Gaming Just got a WiFi Router with built in Firewall

[CannonFoddr]

OK - Just joined the WiFi brigade & brought a Belkin F6D4230-4 (v1) Cable Router
I have my PC connected via cable, & have my Wii/DSi and mobile connecting via WiFi - there's no problem with those

Since the router has a built in Firewall - I got rid of my software one (Comodo Firewall), but just to check how good it is I visted PCFlank to test my PC security
(I also tried Symantec's security & 'shields-up' as well - which it passed on both of those just fine)

Now I've tried all the tests & passed most, except for 'Browser Test' and 'Quick test'

I'm not too concern about the 'Browser test' too much (it's really only 'Cookie' and 'Refferer' - & these can be 'fixed' with Firefox plugins etc),
but on the 'Quick Test' I've got a warnings for 'visible port(s) on your system:' (I've ran the test a few times & sometimes only 1 port show up while other times it's up to 4 ports that are 'visible')

Now my question is - HOW do I tell the Belkin firewall to hide/block the ports mentioned ??

I'm guessing it something to do with Belkin Router Setup Utility > Firewall > Client IP Filters , but although I've added

• IP: xxx.xxx.xxx.x ~ x
  Port: xxx ~ xxx
  type: 'Both'
  Block time: 'Block'
  Day: SUN / SUN
  Time: 12:00 / 12:00
  Enable: 'ticked'

It still fails the PCFlank test, so I'm guessing I must be doing something wrong

Can any1 help ??

 

[Lee79]

Time: 12:00 / 12:00 could be wrong if it is 24hr time it would be 12:00 / 00:00?

 

[Am0s]

well if a port is open or closed then it would fail the security test, the port has to non respondent same with ping then it would pass the test. router firewalls are great go into the router and goto security and then firewall settings, I use shields up as that tests the most active ports the first 1024 ports or something like that, or you are running a service like a FTP server or a mail server etc then those ports 21 (ftp) 110 and 25 (mail) will either be open or closed so then something like shields up or whatever you use would fail the test.

best to check what port numbers are visible whether they are open or closed and then find out what programs use those ports, you never know you might have some port forwarding setup or something.

I hope this helps

 

[Rydian]

We need to know the ports.

EDIT: And yes, if you have any ports forwarded in order to act as a server, then that's an open port, and it will be reactive as long as you have something on that port answering connections (like a game, filesharing program, some server, whatever).

 

[Lodis]

There is a reason why people still used software based firewalls even after purchasing a hardware based solution i.e a router. Routers do not have outbound protection so any malware that has some how got in, will be able to get out. The software firewall will be able to stealth your open / in use ports but the Router will show them. I suggest you reinstall Comodo firewall.

 

[Rydian]

There is a reason why people still used software based firewalls even after purchasing a hardware based solution i.e a router. Routers do not have outbound protection so any malware that has some how got in, will be able to get out.If you already have an infection then what's the point? Your security already failed if the infection is in your machine.
You need to remove the infection, not just tie it's hands.

QUOTE(Lodis @ Jul 20 2010, 09:10 PM) The software firewall will be able to stealth your open / in use ports but the Router will show them. I suggest you reinstall Comodo firewall.

Many routers have the option to not respond to pings.

When an infection is in one of the first things it'll do is disable the firewall anyways. I see no point in a software firewall for a home user whatsoever as long as there's hardware NAT.

If you're targeted by an actual hacker with skills it's useful, but if an actual hacker targets you you have a fuckton more to worry about!

 

[CannonFoddr]

Time: 12:00 / 12:00 could be wrong if it is 24hr time it would be 12:00 / 00:00?what only block the ports for 1/2 a day ????
Sorry forgot to mention that both are 12:00 PM - & I can only change the hours in 1hr increments - so can't have anything like '12:00AM to 11:59PM'
QUOTE(Rydian @ Jul 20 2010, 10:24 PM) We need to know the ports...if you have any ports forwarded in order to act as a server

Didn't supply the ports as I thought that would give hackers the info to actual hack - but if you REALLY need them .... they range between 135~138
and I don't use the PC as a Server (well I don't THINK so) - just to browse the internet, play the occasional On-line shooter, download the occasional *cough* DS backup *cough*

