Prev: Trouble with Netgear FVS114 establishing VPN
Next: Adsl Connection stop responding when downloading torrents
From: Nicky on 28 Aug 2005 08:04
Hello,

Iam have an adsl 384/128 line with a Alcatel/Thomsons SpeedTouch 530
adsl//modem router.

I tried to search in my routers administatrive panel
http://10.0.0.138:80 for a logging capability just to see how the
packages flow from the internat to my router and from there to my only
lan pc 10.0.0.1 :-) but unfortunately i didn see an option in the my
routers web interface for that. Damn why?

a) So my first question is that if there is another way of seeing this
log file.
Maybe some software installed on 10.0.0.1 that will be the first app
that will grab the data immediately after my router forwars them to
10.0.0.1 and then give them to the requesetd app? Does such an app
exists(if what i say is possbile to be done)?

b) Second question what about the hardware firewall of my router? Why
dont see an option for that nowhere? Does Speedtouch 530 sucks? Can
sol;ution a) aplly here as well?

c) i replaced my routers external web interface on port 80 by creating
a port forwarding rule to redirects packets to my web server runnign on
10.0.0.1 so to avoid possible brute forcing attmeps to racks the pass
and that i would know nothing about since i have no log files! Was
that a clever thing to do?

d) Speedtouch 530 is an adsl router/modem.
So it combines 2 appliances into one.
Well if it was only a router and no modem then i would be needing an
extra appliance to play the modem role so to accept the incoming phone
line and then from there the data would be sent to my router and then
to 10.0.0.1?
This questuions sounds silly but until some day i though that my router
was also a hub/router and Moe told me that was only a router and hub
has to be a diff aplliance but i see that it play 2 roles again a modem
and a router.

So it goes like this?

net -> modem -> router -> hub -> lan hosts (3 aplliances here)

net -> modem/router -> hub -> lan hosts (2 aplliances here)

net -> modem/router/hub -> lan hosts (1 aplliance here and my case
since i have only 1 pc :-))

Just asking to amke sure i have the feeling of things.

Thanks for all the help you ll give me :-)

From: Duane Arnold on 28 Aug 2005 13:06
"Nicky" <hackeras(a)gmail.com> wrote in news:1125230689.539906.183340
@g44g2000cwa.googlegroups.com:

> Hello,
>
> Iam have an adsl 384/128 line with a Alcatel/Thomsons SpeedTouch 530
> adsl//modem router.
>
> I tried to search in my routers administatrive panel
> http://10.0.0.138:80 for a logging capability just to see how the
> packages flow from the internat to my router and from there to my only
> lan pc 10.0.0.1 :-) but unfortunately i didn see an option in the my
> routers web interface for that. Damn why?

Why don't you ask the manufacturer of the product as to why the
router/modem doesn't have logging, which is also part of the
functionality of a device that's running FW software that it logs
traffic.
>
> a) So my first question is that if there is another way of seeing this
> log file.
> Maybe some software installed on 10.0.0.1 that will be the first app
> that will grab the data immediately after my router forwars them to
> 10.0.0.1 and then give them to the requesetd app? Does such an app
> exists(if what i say is possbile to be done)?

The only way would be to find some 3 rd party firmware that provided it
and I doubt it.

>
> b) Second question what about the hardware firewall of my router? Why
> dont see an option for that nowhere? Does Speedtouch 530 sucks? Can
> sol;ution a) aplly here as well?

It's a good NAT router/modem unit I would suspect for home usage.

>
> c) i replaced my routers external web interface on port 80 by creating
> a port forwarding rule to redirects packets to my web server runnign on
> 10.0.0.1 so to avoid possible brute forcing attmeps to racks the pass
> and that i would know nothing about since i have no log files! Was
> that a clever thing to do?
>
> d) Speedtouch 530 is an adsl router/modem.
> So it combines 2 appliances into one.
> Well if it was only a router and no modem then i would be needing an
> extra appliance to play the modem role so to accept the incoming phone
> line and then from there the data would be sent to my router and then
> to 10.0.0.1?
> This questuions sounds silly but until some day i though that my router
> was also a hub/router and Moe told me that was only a router and hub
> has to be a diff aplliance but i see that it play 2 roles again a modem
> and a router.
>
> So it goes like this?
>
> net -> modem -> router -> hub -> lan hosts (3 aplliances here)
>
> net -> modem/router -> hub -> lan hosts (2 aplliances here)
>
> net -> modem/router/hub -> lan hosts (1 aplliance here and my case
> since i have only 1 pc :-))
>
> Just asking to amke sure i have the feeling of things.

