Jump to content

is router enough or not

Octopuss
 Share

Recommended Posts

Octopuss

Octopuss

Posted
Posted

Well, long story short. Is some basic filtering available in a router enough or is a firewall needed? I know my router log is full of dozens of various connection attemps, so it does lots of filtering, but somehow I think one shouldn't rely just on that. I would like some more technical opinions :)


eyeball

eyeball

Posted
Posted

A router with NAT is not a firewall. For example If you have a piece of malware it can get out to the net whereas a firewall with outbound rules would stop it. You need a firewall IMO. :)

beats

beats

Posted
Posted

Eyeball, if you have outbound issues, you're too late anyway since the system is already infected then.

But to answer the TheWalrus' question, it all depends on the make and model. Not every router is capable of the same things.

CoffeeFiend

CoffeeFiend

Posted
Posted
if you have outbound issues, you're too late anyway since the system is already infected then.

Exactly. I don't see a need to block any outbound stuff myself.

NAT isn't a firewall, but it still blocks all unsolicited incoming connections, blocking the undesirable stuff as a side effect (as the router wouldn't even know where to fwd them packets to).

I haven't run a software firewall in years, and I'm not about to either. Not until we're all on IPv6 or something, where every computer & device you have is accessible directly on the internet.

eyeball

eyeball

Posted
Posted

I always block all outbound ports as a precaution more than anything else. I wouldn't ever get malware myself but family..... im not so sure about :P lol

beats

beats

Posted
Posted
I always block all outbound ports as a precaution more than anything else. I wouldn't ever get malware myself but family..... im not so sure about :P lol

But, then it IS too late already. Because they got infected anyway. ;)

eyeball

eyeball

Posted
Posted
I always block all outbound ports as a precaution more than anything else. I wouldn't ever get malware myself but family..... im not so sure about :P lol

But, then it IS too late already. Because they got infected anyway. ;)

yeah but no... what if they get some spam generating piece of junk on their system and port 25 is blocked then i win, and pretty soon i would pick up on it from the firewall logs and remove it. Its my preference, and its makes complete sense to me to block all unnecessary outbound ports.

beats

beats

Posted
Posted
yeah but no... what if they get some spam generating piece of junk on their system and port 25 is blocked then i win, and pretty soon i would pick up on it from the firewall logs and remove it. Its my preference, and its makes complete sense to me to block all unnecessary outbound ports.

No, you still lose because you still have to fix the infected box, because you didn't take precautions; like hosts file blocks and ditto IE zones, allowed them or yourself to use known hazards like P2P programs, allowed and assigned them or yourself admin privileges, et cetera. No firewall will help against that.

CoffeeFiend

CoffeeFiend

Posted
Posted
No, you still lose because you still have to fix the infected box, because you didn't take precautions; like hosts file blocks and ditto IE zones, allowed them or yourself to use known hazards like P2P programs, allowed and assigned them or yourself admin privileges, et cetera. No firewall will help against that.

Precisely. There shouldn't be malware on your box in the first place. Using a firewall to block malware's outgoing packets is a band aid fix at best, whereas working towards not getting malware would be the actual fix.

I can even let my kids browse using IE8 on their new Win7 RC box (been too lazy to throw Firefox on there yet), and so far they picked up exactly 0 infections/adware and such crap. They've always kept their XP box clean too (and we're talking about 10 year olds here), even if the box wasn't even locked down (they were local admins, no hosts file or anything like that)

It's amazing the amount of trouble some people to have with malware. If they only stopped running every .exe straight from P2P and so on, and their problems would end instantly.

eyeball

eyeball

Posted
Posted

None of my family have actually been infected you understand. As i said before and please quote this part IT IS JUST A PRECAUTION, it is my opinion and im sticking by it, of course i use protection, far more than you guys seem to think..... I only gave my point of view on this and got burned :(

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...