jimbo385 Posted August 7, 2006 Share Posted August 7, 2006 Hi all,I have read the thread regarding what firewall but am still at a loss and just need some help please.I have a Netgear DG834 ADSL Firewall router. The firewall is in its basic settings.Is it true that it slows down ADSL connections?Is this enough to have the router in it's basic settings or do I need a degree in Firewall configuration to get the best/safest settings?Also, do I need to have a software base firewall?Can I run both together or is this just overkill?Thanks in advance.Jimbo Link to comment Share on other sites More sharing options...
nitroshift Posted August 7, 2006 Share Posted August 7, 2006 (edited) Have you tried running water through a net? Of course it slows the traffic down but not significantly. As for using a software firewall in addition to the one built in the router I'd go for it (since that's what I'm using). But then again, it depends on how paranoid you are... Edited August 7, 2006 by nitroshift Link to comment Share on other sites More sharing options...
LLXX Posted August 7, 2006 Share Posted August 7, 2006 Any NAT router is itself a sort of firewall already. You shouldn't need any more.If you don't have any services listening on open ports, then a firewall is pointless. Link to comment Share on other sites More sharing options...
uid0 Posted August 7, 2006 Share Posted August 7, 2006 A software firewall is sometimes useful in addition to a hardware router. When a suspicious new program tries to use the net, a software firewall should let you know, while your router would just allow it.Paranoia is good Link to comment Share on other sites More sharing options...
jimbo385 Posted August 8, 2006 Author Share Posted August 8, 2006 OK,Thanks for all the comments.One thing though, LLXX mentioned "don't have any services listening on open ports, then a firewall is pointless", what services should I have in here? How do I know that I need to add something?Is there a site that will tell me what the basic settings should be?I'm confused Jimbo Link to comment Share on other sites More sharing options...
nitroshift Posted August 8, 2006 Share Posted August 8, 2006 Is there a site that will tell me what the basic settings should be?It all depends on the programs you are running... Link to comment Share on other sites More sharing options...
LLXX Posted August 8, 2006 Share Posted August 8, 2006 Run "netstat -a -n" at the command prompt when you are sure no other programs are accessing the Internet. No ports should indicate "listening" if you don't have any type of server running.(Doing this while a browser is open, will result in showing many listening ports as connections are being made by the browser) Link to comment Share on other sites More sharing options...
jimbo385 Posted August 8, 2006 Author Share Posted August 8, 2006 OK,I close down Explorer and type in netstat -a -n in a dos window.This results in several ports listening!Several have the same IP Address as my PC. For example;(Fictitious IP Addresses coming up!)My PC has an IP address of 100.100.100.6The Listening port is TCP 100.100.100.6:133 and TCP 100.100.100.6.1024. One of them has a s=State of Time_waitI also have;TCP 0.0.0.0:100TCP 0.0.0.0:500TCP 0.0.0.0:1044TCP 127.0.1.0:1031All the above are listening.What should I do next? Do I block the ones that I have highlighted?Also, is it best to make these changes in my Firewal Router or within a software one to run alongside my hardware one?Thanks. Link to comment Share on other sites More sharing options...
LLXX Posted August 8, 2006 Share Posted August 8, 2006 The ones 1024 and above are opened by the browser, they should close eventually (TIME_WAIT).Port 100 is supposedly a "newacct" service, 133 is either "statsrv" or the Farnaz backdoor trojan 500 is isakmp.You can use TCPView (http://www.sysinternals.com/Utilities/TcpView.html) to determine what process is listening on those ports. Link to comment Share on other sites More sharing options...
jimbo385 Posted August 9, 2006 Author Share Posted August 9, 2006 Hi LLXX,I did not know that the numbers after to colon in the IP Address was the Port number because I had made them up to.Sorry for the confusion 'cause I did not know if it was ok to state actual IP addresses and port numbers.Anyway, when I run "netstat -a -n" I actually get the attached.When I run TCPVIEW, I get this;alg.exe:2212 TCP Scamp:1025 Scamp:0 LISTENING explorer.exe:3592 UDP Scamp:1031 *:* iexplore.exe:2628 UDP Scamp:1198 *:* iexplore.exe:3372 UDP Scamp:1305 *:* lsass.exe:1308 UDP Scamp:isakmp *:* lsass.exe:1308 UDP Scamp:4500 *:* MROUTE~2.EXE:2772 TCP Scamp:1041 Scamp:0 LISTENING spoolsv.exe:556 UDP Scamp:1027 *:* svchost.exe:1616 TCP Scamp:epmap Scamp:0 LISTENING svchost.exe:1740 UDP Scamp:ntp *:* svchost.exe:1740 UDP scamp:ntp *:* svchost.exe:1816 UDP Scamp:1047 *:* svchost.exe:1816 UDP Scamp:1032 *:* svchost.exe:1816 UDP Scamp:1048 *:* svchost.exe:2008 UDP Scamp:1900 *:* svchost.exe:2008 UDP scamp:1900 *:* System:4 TCP Scamp:microsoft-ds Scamp:0 LISTENING System:4 TCP scamp:netbios-ssn Scamp:0 LISTENING System:4 TCP scamp:1271 laptop:netbios-ssn ESTABLISHED System:4 UDP Scamp:microsoft-ds *:* System:4 UDP scamp:netbios-ns *:* System:4 UDP scamp:netbios-dgm *:* Now, the ports that are listening appear to be OK. Is that correct?Cheers Jimbo Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now