[oclug] DSL Question
miden at travel-net.com
Tue Aug 14 12:00:07 EDT 2007
Thanks for the great answers.
That security page is going to be very useful, Jacques.
On Tue, 2007-08-14 at 07:13 -0400, Jacques B. wrote:
> I Googled it and it is a gateway/router. A gateway/router will look
> at incoming packets and drop them if they don't correspond to an
> outgoing packet. So any unsolicited traffic (i.e. port scans, someone
> trying to remotely exploit a vulnerability in Windows) will be dropped
> by the router. Exploits on the wire attacking a MS system is
> obviously exploiting a vulnerability within the MS code. Because the
> router/gateway bears the external IP while PCs inside have an internal
> IP (typically 192.168.1.x for most home router/gateway solutions), any
> packets with your public IP as its destination IP means the router
> will receive that packet. The router looks at it and cannot find any
> previous outgoing traffic that corresponds with it so drops it. Under
> normal circumstances your machines on the inside initiate the
> connection so the router knows that traffic that went out to a
> particular IP came from a particular internal IP and therefore reply
> packets from that IP will be redirected to the internal IP that
> initiated the connection. So by the very nature of how this works it
> has the characteristics of a firewall.
> This means that if you want to run a server (web server, mail server,
> gaming server) you have to do some configuring on the router to accept
> incoming connections on particular ports and to forward such
> connections to a static IP on your internal network (which would be
> the PC/server with that service running).
> I <bold><underline>highly</underline></bold> recommend that you check
> out podcast #3 at http://www.grc.com/SecurityNow.htm for a very good
> explanation on NAT routers as firewalls. They do a much, much better
> job explaining it than me. They have many other podcasts worth
> checking out. They take IT topics and explain it very well to the
> non-techie listener. But even geeks will find them informative.
> So he is correct that he is safe from such attacks. Because these
> attacks exploit Windows vulnerabilities. Vulnerabilities that do not
> exist in the firmware of the router. So they will fail. Of course
> Andy is correct in pointing out that this does not protect him from
> browser exploits, from errors in judgement by the end user (i.e.
> executing an infected attachment, falling victim to a phishing
> attack). Linux is more resilient to most such attacks because the
> vulnerabilities being exploited by the malware is MS Windows specific
> so of no threat to Linux. However social engineering attacks
> (phishing) are of equal threat on Linux as on Windows. In those cases
> no vulnerability in any piece of software is being exploited, but
> rather human vulnerability.
> Jacques B.
More information about the OCLUG