[oclug] DSL Question

miden miden at travel-net.com
Tue Aug 14 12:00:07 EDT 2007 

Thanks for the great answers.
That security page is going to be very useful, Jacques.
http://www.grc.com/SecurityNow.htm

-m

On Tue, 2007-08-14 at 07:13 -0400, Jacques B. wrote:

> 
> I Googled it and it is a gateway/router.  A gateway/router will look
> at incoming packets and drop them if they don't correspond to an
> outgoing packet.  So any unsolicited traffic (i.e. port scans, someone
> trying to remotely exploit a vulnerability in Windows) will be dropped
> by the router.  Exploits on the wire attacking a MS system is
> obviously exploiting a vulnerability within the MS code.  Because the
> router/gateway bears the external IP while PCs inside have an internal
> IP (typically 192.168.1.x for most home router/gateway solutions), any
> packets with your public IP as its destination IP means the router
> will receive that packet.  The router looks at it and cannot find any
> previous outgoing traffic that corresponds with it so drops it.  Under
> normal circumstances your machines on the inside initiate the
> connection so the router knows that traffic that went out to a
> particular IP came from a particular internal IP and therefore reply
> packets from that IP will be redirected to the internal IP that
> initiated the connection.  So by the very nature of how this works it
> has the characteristics of a firewall.
> 
> This means that if you want to run a server (web server, mail server,
> gaming server) you have to do some configuring on the router to accept
> incoming connections on particular ports and to forward such
> connections to a static IP on your internal network (which would be
> the PC/server with that service running).
> 
> I <bold><underline>highly</underline></bold> recommend that you check
> out podcast #3 at http://www.grc.com/SecurityNow.htm for a very good
> explanation on NAT routers as firewalls.  They do a much, much better
> job explaining it than me.  They have many other podcasts worth
> checking out.  They take IT topics and explain it very well to the
> non-techie listener.  But even geeks will find them informative.
> 
> So he is correct that he is safe from such attacks.  Because these
> attacks exploit Windows vulnerabilities.  Vulnerabilities that do not
> exist in the firmware of the router.  So they will fail.   Of course
> Andy is correct in pointing out that this does not protect him from
> browser exploits, from errors in judgement by the end user (i.e.
> executing an infected attachment, falling victim to a phishing
> attack).  Linux is more resilient to most such attacks because the
> vulnerabilities being exploited by the malware is MS Windows specific
> so of no threat to Linux.  However social engineering attacks
> (phishing) are of equal threat on Linux as on Windows.  In those cases
> no vulnerability in any piece of software is being exploited, but
> rather human vulnerability.
> 
> Jacques B.

More information about the OCLUG mailing list