Modem with NAT firewall, does it also need a software firewall?
Mikey
Network Address Translation firewall and Stateful Packet
Inspection. The Windows XP computer it's installed on also
has Zonealarm (free version) installed. Is Zonealarm still
neccesary with this modem or can it be uninstalled?
Bucky Breeder
news:4891D7B5.D8D3AB5F@not_here.not_there_either.nope:
The modem/router's NAT firewall will block rouge packets
from "coming in" to your machine from the WAN... most
good ones will stop anyone on the WAN from seeing you in
fact, if you have those settings... You'd be "cloaked".
You need to deal with Ident port 113... but that's
a whole 'nother discussion...
A [good] software firewall is useful for keeping a check
on unauthorized packets from "going out" from your machine...
ZoneAlarm Free was not the best choice for me in my LAN.
ZA Pro later versions were too clunky and too many st00pid
extras to be effacacious for me...
I'm still liking ZA Pro v5.5.094.000. If you look around
you should be able to find a key to borrow and/or download
the try-it from the ZA website :
http://download.zonealarm.com/bin/free/1026_trial/zapSetup_55_094_000.exe
Try it, or not... If you like it you could buy it. Sooner or later
that vsmon engine is going to be obsolete, but so far so good...
HTH. Have a nice day.
--
I *am* Bucky Breeder, (*(^; , and *I* approved this message!
"In theory, there is no difference between theory and
practice; but, in practice, there is." -- Yogi Berra (1925- )
Mikey
Bucky Breeder wrote:
Thanks for the reply. The computer isn't on a LAN. The previous modem
installed was just a modem, no firewall, and ZoneAlarm Free worked well, I
never had any problems.
Beauregard T. Shagnasty
Depends on whether or not you want to know what software on your
computer is calling *out*.
--
-bts
-Friends don't let friends drive Windows
Mikey
"Beauregard T. Shagnasty" wrote:
Thanks for the reply. I think that I do want to know what software of
mine is calling "out".
Leythos
Mikey@not_here.not_there_either.nope says...
NAT does not make the device a firewall, NAT is a method of ROUTING and
while it blocks, in this case, unsolicited inbound connections, it's IS
NOT A FIREWALL.
As for a soft-firewall application. If you run as a local administrator
in most cases a soft-firewall does no good - the malware can disable it
or punch holes through it since you're running as a local admin.
In most cases, if you are reasonable, a NAT router and quality AV
software with a good dose of common sense is all you need for HOME use.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam9...@rrohio.com (remove 999 for proper email address)
Mikey
Leythos wrote:
Thanks for the reply. I called it a "NAT firewall" because in all the
descriptions of the modem and in its documentatiom (and on the box the
modem came in) that's what it's called. Thanks for the clarification and
the information. Yes, it will be for home use, and it's a single computer
not networked to any others.
wisdomkiller & pain
You need a good virus scanner, and some scanner for spyware, with a
registry/autostart monitor to catch malware before it can settle.
A combo of a good plain virus scanner (no "internet security" bloatware
necessary at all) with on-access capabilities, like kaspersky,
and a anti-spyware tool like S%D with the registry monitor teatimer,
will work fine.
Even better, if you do your surfing and mailing and daily work from a
non-admin account.
You know, in XP-Pro you can always run a command or installer as admin with
shift-rightclick-"run-as" option. Of course, that needs a password for
admin. And, run that nice downloaded program from untrusted source only
after you have scanned it, waited for a few days even if it appears clean,
then scanned again with freshl updated signatures. Take your time, unless
you have too much spare time to waste with windows reinstalls.
Mikey
wisdomkiller & pain wrote:
Thank you for the reply. I have AVG (the free version) antivirus installed,
also AdAware, SpyBot and Windows Defender. The spyware programs I don't have
running all at once, of course, I just update them and have them scan the
computer every now and then.
Arnold@arnold.com Mr. Arnold
"Mikey" <Mikey@not_here.not_there_either.nope> wrote in message
news:4891D7B5.D8D3AB5F@not_here.not_there_either.nope...
> Recently purchased a Zoom 5660 modem / router. It has a
> Inspection a form of a FW.
Llanzlan Klazmon
If the device does statefull packet inspection as claimed then it
certainly is a firewall.
Mikey
"Mr. Arnold" wrote:
Thank you for the reply. And thanks for the link.
Leythos
82c100...@b30g2000prf.googlegroups.com>, bill.m...@gmail.com
says...
And I suppose you know for a fact that the SPI is working like it would
in most real firewalls?
Do you know how many broken implementations or disabled implementations
of SPI have been sent out to the public in the last 5 years in those
"residential grade" devices?