If it were me and I was trying to protect a WEB server, then I would get
separate units a standalone adsl modem and a standalone packet filtering
FW router that does logging so I could see the inbound and outbound
traffic to/from the router, along with the ability to stop inbound and
outbound traffic by setting packet filtering rules by IP, port or
protocol.

What kind of Web server do you have and has the O/S, registry, file
system, user accounts, Web sever such as IIS etc, etc been configured for
security for a machine that is being exposed to the public Internet?
Otherwise, you have another Web server out there on the Internet that's
*hack* bait.

Duane :)




From: Nicky on 28 Aug 2005 16:02

Duane Arnold wrote:

> > a) So my first question is that if there is another way of seeing this
> > log file.
> > Maybe some software installed on 10.0.0.1 that will be the first app
> > that will grab the data immediately after my router forwars them to
> > 10.0.0.1 and then give them to the requesetd app? Does such an app
> > exists(if what i say is possbile to be done)?
>
> The only way would be to find some 3 rd party firmware that provided it
> and I doubt it.

Why my suggestion wouldnt work?!?

> >
> > b) Second question what about the hardware firewall of my router? Why
> > dont see an option for that nowhere? Does Speedtouch 530 sucks? Can
> > sol;ution a) aplly here as well?
>
> It's a good NAT router/modem unit I would suspect for home usage.

Whats so good about it if i cant see an option to configure the
hardware firewall if it has any?

> If it were me and I was trying to protect a WEB server, then I would get
> separate units a standalone adsl modem and a standalone packet filtering
> FW router that does logging so I could see the inbound and outbound
> traffic to/from the router, along with the ability to stop inbound and
> outbound traffic by setting packet filtering rules by IP, port or
> protocol.

What router would you pick if it were you?
And also why would you seperate the modem form the router?
Whats wrong having them in 1 device as i have it now?
Does the packet filtering FW router only inspects the heders of a
packet or data as well?

> What kind of Web server do you have and has the O/S, registry, file
> system, user accounts, Web sever such as IIS etc, etc been configured for
> security for a machine that is being exposed to the public Internet?
> Otherwise, you have another Web server out there on the Internet that's
> *hack* bait.

Iam runnign Apache/v2.0.54 on XP SP2 and i also have Kasperksey
Anti-Hacker running on my localhost to monitor outbout connections
since NAT cant handle those and i dotn see any hardware firewall
present.

From: Duane Arnold on 28 Aug 2005 19:58
"Nicky" <hackeras(a)gmail.com> wrote in
news:1125258600.402257.130300(a)f14g2000cwb.googlegroups.com:

>
> Duane Arnold wrote:
>
>> > a) So my first question is that if there is another way of seeing
>> > this log file.
>> > Maybe some software installed on 10.0.0.1 that will be the first
>> > app
>> > that will grab the data immediately after my router forwars them to
>> > 10.0.0.1 and then give them to the requesetd app? Does such an app
>> > exists(if what i say is possbile to be done)?
>>
>> The only way would be to find some 3 rd party firmware that provided
>> it and I doubt it.
>
> Why my suggestion wouldnt work?!?

Because the firmware (software) that is installed in the router must have
the *syslog* functionality, you cannot make the firmware do the logging if
it doesn't have the functionality incorporated it. At best, you could find
some 3rd party firmware that does syslogging for the SpeedTouch and flash,
install it, the router and use that firmware. But the fact that it's a
router/modem and a SpeedTouch (not a popular brand), I doubt that you're
going to find any 3rd party firmware that will work with your SpeedTouch.

