Built in router firewall?

Discussion in 'other firewalls' started by FadeAway, Jan 25, 2008.

Thread Status:
Not open for further replies.
  1. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Hi all,

    After writing this for posting, I see it is being indirectly discussed
    near the end of another thread.

    https://www.wilderssecurity.com/showthread.php?t=198186

    Please move if appropriate.

    Here's the question. My ISP-provided router contains a rules-configurable
    SPI firewall. Based on what I've been able to understand from various
    reading, since my machines are now at non-routeable IP addresses,
    the firewall is pretty much unnecessary. If I were Major Financial, Inc.,
    I might be worried about things like DDoS attacks, and feel the need
    for the router firewall, but as a home user, such things don't
    concern me (or should they?). So long as I do things like using a
    complex router password, and turn off vulnerable stuff inside the
    router like UPnP and remote configuration, the NAT function of the
    router should be all that is needed. There is a light firewall running
    on each computer, but that is mostly so I can check their logs to see
    that nothing is getting past the router. My machines are not networked,
    just using a switch/hub. The system is 100% wired.

    So at any rate, right now I'm running the router barefoot.
    Any comments from networking/firewall experts as to whether or not the
    router firewall should be needed by a home user? If anything stated
    above is incorrect, let me know, I'm still learning. Thanks.
     
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    ~snipped quote~

    What you've said is pretty accurate, but why turn OFF the SPI firewall functionality since you already have it?
     
    Last edited by a moderator: Jan 26, 2008
  3. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Hi Victek123,

    Many thanks for the reply and confirming my understanding.

    Other than doing everything possible to maintain a fast connection,
    there is no reason for me to run without the router firewall.
    There is a pre-configured "Low" setting rule-set, which blocks some known
    attack types, but allows everything else. I suppose I should
    set it there. I don't want to get into writing my own rules which could
    interfere with router settings that might be specific to the ISP.
     
  4. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    I have a Westell 6100 and it sounds very much like yours. I have set the FW to low and it is still coming up stealthed at GRC. I also disabled for a while to see if there was a speed increase. I did not notice any.
     
  5. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    I also have a 6100, and come up stealth at GRC with both with the FW
    on Low and with it off.

    Try a custom scan on ports 2420 and 4567.

    Behind NAT, it doesn't matter anyway, so long as the router config
    password is strong.

    Thanks.
     
  6. jobeard

    jobeard Registered Member

    Joined:
    Jan 31, 2008
    Posts:
    15
    Location:
    So. Cailf
    yes, KEEP SPI active.

    lots of worms(programs & people) attempt to fake tcp headers and send a packet that
    looks like ANYTHING other than packet-sequence#1. Without SPI,
    the router will just forward them; with SPI, it tosses it as not being
    received in the right sequence.
     
Loading...
Thread Status:
Not open for further replies.