at incoming packets and drop them if they don't correspond to an
outgoing packet.  So any unsolicited traffic (i.e. port scans, someone
trying to remotely exploit a vulnerability in Windows) will be dropped
by the router.  Exploits on the wire attacking a MS system is
obviously exploiting a vulnerability within the MS code.  Because the
router/gateway bears the external IP while PCs inside have an internal
IP (typically 192.168.1.x for most home router/gateway solutions), any
packets with your public IP as its destination IP means the router
will receive that packet.  The router looks at it and cannot find any
previous outgoing traffic that corresponds with it so drops it.  Under
normal circumstances your machines on the inside initiate the
connection so the router knows that traffic that went out to a
particular IP came from a particular internal IP and therefore reply
packets from that IP will be redirected to the internal IP that
initiated the connection.  So by the very nature of how this works it
has the characteristics of a firewall.

This means that if you want to run a server (web server, mail server,
gaming server) you have to do some configuring on the router to accept
incoming connections on particular ports and to forward such
connections to a static IP on your internal network (which would be
the PC/server with that service running).

I <bold><underline>highly</underline></bold> recommend that you check
out podcast #3 at http://www.grc.com/SecurityNow.htm for a very good
explanation on NAT routers as firewalls.  They do a much, much better
job explaining it than me.  They have many other podcasts worth
checking out.  They take IT topics and explain it very well to the
non-techie listener.  But even geeks will find them informative.

So he is correct that he is safe from such attacks.  Because these
attacks exploit Windows vulnerabilities.  Vulnerabilities that do not
exist in the firmware of the router.  So they will fail.   Of course
Andy is correct in pointing out that this does not protect him from
browser exploits, from errors in judgement by the end user (i.e.
executing an infected attachment, falling victim to a phishing
attack).  Linux is more resilient to most such attacks because the
vulnerabilities being exploited by the malware is MS Windows specific
so of no threat to Linux.  However social engineering attacks
(phishing) are of equal threat on Linux as on Windows.  In those cases
no vulnerability in any piece of software is being exploited, but
rather human vulnerability.

Jacques B.

More information about the OCLUG mailing list