Firewall. Software or Hardware

[jimbo385]

Hi all,

I have read the thread regarding what firewall but am still at a loss and just need some help please.

I have a Netgear DG834 ADSL Firewall router. The firewall is in its basic settings.

Is it true that it slows down ADSL connections?

Is this enough to have the router in it's basic settings or do I need a degree in Firewall configuration to get the best/safest settings?

Also, do I need to have a software base firewall?

Can I run both together or is this just overkill?

Thanks in advance.

Jimbo

[nitroshift]

Have you tried running water through a net? Of course it slows the traffic down but not significantly. As for using a software firewall in addition to the one built in the router I'd go for it (since that's what I'm using). But then again, it depends on how paranoid you are...

Edited August 7, 2006 by nitroshift

[LLXX]

Any NAT router is itself a sort of firewall already. You shouldn't need any more.

If you don't have any services listening on open ports, then a firewall is pointless.

[uid0]

A software firewall is sometimes useful in addition to a hardware router. When a suspicious new program tries to use the net, a software firewall should let you know, while your router would just allow it.

Paranoia is good

[jimbo385]

OK,

Thanks for all the comments.

One thing though, LLXX mentioned "don't have any services listening on open ports, then a firewall is pointless", what services should I have in here? How do I know that I need to add something?

Is there a site that will tell me what the basic settings should be?

I'm confused

Jimbo

[nitroshift]

Is there a site that will tell me what the basic settings should be?

It all depends on the programs you are running...

[LLXX]

Run "netstat -a -n" at the command prompt when you are sure no other programs are accessing the Internet. No ports should indicate "listening" if you don't have any type of server running.

(Doing this while a browser is open, will result in showing many listening ports as connections are being made by the browser)

[jimbo385]

OK,

I close down Explorer and type in netstat -a -n in a dos window.

This results in several ports listening!

Several have the same IP Address as my PC. For example;

(Fictitious IP Addresses coming up!)

My PC has an IP address of 100.100.100.6

The Listening port is TCP 100.100.100.6:133 and TCP 100.100.100.6.1024. One of them has a s=State of Time_wait

I also have;

TCP 0.0.0.0:100

TCP 0.0.0.0:500

TCP 0.0.0.0:1044

TCP 127.0.1.0:1031

All the above are listening.

What should I do next? Do I block the ones that I have highlighted?Also, is it best to make these changes in my Firewal Router or within a software one to run alongside my hardware one?

Thanks.

[LLXX]

The ones 1024 and above are opened by the browser, they should close eventually (TIME_WAIT).

Port 100 is supposedly a "newacct" service, 133 is either "statsrv" or the Farnaz backdoor trojan

500 is isakmp.

You can use TCPView (http://www.sysinternals.com/Utilities/TcpView.html) to determine what process is listening on those ports.

[jimbo385]

Hi LLXX,

I did not know that the numbers after to colon in the IP Address was the Port number because I had made them up to.

Sorry for the confusion 'cause I did not know if it was ok to state actual IP addresses and port numbers.

Anyway, when I run "netstat -a -n" I actually get the attached.

When I run TCPVIEW, I get this;

alg.exe:2212 TCP Scamp:1025 Scamp:0 LISTENING

explorer.exe:3592 UDP Scamp:1031 *:*

iexplore.exe:2628 UDP Scamp:1198 *:*

iexplore.exe:3372 UDP Scamp:1305 *:*

lsass.exe:1308 UDP Scamp:isakmp *:*

lsass.exe:1308 UDP Scamp:4500 *:*

MROUTE~2.EXE:2772 TCP Scamp:1041 Scamp:0 LISTENING

spoolsv.exe:556 UDP Scamp:1027 *:*

svchost.exe:1616 TCP Scamp:epmap Scamp:0 LISTENING

svchost.exe:1740 UDP Scamp:ntp *:*

svchost.exe:1740 UDP scamp:ntp *:*

svchost.exe:1816 UDP Scamp:1047 *:*

svchost.exe:1816 UDP Scamp:1032 *:*

svchost.exe:1816 UDP Scamp:1048 *:*

svchost.exe:2008 UDP Scamp:1900 *:*

svchost.exe:2008 UDP scamp:1900 *:*

System:4 TCP Scamp:microsoft-ds Scamp:0 LISTENING

System:4 TCP scamp:netbios-ssn Scamp:0 LISTENING

System:4 TCP scamp:1271 laptop:netbios-ssn ESTABLISHED

System:4 UDP Scamp:microsoft-ds *:*

System:4 UDP scamp:netbios-ns *:*

System:4 UDP scamp:netbios-dgm *:*

Now, the ports that are listening appear to be OK. Is that correct?

Cheers

Jimbo