It's a router with some "Firewall Like" features, nothing more.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam9...@rrohio.com (remove 999 for proper email address)
Bill
Mikey@not_here.not_there_either.nope says...
If you're using ethernet to the modem/router and it's assigning an
address to you < or if you're using a static address >, you're on a
LAN. A very small one, but still a LAN.
Bill
Hp
I am inclined to suggest that you use a software firewall also.
Question: how does the firewall firmware in the modem/router get
updated?
When does it get updated?
These questions if answered, nope Doesn't happen, then suggest that the
present version of the firmware firewall is sort of locked into the mode
of protection it provides and probably wont be flexible enough to
address any new tricks that the 'do'ers of Evil Deeds' come up with
AFTER your box is in service.
Whereas a software firewall will be more flexible in adapting to the
ever changing world of trying to keep up with a attackers out there.
Now, having Typed that, IF you are using windoze XP or Vista, that also
has a firewall component, Running That AND another software firewall is
Not so Hot an Idea! (and if it were me, I'd KILL the windoze firewall in
favor of Zonealarm.)
Bisdiethylthiocarbamoyl-Methanone-DichlorophenoxyOxy-4-Trimethylaniline
for ye will be swine drunk, and in thy sleep thou does little harm, save
to thy piss-stained bedclothes about thee, ye tinkled:
And the answer to the poster's question is what, Fuckfaced InBredder?
> --
>
> I *am* Bucky Breeder, (*(^; , and *I* approved this message!
>
> "In theory, there is no difference between theory and
> practice; but, in practice, there is." -- Yogi Berra (1925- )
>
> http://youtube.com/watch?v=1aodpb3vFU0&feature=user
>
--
Hammer of Thor: February 2007. Pierre Salinger Memorial Hook,
Line & Sinker: September 2005, April 2006, January 2007.
Official Member: Cabal Obsidian Order COOSN-124-07-06660
Official Overseer of Kooks & Trolls in 24hoursupport.helpdesk
Leythos
> Whereas a software firewall will be more flexible in adapting to the
> ever changing world of trying to keep up with a attackers out there.
>
And if the user is running as a local administrator level account, the
malware can disable or put holes in the software firewall that can't be
put in the NAT router or a real-firewall appliance.
Soft-firewalls are only good if installed on a non-user machine with no
account that has access/authentication to any other network resource.
Linonut
> Mikey wrote:
>
>> Recently purchased a Zoom 5660 modem / router. It has a
>> Network Address Translation firewall and Stateful Packet
>> Inspection. The Windows XP computer it's installed on also
>> has Zonealarm (free version) installed. Is Zonealarm still
>> neccesary with this modem or can it be uninstalled?
>
> I am inclined to suggest that you use a software firewall also.
> Question: how does the firewall firmware in the modem/router get
> updated?
It's update when the firmware is updated and applied to the device.
> When does it get updated?
> These questions if answered, nope Doesn't happen, then suggest that the
> present version of the firmware firewall is sort of locked into the mode
> of protection it provides and probably wont be flexible enough to
> address any new tricks that the 'do'ers of Evil Deeds' come up with
> AFTER your box is in service.
It gets updated with a new firmware release targeting packet filtering
issues. It's not a malware detection solution, and neither is the
bloated junk in PFW(s), which has been mis-directed and are packet
filters solutions and not malware detection solutions that it cannot be
trying to protect *you* from *you*
> Whereas a software firewall will be more flexible in adapting to the
> ever changing world of trying to keep up with a attackers out there.
Something like ZA or even Vista FW are not FW(s). They are machine level
packet filters that protect at the machine level.
<copied>
What is a firewall?
A firewall protects networked computers from intentional hostile
intrusion that could compromise confidentiality or result in data
corruption or denial of service. It may be a hardware device or a
software program running on a secure host computer. In either case, it
must have at least two network interfaces, one for the network it is
intended to protect, and one for the network it is exposed to.
<And for those that don't know what two network interfaces means for a
computer running a host based FW, it means the the computer must have
two network interface cards (NICS) in them with one NIC protecting from
the network it is protecting from, and the other NIC protecting the
network it is protecting.>
A firewall sits at the junction point or gateway between the two
networks, usually a private network and a public network such as the
Internet. The earliest firewalls were simply routers. The term firewall
comes from the fact that by segmenting a network into different physical
subnetworks, they limited the damage that could spread from one subnet
to another just like firedoors or firewalls.