@ lodis: I know about the 'only block incoming attacks' info, (didn't think it actually referred to routers - but still nice to know), but USUALLY the only way to get infected is IF you download & install (intentionally OR unintentionally) malware/Viruses

However since I have Avast installed & that has numerous scanners to check files coming from various sources (FTP/Email etc), & since I also usually virus scan files I download using both this AND sometimes an Online scanner - it usually catches any dodgy software before it gets a chance to install - & I NEVER accept 'installation of browser Toolbars' either - if a program ask that, I don't install it

 

[Rydian]

If you can see anybody's signature or avatar they can easily get your IP, and they can just do a portscan on it to find any open ports. Any shit you hear about hacking/tracking IP addresses is from little kids and guys that watch too much CSI, whatever they say is bullshit. That stuff on TV and in movies is not how it actually works. Think about it, when they're building a bomb they don't show you the actual materials and process for doing it, do they?

Anyways. http://www.petri.co.il/disable_netbios_in_w2k_xp_2003.htm
Disable NetBIOS like it says, then restart, and see if those ports stop showing up as open.

 

[Lodis]

There is a reason why people still used software based firewalls even after purchasing a hardware based solution i.e a router. Routers do not have outbound protection so any malware that has some how got in, will be able to get out.If you already have an infection then what's the point? Your security already failed if the infection is in your machine.
You need to remove the infection, not just tie it's hands.

QUOTE(Lodis @ Jul 20 2010, 09:10 PM) The software firewall will be able to stealth your open / in use ports but the Router will show them. I suggest you reinstall Comodo firewall.

Many routers have the option to not respond to pings.

When an infection is in one of the first things it'll do is disable the firewall anyways. I see no point in a software firewall for a home user whatsoever as long as there's hardware NAT.

If you're targeted by an actual hacker with skills it's useful, but if an actual hacker targets you you have a fuckton more to worry about!

The more layered your security is the better. If your antivirus fails and something that got in is trying to phone home, your router will NOT alert you to that threat. Your security may have failed but does this mean that you should just let the malware send data out anyway?

Going by your opinion of seeing no point in a software firewall for a home user whatsoever as long as there is a hardware NAT just leaves you with one less layer of defense.

As for malware disabling your firewall, that is the whole point of a layered security solution instead of just relying on 1 or 2 hardware or software. In a case such as the above, you would have other security software that monitors process activity preventing your security programs from actually being disabled in the first place. For example process guards, Registery protectors or generic behavior monitors that do not rely on any signatures.

Relying on Antivirus and a Router alone is a bad idea since you have no protection from 0 day malware with the vast majority of Antivirus programs (apart from the ones that use sandbox techniques) and the Router leaves you with no outbound protection.

A software firewall also gives you easy real time control over all of your current programs. Just because your browser is trusted, you might not want it to go to a certain IP address or you might want to temporarily prevent another program from downloading an update. There may be other scenarios where the control of individual programs outbound activity will be useful in real time.

 

[CannonFoddr]

Anyways. http://www.petri.co.il/disable_netbios_in_w2k_xp_2003.htm
Disable NetBIOS like it says, then restart, and see if those ports stop showing up as open.

Well I thought I'd already done that - but checked again to be sure....
...Yep I did, & those ports still crop up in PCFlank 'Quick test' - Weird

Anyway - I'm gonna take the risk of no software Firewall (I always have a 'recent' Drive image backup just in case anything DOES go wrong), & since other test show they are blocked - I'm guessing these are 'false positives' or something like that

My only other problem now is - I dug out an old laptop & a USB WiFi adapator to try & get those connected to the WiFi etc
(Laptop is a Acer travelmate 360, while the USB Adaptor is a SafeCom SWLUT-54125),
& despite losing the drivers for the USB (I did find some on the WWW btw) - I actually got it to connect to the Wifi (I know this 'cos it shows up in Belkins Access Log file) .... BUT - I can't get Internet access with either IE or Chrome, how weird is that ???

no matter what settings I try, I just can't get Internet access (& I've tried a LOT of so called fixes found on the net)

Guess that old laptop gonna go back to where I found it ......

 

[Rydian]

Lodis...
1 - If the infection is in your machine your security has failed.
2 - If a virus can disable your antivirus software, then it can disable your firewall (with potentially less effort, seeing as the firewall is hooked into less important things as networking is not critical to a computer running, whereas I/O functions are).