Yes, you would broadcast the router's syslog to a machine that had
something like Wallwatcher installed so you can view the logs in real time,
but the router's firmware must have the syslog functionality and the
logviwer must be able to work with the syslog from the device.

http://www.sonic.net/wallwatcher/#Routers

There is Kiwi Syslog Daemon too but the (free) version doesn't have log
viewing abilities like the paid for version that can dump the logs to a
database like MS Access, SQL Server or others and review the logs with a
report viewer like Crystal Reports.

http://www.notepage.net/kiwi-syslog/kiwi-syslog.htm

>
>> >
>> > b) Second question what about the hardware firewall of my router?
>> > Why dont see an option for that nowhere? Does Speedtouch 530 sucks?
>> > Can sol;ution a) aplly here as well?
>>
>> It's a good NAT router/modem unit I would suspect for home usage.
>
> Whats so good about it if i cant see an option to configure the
> hardware firewall if it has any?

It's good for the average home user with average usage of the device that
is not doing high risk things like "port forwarding* and in that case, the
NAT router on that port is not inspecting anything particularly if it is
not using SPI, which I don't think your SeedTouch router/modem even has
SPI. Does it have SPI in the firmware?

>
>> If it were me and I was trying to protect a WEB server, then I would
>> get separate units a standalone adsl modem and a standalone packet
>> filtering FW router that does logging so I could see the inbound and
>> outbound traffic to/from the router, along with the ability to stop
>> inbound and outbound traffic by setting packet filtering rules by IP,
>> port or protocol.
>
> What router would you pick if it were you?

I am not going to advise you on that one but you can look at Netgear,
Linksys, maybe Dlink (the high-end) models or low-end FW appliances like
Watchguard, Sonicwall etc, etc. And you can get devices that are
refurbished/used where you don't have to pay an arm and a leg. There are
other models out there besides what I have mentioned that are good too. But
I don't know the names off and but have seen others mention them -- the
routers.

> And also why would you seperate the modem form the router?

The ones I have seen are a PITA to configure when taking them out of their
default setup, especially on the router part. And the ones I have seen
don't have the security fuctionality that you would get in a standalone
device that I have seen, like content or Web blocking etc.

> Whats wrong having them in 1 device as i have it now?

There is nothing wrong with it for average home usage.

> Does the packet filtering FW router only inspects the heders of a
> packet or data as well?

The best I am going to do for you is provide two links *read* them. :)

http://www.vicomsoft.com/knowledge/reference/firewalls1.html
http://www.more.net/technical/netserv/tcpip/firewalls/

>
>> What kind of Web server do you have and has the O/S, registry, file
>> system, user accounts, Web sever such as IIS etc, etc been configured
>> for security for a machine that is being exposed to the public
>> Internet? Otherwise, you have another Web server out there on the
>> Internet that's *hack* bait.
>
> I am runnign Apache/v2.0.54 on XP SP2.

There are certain things one must do to secure the Windows O/S that has a
Web server exposed to the public Internet even if it running Apache. The
information is out there on Google or dogpile.com on the how(s) for Windows
XP pro if you search for it. There may be some documantation on how to
secure Appache running on the Windows platform

The link is a single example of what should do for a single XP pro machine
that has a direct connection to the Internet not behind a router let alone
it having a Web server running that is being exposed to the Internet.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

The link above talks about IPsec.

http://www.analogx.com/contents/articles/ipsec.htm
http://support.microsoft.com/?id=813878
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

Services need to be shutdown and O/S configuration must take place properly
to expose any MS Windows NT based O/S to the Internet running any kind of
Web server and if you have not done it, it's just *hack* bait. And there a
more than a few things that must be done to the O/S and you should find it.

> and i also have Kasperksey
> Anti-Hacker running on my localhost to monitor outbout connections
> since NAT cant handle those and i dotn see any hardware firewall
> present.

It's sanke oil.


I don't think you have done your homework on a machine that's running the
NT based O/S that's being exposed to the Internet and it's just *hack* bait
or a jumping off point to attack other machines on the Internet. And most
home user don't know how and just throw it up and put it out there.

Duane :)

 | 
Pages: 1
Prev: Trouble with Netgear FVS114 establishing VPN
Next: Adsl Connection stop responding when downloading torrents