A firewall examines all traffic routed between the two networks to see
if it meets certain criteria. If it does, it is routed between the
networks, otherwise it is stopped. A firewall filters both inbound and
outbound traffic. It can also manage public access to private networked
resources such as host applications. It can be used to log all attempts
to enter the private network and trigger alarms when hostile or
unauthorized entry is attempted. Firewalls can filter packets based on
their source and destination addresses and port numbers. This is known
as address filtering. Firewalls can also filter specific types of
network traffic. This is also known as protocol filtering because the
decision to forward or reject traffic is dependant upon the protocol
used, for example HTTP, ftp or telnet. Firewalls can also filter traffic
by packet attribute or state.
<That is FW technology, and the Windows XP and Vista FW/packet filters
or some 3rd party personal FW/packet filter are NOT FW(s).>
>
> Now, having Typed that, IF you are using windoze XP or Vista, that also
> has a firewall component, Running That AND another software firewall is
> Not so Hot an Idea! (and if it were me, I'd KILL the windoze firewall in
> favor of Zonealarm.)
>
http://www.securityfocus.com/infocus/1840
Now, when my machine running Vista or XP pro is connected directly to
the modem, no router or FW appliance sitting between the modem and the
computer, I use IPsec that runs in conjunction with the XP or Vista
FW/packet filter, which can also run with any 3rd party personal
FW/packet filter.
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
The AnalogX IPsec policies are implemented.
http://www.analogx.com/CONTENTS/articles/ipsec.htm
http://support.microsoft.com/kb/813878
When the machines are behind the FW appliance, the Vista or XP FW packet
filter is disabled along with IPsec, no need for them.
Aardvark
> The modem/router's NAT firewall will block rouge packets from "coming
> in" to your machine from the WAN
What about mascara or kohl or lipstick packets?
Sorry, I had to do that. The Devil made me do it :-).
--
Liverpool. European City Of Culture 2008
http://www.liverpool08.com
Bucky Breeder
news:TAHkk.28$8w4...@newsfe30.ams2:
> Bucky Breeder wrote:
>
>> The modem/router's NAT firewall will block rouge
>> packets from "coming in" to your machine from the WAN
>
> What about mascara or kohl or lipstick packets?
>
> Sorry, I had to do that. The Devil made me do it :-).
LOL! Well, the OP insolently claimed to not be
"on an LAN" because he only had his one computer
hooked-up to his modem-router... kinda tickled
the synapses.
The joke it reminds me of is : This guy walks into
a pub and tells the bar-keep "Look at what this
is I have in my hand!" The bar-keep says, "OK,
it looks like shit to me?" The guy indignantly
retorts, "Yeah - Well, I almost stepped in it
coming in through YOUR door!"
--
I *am* Bucky Breeder, (*(^; , and *I* approved this message!
Aardvark
> Aardvark <aard...@youllnever.know> wrote in
> news:TAHkk.28$8w4...@newsfe30.ams2:
>
>> Bucky Breeder wrote:
>>
>>> The modem/router's NAT firewall will block rouge packets from "coming
>>> in" to your machine from the WAN
>>
>> What about mascara or kohl or lipstick packets?
>>
>> Sorry, I had to do that. The Devil made me do it :-).
>
> LOL! Well, the OP insolently claimed to not be "on an LAN" because he
> only had his one computer hooked-up to his modem-router... kinda
> tickled the synapses.
>
> The joke it reminds me of is : This guy walks into a pub and tells the
> bar-keep "Look at what this is I have in my hand!" The bar-keep says,
> "OK, it looks like shit to me?" The guy indignantly retorts, "Yeah -
> Well, I almost stepped in it coming in through YOUR door!"
I actually DID slip on a turd and fall over while entering a pub one
night years ago. It was a pretty rainy and dark night and I was in a
hurry to get out of the weather. The entrance-way to this particular grog-
shop consisted of a four foot square lobby with an outer and inner door,
and the floor was Yorkshire stone.
Luckily enough when I put my hand down to stop my sit-upon hitting the
deck, I found a relatively (for an entrance-way) clean area of tile,
stopping myself before I got a shit streak up the leg of my jeans . I
mentioned the incident when I got to the bar and a bunch of the guys
there broke into gales of laughter. It turned out that some guy had been
refused service a short while earlier and had said to the guys that he
was going to leave, but not before he'd had a shit in the doorway. They
had laughed, assuming he was joking.
It seems that he wasn't. :-)
Bucky Breeder
news:6LNkk.132055$7O1....@newsfe12.ams2:
Bucky Breeder wrote:
It seems that you might have called the concierge
to bring you a nice warm robe whilst they cleaned
your pants for you? Perhaps even the masseuse?
If that happened in Denver the "victim" probably
would have claimed a back-injury and collected at
least a few-hundred dollars... and some coupons
for free beers.
Aardvark
It was a fucking rough stinking pub, mate, not the fucking Ritz!
