Looking for Wired Router.....

Discussion in 'hardware' started by bgfalconboy, Nov 15, 2009.

Thread Status:
Not open for further replies.
  1. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    In actuality, SPI is the term that's getting over hyped by the marketing weenies and people, as we can see, are falling for it.

    NAT is the basic firewall feature that's important for home (and business) networks. I will not support any client..even if they just have a single PC at home, unless they're behind a NAT router. The important feature, is it masquerades the computer(s)..hiding them from the internet. A passive firewall if you will, yeah sure. The important feature is, your PC(s) is not directly connected to the internet on a public IP address. By default all 65,000 plus ports are blocked from unwarranted incoming traffic.

    Still don't know what's important about this? Take a computer with a fresh Windows XP no service packs install. Plug it directly into a cable modem on a public IP address, and let it sit there at desktop..you don't even have to surf the net or do anything. Give it about 5 minutes...now see how many worms and RPC or DCOM exploits and probably successful hacks have hit it.

    Now..for part 2 of the illustration, take a computer with a fresh Windows XP no service packs install, plug it into the back of a little Stinksys NAT router, and plug the router into the cable modem. The computer naturally will have a private IP address behind NAT. Let the computer sit there for a few hours...just at desktop. Guess what...no self spreading worms have hit it, no RPC exploits have hit it, no kiddie hackers from China have been grinding it, just sitting there behind NAT it's been safe from undesired incoming traffic.

    Or better yet...PAT.

    SPI ...now that's an overhyped feature. SPI really only comes into play when you do port forwarding, checking "inside" inbound packets against a predefined (and rather short and basic) list of malformed packet exploits. Protect against a DoS attack..."woooo" :rolleyes: If your little home or small biz network connection were to fall under a DoS attack, your internet pipe gets saturated first..doesn't make a whit of a difference if your router would recognize it or not....if your driveway is blocked by a whale, why bother opening or closing the garage door..nothing can get to it.

    And home grade routers simply don't have the balls to run the more proper version of this...Deep SPI, and Intrusion Prevention Service (IPS) and Intrusion Detection System (IDS). You're really only to get this if you have a budget allowing at least several hundred dollars...or your build yourself a *nix router distro.
     
  2. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    You are right. And even some of my colleagues have too - often insisting a router without SPI is a waste of money. Not true, by a long shot. You will often see routers advertised as having built in firewalls, but in reality, all they have is NAT and SPI. Valuable features, no doubt - but they are just features and protocols that add another layer of defense, but don't compare to a "real" (and expensive) firewall "device" as used in big corporate networks.

    That's really the key, isn't? Blocking the kiddie hackers, wannabes, and nosy neighbors. You can lock and bar the doors, brick up all the windows, and surround the place with killer whales, but if a determined experienced hacker is targeting YOU specifically, a little home router will slow him down about as much as locks and a burglar alarm will slow down a professional car thief from stealing the car.

    The idea is to remove all the low hanging fruit to eliminate the "crimes of opportunity". Fortunately :)blink: :doubt:) for us there are millions of users (many with pirated software, BTW) out there who don't keep their systems patched, updated, and scanned with current anti-malware applications, or blocked behind software based firewalls and routers - so 99% of the badguys won't waste their time trying to crack our defenses, and simply move on to the "easy pickings". This is still bad for the rest of us, however, as those machines become compromised and used as weapons against us by the badguys to distribute spam, malware, or conduct DDoS attacks.

    That's in line with what I said in my first post joining this thread - all broadband users should be behind a router, even if only one computer on their network. I don't refuse to support them, unless they refuse to take my advice! As noted, a very basic router with NAT, even from Linksys (which I happen to like, BTW) offers a great deal of security over using nothing.

    Well, that's the bottom line problem, isn't it? Computers don't just sit there. The weakest link of any security plan enters the picture - the user. If undisciplined, he or she will not patch or apply critical updates leaving vulnerabilities exposed. He will open attachments and downloads without scanning with current anti-malware first. She will click on unsolicited popups and links in unsolicited emails. And worst case scenario, they will participate in illegal filesharing of copyrighted materials (songs, videos and published documents) on peer-to-peer (P2P) sites o_O.

    Even the best defense is no good if you open the door and let the badguy in.
     
  3. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    @bgfalconboy
    Your modem (Motorola Surfboard SB5101) does have router functionality so a switch or hub will do as long you use a crossover cable between your modem and your switch. You can check the manual at page 47.
     
  4. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    :( No! That is wrong! This device does NOT have router "functionality". It's a cable modem ONLY. And a switch is not a router, nor does a switch provide router functionality either!

    As stated above, most routers INCLUDE a 4-port Ethernet switch in the same box, but a switch does not provide any router functionality. And because most routers, including the one suggested, include a switch, IT MAKES NO SENSE to buy a switch! Why? Because as I, YeOldeStonecat, and even Howard Kaikow have pointed out, the router with NAT offers a significant level of security to your network, even if only a network of one computer.

    @Sputnik - Note the name of this site; Wilders Security. A switch provides absolutely ZERO security. PERIOD! The only place a switch should ever be used on any network that connects to the Internet is BETWEEN a router, and a computer. Just because a switch will "technically" work (which we already said, BTW), that does not mean it is the right thing to do! Especially with today's security environment. And to suggest using a switch without a router is bad advice! :thumbd:
     
  5. bgfalconboy

    bgfalconboy Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    226
    So are routers with Nat firewall capability way more expensive or are most routers wireless or wired have the NAT feature? Maybe I should go the router way after all. I just don't want to spend $60+ on one if I can help it. I'm guessing using a router will make getting my ps3 to connect a lot harder to figure out.
     
  6. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    Look at my post #25 above. I posted a link to a D-Link Router with NAT and built in switch for only $25.99 after mail in rebate (with free shipping too) - just $1 more than the switch you were looking at. That is a basic router that does not include SPI. For that added security feature, it will cost more. But if not in your budget, then a basic router with NAT is just fine, and still provides a significant level of security over nothing, or a switch.
    I don't know of any router that does not have NAT - wired or wireless.

    The term "wireless routers" is another incorrect marketing term. There is no such thing as a wireless router. But what they call a wireless router is really one box that contains a router and a wireless access point (WAP) inside that are connected together internally. They typically also include a 4-port Ethernet switch in the same box too. Three discreet network devices that just happen to be housed in the same box, sharing a common power supply. Some even include a modem - for 4 in 1 box.

    No. It should be just as easy as hooking up a computer. Typically you power everything down, plug in the Ethernet cable, power up and you are ready to go. And certainly, if you have problems, there are many folks who have the same setup that can help. You typically can download the manual for any product before ordering too so you can get familiar before it arrives.

    Note that a wireless network requires much greater involvement to get the network secure and keep it secure. I don't recommend wireless when wired will do.
     
  7. bgfalconboy

    bgfalconboy Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    226
    Thanks for the info. I intend to just do with a wired network right now. Just don't have the need for wireless right not and especially living in an apt complex.
     
  8. bgfalconboy

    bgfalconboy Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    226
  9. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    You want to get a sense of the comparative routing speed (as opposed to the speed of the lines that pass through it). See here. On a quick look, D-Link is the hands down winner (~ 40 vs 7 Mbps WAN/LAN throughput assuming no version upgrades have occurred).

    Just a rule of thumb that I try to adhere to - make sure WAN/LAN routing throughput is a factor of ~2 or more above your current ISP maximum speed to allow for some growth in the future.

    Blue
     
  10. bgfalconboy

    bgfalconboy Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    226
    Well, my speed form time warner is currently their standard service of 7mbps. I have gotten dl speeds of 10mbps on online speedtests.

    I don't know if this matters or not but I don't plan on having anything more than my laptop and ps3 connected to the internet.
     
  11. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    This router will certainly serve your needs. I would not put much faith in that comparison (sorry, BlueZannetti) - as I note the review for that Netgear is a few days shy of 7 years old, and it would appear there have been several version upgrades since then.

    If Staples is in your area, you may check Office Max or Office Depot, or Best Buy too for other options - although certainly Netgear is a major player in the home networking field and has a good reputation too.
     
  12. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    That's certainly germane, but it would be nice if current numbers were available. Version upgrades won't assure improved routing performance, although I'd agree that there are plenty of examples out there in which the guts of these consumer routers have undergone major revision while retaining the same shell and model numbering.
    Although I agree that Netgear is a major player and has a decent reputation, my own hardware experience with Netgear has been mixed. I've had a pair of routers and a hub fail over time. In terms of my own experience, the rate of fixes has been a lot higher than other vendors I use/have used (Buffalo, ZyXel, Linksys, D-Link).

    Blue
     
  13. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    And I have only used routers from DrayTek.
    Never got a problem, they just works so to speak ;)

    SweX
     
  14. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    Yes it would be nice if ALL review sites would keep their listings current. At least that review did include the review dates - something I ALWAYS look for. Sadly, it is often this type outdated, superseded information that fuels continuing but unjust biases. Windows Firewall is a perfect example - people STILL claim it is a bad firewall because they read somewhere it lacked some feature. Well, 10 years ago, that was true. But that was two operating systems and several patches ago. WF today works great - and certainly is easier on resources than many 3rd party firewalls. People still blame and shun IE8 (or praise alternatives) for IE6's woes.

    We need to be realistic here. I think after looking at the Netgear614 Product Information Page, we can see the review from 2002 was done on the RP614v1. Three hardware revisions later, it is up to RP614v4, and checking the available downloads, v4 has had a few firmware upgrades too. I think after 3 hardware upgrades and several firmware upgrades, it is safe to assume routing performance has been improved.

    Revision changes are not unique to routers. The same model motherboards often go through several revisions during their life cycle, and can sport significant hardware changes in the process - to include revised chipsets, totally different drive controllers, and other I/O device changes - to the point Windows will think it is a totally different computer. Graphics cards often go through revision changes.

    I also think a little research will reveal all the major players have had some reliability issues on some of their products. I like Linksys but I have had more than one product go bad. One had a port go out, the other was a bad power supply. I was not happy in either case, but I don't condemn the entire Linksys product line because of it.
     
  15. bgfalconboy

    bgfalconboy Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    226
    All good points. Next thing to ask I guess might be who has the best warranty if something does fail.
     
  16. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,041
    Location:
    Nebraska, USA
    I think it best if you check the maker's site yourself for the product you are considering.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.