Need recommendations: router and software firewall.

#1 (**permalink**) 09-30-2005, 11:31 PM

I want to buy a new router to replace my Belkin one.
I'd like some recommendations.

ALSO.. from a previous post... I understand that a 'Personal Firewall'
though better than nothing is not not really effective.
What would be recommended in its place?

The main reason why I'm buying a new router is because my Belkin router
is giving me trouble getting VOIP working on it. So, in both the above
purchases, I need to keep this need in mind.

Thanks.

OM

#2 (**permalink**) 09-30-2005, 11:56 PM

om.newsgroup@gmail.com writes:
> I want to buy a new router to replace my Belkin one.
> I'd like some recommendations.
>
> ALSO.. from a previous post... I understand that a 'Personal Firewall'
> though better than nothing is not not really effective.
> What would be recommended in its place?
>
> The main reason why I'm buying a new router is because my Belkin router
> is giving me trouble getting VOIP working on it. So, in both the above
> purchases, I need to keep this need in mind.

I've recently seen an ad for a router that prioritized VOIP traffic
higher than data to provide supposedly better voip quality.

http://www.hawkingtech.com/products/...=80&ProdID=233

If VOIP is your driver for the new purchase, it might be worth
investigating. Hard to say if it'll solve your issue or not.

Best Regards,
--
Todd H.
http://www.toddh.net/

#3 (**permalink**) 10-01-2005, 10:42 AM

I would still recommend to get a software "firewall" for the outgoing
direction, try AppWall here www.electronicscomputing.com

info,
(you can contact me on the site)

<om.newsgroup@gmail.com> wrote in message
news:1128123093.631120.235170@g14g2000cwa.googlegr oups.com...
>I want to buy a new router to replace my Belkin one.
> I'd like some recommendations.
>
> ALSO.. from a previous post... I understand that a 'Personal Firewall'
> though better than nothing is not not really effective.
> What would be recommended in its place?
>
> The main reason why I'm buying a new router is because my Belkin router
> is giving me trouble getting VOIP working on it. So, in both the above
> purchases, I need to keep this need in mind.
>
> Thanks.
>
>
> OM
>

#4 (**permalink**) 10-02-2005, 08:23 AM

info wrote:
> I would still recommend to get a software "firewall" for the outgoing
> direction

You know, that controlling outgoing traffic does not work at all with any
"Personal Firewall"?

Yours,
VB.
--
MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
einer Atombome. (MAC filtering is protecting against "hackers" like newsprint
is protecting against a nuclear bomb)
- Christian Forler in de.comp.security.misc

#5 (**permalink**) 10-02-2005, 11:36 AM

Why not try AppWall and see what you think?

"Volker Birk" <bumens@dingens.org> wrote in message
news:433f98f2@news.uni-ulm.de...
> info wrote:
>> I would still recommend to get a software "firewall" for the outgoing
>> direction
>
> You know, that controlling outgoing traffic does not work at all with any
> "Personal Firewall"?
>
> Yours,
> VB.
> --
> MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
> einer Atombome. (MAC filtering is protecting against "hackers" like
> newsprint
> is protecting against a nuclear bomb)
> - Christian Forler in de.comp.security.misc

#6 (**permalink**) 10-02-2005, 05:49 PM

info wrote:
> > You know, that controlling outgoing traffic does not work at all with any
> > "Personal Firewall"?
> Why not try AppWall and see what you think?

The reason, why I'm not too interested in doing this, is:

It's theoretically impossible to prevent tunneling without losing
connectivity. So it's not possible, even not in theory.

I was asked some months ago to offer a proof for this claim. This was
before I saw my very first "Personal Firewall", BTW.

Then I hacked these 27 lines of code into an editor, and asked people
in de.comp.security.misc, which "Personal Firewall" can stop this:

http://www.dingens.org/breakout.c

_NONE_ was capable to stop it. And this was even the easiest way I came
up with, because I did not want to spend too much time into a POC for a
problem, which is not solvable already in theory.

In the meantime, we at the Chaos Computer Club, ERFA Ulm together with
Chaostreff Bad Waldsee were testing "Personal Firewalls". In fact, we
tested:

* Kerio Personal Firewall 4.1.2
* Norman Personal Firewall 1.42
* Agnitum Outpost Firewall Pro 2.5
* Sygate Personal Firewall Pro 5.5
* Tiny Firewall 6.0
* Zone Labs ZoneAlarm Pro 5.5
* Symantec Norton Personal Firewall 2005

_NONE_ of them was capable to stop it.

This POC you can use for writing attack code. This was proofed by Alexander
Bernauer, who wrote a remote shell using this technics, the wwwsh:

http://copton.net/vortraege/pfw/wwwsh.tar.bz2

It implements a remote control software (sometimes misleadingly called
"Trojan"). Because Alex does not want to harm anybody, this software is
showing what's going on while running. For sparing time he only coded for
Internet Explorer, but my POC also is available for Mozilla Firefox to show,
that this is not an Internet Explorer problem.

And even if in the future a "Personal Firewall" will be able to stop this,
this will be useless, because there are so many possibilities to implement
some tunneling, that it is vain endeavor to work on it.

But, yes, please tell me, if this works with AppWall, or if I have to
offer a second option for tunneling. Why not?

To easily test, you could use:

http://www.dingens.org/breakout-en.c (English version,
Internet Explorer)
http://www.dingens.org/breakout-en.exe (precompiled binary)

http://www.dingens.org/breakout-mozilla-firefox.c (Firefox version)

http://www.dingens.org/breakout-mozilla-firefox.exe (precompiled binary)

http://www.dingens.org/breakout-fuer-geistig-arme.c (auto-starts
Internet Explorer)
http://www.dingens.org/breakout-fuer-geistig-arme.exe (precompiled binary)

Yours,
VB.
--
MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
einer Atombome. (MAC filtering is protecting against "hackers" like newsprint
is protecting against a nuclear bomb)
- Christian Forler in de.comp.security.misc

#7 (**permalink**) 10-02-2005, 05:56 PM

Leythos <void@nowhere.lan> wrote:
> > You know, that controlling outgoing traffic does not work at all with any
> > "Personal Firewall"?
> To make that statement you have got to be in Troll Mode - it's complete
> BS to suggest that a PFW doesn't block/control outbound traffic from a
> node.

And you're ignoring, that I'm offering the _PROOF_ for my claims.
This seems to be a concept you're not very familiar with, though,
I'm even missing _any_ argument for your claims here yet.

Anyway, you could find the proof-of-concept for my statement here:

http://www.dingens.org/breakout-en.c

This is a small program, which "phones home" in spite of any "Personal
Firewall" I saw so far, including:

* Kerio Personal Firewall 4.1.2
* Norman Personal Firewall 1.42
* Agnitum Outpost Firewall Pro 2.5
* Sygate Personal Firewall Pro 5.5
* Tiny Firewall 6.0
* Zone Labs ZoneAlarm Pro 5.5
* Symantec Norton Personal Firewall 2005

A precompiled binary you're getting here:

http://www.dingens.org/breakout-en.exe

But of course, you will ignore this again, like everytime, won't you?
Perhaps you are a troll, or is your ignorance something like a disease?

Yours,
VB.
--
MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
einer Atombome. (MAC filtering is protecting against "hackers" like newsprint
is protecting against a nuclear bomb)
- Christian Forler in de.comp.security.misc

#8 (**permalink**) 10-02-2005, 07:57 PM

hi Volker, your samples are very interesting. On the positive side it may
be possible for unti-virus software to catch these things, we can call
such tunneling a virus couldn't we?

"Volker Birk" <bumens@dingens.org> wrote in message
news:43401dae@news.uni-ulm.de...
> info wrote:
>> > You know, that controlling outgoing traffic does not work at all with
>> > any
>> > "Personal Firewall"?
>> Why not try AppWall and see what you think?
>
> The reason, why I'm not too interested in doing this, is:
>
> It's theoretically impossible to prevent tunneling without losing
> connectivity. So it's not possible, even not in theory.
>
> I was asked some months ago to offer a proof for this claim. This was
> before I saw my very first "Personal Firewall", BTW.
>
> Then I hacked these 27 lines of code into an editor, and asked people
> in de.comp.security.misc, which "Personal Firewall" can stop this:
>
> http://www.dingens.org/breakout.c
>
> _NONE_ was capable to stop it. And this was even the easiest way I came
> up with, because I did not want to spend too much time into a POC for a
> problem, which is not solvable already in theory.
>
> In the meantime, we at the Chaos Computer Club, ERFA Ulm together with
> Chaostreff Bad Waldsee were testing "Personal Firewalls". In fact, we
> tested:
>
> * Kerio Personal Firewall 4.1.2
> * Norman Personal Firewall 1.42
> * Agnitum Outpost Firewall Pro 2.5
> * Sygate Personal Firewall Pro 5.5
> * Tiny Firewall 6.0
> * Zone Labs ZoneAlarm Pro 5.5
> * Symantec Norton Personal Firewall 2005
>
> _NONE_ of them was capable to stop it.
>
> This POC you can use for writing attack code. This was proofed by
> Alexander
> Bernauer, who wrote a remote shell using this technics, the wwwsh:
>
> http://copton.net/vortraege/pfw/wwwsh.tar.bz2
>
> It implements a remote control software (sometimes misleadingly called
> "Trojan"). Because Alex does not want to harm anybody, this software is
> showing what's going on while running. For sparing time he only coded for
> Internet Explorer, but my POC also is available for Mozilla Firefox to
> show,
> that this is not an Internet Explorer problem.
>
> And even if in the future a "Personal Firewall" will be able to stop this,
> this will be useless, because there are so many possibilities to implement
> some tunneling, that it is vain endeavor to work on it.
>
> But, yes, please tell me, if this works with AppWall, or if I have to
> offer a second option for tunneling. Why not?
>
> To easily test, you could use:
>
> http://www.dingens.org/breakout-en.c (English version,
> Internet Explorer)
> http://www.dingens.org/breakout-en.exe (precompiled binary)
>
> http://www.dingens.org/breakout-mozilla-firefox.c (Firefox version)
>
> http://www.dingens.org/breakout-mozilla-firefox.exe (precompiled binary)
>
> http://www.dingens.org/breakout-fuer-geistig-arme.c (auto-starts
> Internet Explorer)
> http://www.dingens.org/breakout-fuer-geistig-arme.exe (precompiled binary)
>
> Yours,
> VB.
> --
> MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
> einer Atombome. (MAC filtering is protecting against "hackers" like
> newsprint
> is protecting against a nuclear bomb)
> - Christian Forler in de.comp.security.misc

#9 (**permalink**) 10-03-2005, 07:48 AM

info wrote:
> hi Volker, your samples are very interesting. On the positive side it may
> be possible for unti-virus software to catch these things, we can call
> such tunneling a virus couldn't we?

We could call a software "malware", which works like this POC code, and
if this software program is spreading itself, we could call it "virus".

After it is not new any more but well-known to an anti-virus software,
it can be detected. This is true for every virus.

Yours,
VB.
--
MAC-Filtering bringt so viel Schutz vor "Hackern" wie Zeitungspapier vor
einer Atombome. (MAC filtering is protecting against "hackers" like newsprint
is protecting against a nuclear bomb)
- Christian Forler in de.comp.security.misc