> If that happened in Denver the "victim" probably would have claimed a
> back-injury and collected at least a few-hundred dollars... and some
> coupons for free beers.
In an English pub that'd be frowned on. It's merely more fodder for funny
anecdotes to tell people in pubs in the future :-)
Bucky Breeder
news:_Q2lk.37138$x66....@newsfe25.ams2:
> On Sat, 02 Aug 2008 14:47:12 +0000, Bucky Breeder wrote:
>
>> If that happened in Denver the "victim" probably would have claimed a
>> back-injury and collected at least a few-hundred dollars... and some
>> coupons for free beers.
>
> It was a fucking rough stinking pub, mate, not the fucking Ritz!
>
> In an English pub that'd be frowned on. It's merely more fodder
> for funny anecdotes to tell people in pubs in the future :-)
I shuda said "a couple rolls of nickels" instead of
"a few-hundred dollars" - I previously left your sig for a segue.
*Now* I am truly enlightened what "Culture" means in Liverpool...
LOL! I was waiting for an appointment in an upscale Denver
lounge a couple of years ago the same night it happened that
Reba McIntyre was playing the Denver Coliseum just right up
the street... Some couples ostensibly from Atlanta, GA USA
came over and asked sort of snooty-down-at me "We're from
Atlanta, [like *that's* a cultural-megalith] don't you people
have any culture in this town?" I put-on my best cowboy voice
and says to them all wide-eyed and enthusiatic-like "Why heck
yeash, guys - we got Reba playing right down the street, but
I think she's all sold out, so do you want me to find your
ladyships and lords a ticket scalper?"
They just looked like they really didn't believe it and left.
Sort of frumped and humphhed out the door, in step, asses
wagging in synch...
Bartender and some regulars just busted out laughing...
I'm all like "Find me a job-application for tour-guide?"
Whush they hadn't left, 'cause the rodeo was a-comin' the
next week - and that's some real 'Culture Americana'!
Sydney Gondomer
ram 2.53 GH. Not the Vista machine which I also ran hijack this on and
eleted some things which were red "X" now my Firefox loads slow if at
al and the maching acts squirelly.
I'm doing the first restore on it right now back to 7/30/2008.
Aardvark
>>> If that happened in Denver the "victim" probably would have claimed a
>>> back-injury and collected at least a few-hundred dollars... and some
>>> coupons for free beers.
>>
>> It was a fucking rough stinking pub, mate, not the fucking Ritz!
>>
>> In an English pub that'd be frowned on. It's merely more fodder for
>> funny anecdotes to tell people in pubs in the future
>
> I shuda said "a couple rolls of nickels" instead of "a few-hundred
> dollars" - I previously left your sig for a segue.
>
I didn't notice at the time, but the irony certainly isn't lost on me now
that you've pointed out your deliberate mistake :-)
> *Now* I am truly enlightened what "Culture" means in Liverpool...
>
One of the greatest cultural revolutions in the western world of the last
half-century was born in Matthew Street, Liverpool- Google that, and
while you're at it Google 'Scouse humour'. It'll give you some idea why I
love the place, being somewhat of an adopted son. I'm Irish, although
it's said that Scousers are merely Paddy's who could swim :-)
> LOL! I was waiting for an appointment in an upscale Denver lounge a
> couple of years ago the same night it happened that Reba McIntyre was
> playing the Denver Coliseum just right up the street... Some couples
> ostensibly from Atlanta, GA USA came over and asked sort of
> snooty-down-at me "We're from Atlanta, [like *that's* a
> cultural-megalith] don't you people have any culture in this town?" I
> put-on my best cowboy voice and says to them all wide-eyed and
> enthusiatic-like "Why heck yeash, guys - we got Reba playing right down
> the street, but I think she's all sold out, so do you want me to find
> your ladyships and lords a ticket scalper?"
>
> They just looked like they really didn't believe it and left. Sort of
> frumped and humphhed out the door, in step, asses wagging in synch...
>
> Bartender and some regulars just busted out laughing... I'm all like
> "Find me a job-application for tour-guide?"
>
> Whush they hadn't left, 'cause the rodeo was a-comin' the next week -
> and that's some real 'Culture Americana'!
It's great taking snooty fuckers like that down a peg or two.
The name Reba McIntyre meant nothing to me until I read your post. Now I
know more about her than I ever wanted to know (which knowledge consists
entirely of the fact that she's a C n' W singerette). Country and Western
is my least favourite genre of music by a long way- the songs all seem to
be about dead dogs and divorces :-) Hip-hop, Rap, R n' B and music of
that type appeals to me most at the moment, despite my age.
My sig unashamedly and unapologetically remains as follows: