Jump to content

is router enough or not


Recommended Posts

Well, long story short. Is some basic filtering available in a router enough or is a firewall needed? I know my router log is full of dozens of various connection attemps, so it does lots of filtering, but somehow I think one shouldn't rely just on that. I would like some more technical opinions :)

Link to post
Share on other sites

A router with NAT is not a firewall. For example If you have a piece of malware it can get out to the net whereas a firewall with outbound rules would stop it. You need a firewall IMO. :)

Link to post
Share on other sites

Eyeball, if you have outbound issues, you're too late anyway since the system is already infected then.

But to answer the TheWalrus' question, it all depends on the make and model. Not every router is capable of the same things.

Link to post
Share on other sites
if you have outbound issues, you're too late anyway since the system is already infected then.

Exactly. I don't see a need to block any outbound stuff myself.

NAT isn't a firewall, but it still blocks all unsolicited incoming connections, blocking the undesirable stuff as a side effect (as the router wouldn't even know where to fwd them packets to).

I haven't run a software firewall in years, and I'm not about to either. Not until we're all on IPv6 or something, where every computer & device you have is accessible directly on the internet.

Link to post
Share on other sites

I always block all outbound ports as a precaution more than anything else. I wouldn't ever get malware myself but family..... im not so sure about :P lol

Link to post
Share on other sites
I always block all outbound ports as a precaution more than anything else. I wouldn't ever get malware myself but family..... im not so sure about :P lol

But, then it IS too late already. Because they got infected anyway. ;)

Link to post
Share on other sites
I always block all outbound ports as a precaution more than anything else. I wouldn't ever get malware myself but family..... im not so sure about :P lol

But, then it IS too late already. Because they got infected anyway. ;)

yeah but no... what if they get some spam generating piece of junk on their system and port 25 is blocked then i win, and pretty soon i would pick up on it from the firewall logs and remove it. Its my preference, and its makes complete sense to me to block all unnecessary outbound ports.

Link to post
Share on other sites
yeah but no... what if they get some spam generating piece of junk on their system and port 25 is blocked then i win, and pretty soon i would pick up on it from the firewall logs and remove it. Its my preference, and its makes complete sense to me to block all unnecessary outbound ports.

No, you still lose because you still have to fix the infected box, because you didn't take precautions; like hosts file blocks and ditto IE zones, allowed them or yourself to use known hazards like P2P programs, allowed and assigned them or yourself admin privileges, et cetera. No firewall will help against that.

Link to post
Share on other sites
No, you still lose because you still have to fix the infected box, because you didn't take precautions; like hosts file blocks and ditto IE zones, allowed them or yourself to use known hazards like P2P programs, allowed and assigned them or yourself admin privileges, et cetera. No firewall will help against that.

Precisely. There shouldn't be malware on your box in the first place. Using a firewall to block malware's outgoing packets is a band aid fix at best, whereas working towards not getting malware would be the actual fix.

I can even let my kids browse using IE8 on their new Win7 RC box (been too lazy to throw Firefox on there yet), and so far they picked up exactly 0 infections/adware and such crap. They've always kept their XP box clean too (and we're talking about 10 year olds here), even if the box wasn't even locked down (they were local admins, no hosts file or anything like that)

It's amazing the amount of trouble some people to have with malware. If they only stopped running every .exe straight from P2P and so on, and their problems would end instantly.

Link to post
Share on other sites

None of my family have actually been infected you understand. As i said before and please quote this part IT IS JUST A PRECAUTION, it is my opinion and im sticking by it, of course i use protection, far more than you guys seem to think..... I only gave my point of view on this and got burned :(

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...