Calendar of Updates

Updates => Updates Talk => Topic started by: hayc59 on September 02, 2016, 01:58:13 am

Title: Do you need a firewall if you have a router?
Post by: hayc59 on September 02, 2016, 01:58:13 am
Just something I have heard that a router will protect as good or better
true or false..thank you
Title: Re: Do you need a firewall if you have a router?
Post by: Hardhead on September 02, 2016, 02:39:26 am
Yes it's a good idea to to have both Gordon. Yes I know several people that use just a router but you really need to be good at what you doing. Run both Gordon. 
Title: Re: Do you need a firewall if you have a router?
Post by: hewee on September 02, 2016, 09:15:53 am
I would say both is best.

Test out what happens both ways and together at ShieldsUP!
https://www.grc.com/x/ne.dll?bh0bkyd2

Title: Re: Do you need a firewall if you have a router?
Post by: mark5019 on September 02, 2016, 02:04:14 pm
i run both
Title: Re: Do you need a firewall if you have a router?
Post by: hayc59 on September 02, 2016, 04:30:46 pm
hewee thanks not bad news :)
Title: Re: Do you need a firewall if you have a router?
Post by: hewee on September 02, 2016, 05:29:57 pm
I got the same on that test hayc59.

But scanning all ports I get this. You need a good firewall to block the pings

Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .

Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)

Ping Reply: RECEIVED (FAILED)Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

GRC Port Authority Report created on UTC: 2016-09-02 at 16:14:30

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.
Title: Re: Do you need a firewall if you have a router?
Post by: hayc59 on September 02, 2016, 06:44:18 pm
I did not see that part..will try again
Title: Re: Do you need a firewall if you have a router?
Post by: mark5019 on September 02, 2016, 07:40:13 pm
Quote from: hewee on September 02, 2016, 05:29:57 pm
I got the same on that test hayc59.

But scanning all ports I get this. You need a good firewall to block the pings

Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .

Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)

Ping Reply: RECEIVED (FAILED)Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

GRC Port Authority Report created on UTC: 2016-09-02 at 16:14:30

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.



mine passed
Title: Re: Do you need a firewall if you have a router?
Post by: hayc59 on September 02, 2016, 11:49:51 pm
all passed four times I did this through out the day :)
no firewall...

Quote
GRC Port Authority Report created on UTC: 2016-09-02 at 22:48:01

Results from scan of ports: 0-1055
    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth

---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
NO unsolicited packets were received,
NO Ping reply (ICMP Echo) was received.
Title: Re: Do you need a firewall if you have a router?
Post by: hewee on September 03, 2016, 12:25:44 am
I do not know how to stop the PING REPLY (ICMP Echo) but wish I could. The old 4.x of Zone Alarm Pro I loved and it stopped everything.

On this PC I had the port 113 trouble.

Run scan on all ports to get info on port 133 and look here. https://www.grc.com/port_113.htm
I think I went into the router and made setting change that blocked it.

Wonder if you can still use the old Zone Alarm Pro 4.x on XP Pro. I ran it for years and did not pay after first year to get updates and I like how I could deal with program rights and block what came in or went out on the computer. They used to be really good but new owners made it go downhill. Then Online Armor was really nice but they made changes too and sold program. I won that program and ran a version for year as the Pro version because it had a bug. Bug was it did not change to the free version after year was up. I later got another free version of the program but after year ran out with new owner Emsisoft Anti-Malware + Firewall was the newer software and XP could not run it.

I hate to lose a great program. But XP Pro my time will come so things will end for this computer.
Title: Re: Do you need a firewall if you have a router?
Post by: Hardhead on September 03, 2016, 04:06:04 am
Quote from: hayc59 on September 02, 2016, 11:49:51 pm
all passed four times I did this through out the day :)
no firewall...

Quote
GRC Port Authority Report created on UTC: 2016-09-02 at 22:48:01

Results from scan of ports: 0-1055
    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth

---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
NO unsolicited packets were received,
NO Ping reply (ICMP Echo) was received.

Here's two more test to run.
https://www.grc.com/dns/dns.htm (https://www.grc.com/dns/dns.htm) DNS Nameserver Spoofability Test
https://www.grc.com/dns/crashtest.htm (https://www.grc.com/dns/crashtest.htm) Router Crash Test
Title: Re: Do you need a firewall if you have a router?
Post by: hayc59 on September 03, 2016, 07:58:20 am
Tim like I want to blow my router up...thank though :)
Title: Re: Do you need a firewall if you have a router?
Post by: Hardhead on September 04, 2016, 04:42:44 am
Quote from: hayc59 on September 03, 2016, 07:58:20 am
Tim like I want to blow my router up...thank though :)
It want blow up your router but if it crashes there is reason behind the crash which could result in the development for a new firmware update. ;)
Title: Re: Do you need a firewall if you have a router?
Post by: Hardhead on September 04, 2016, 04:50:57 am
I do not know how to stop the PING REPLY (ICMP Echo) but wish I could. The old 4.x of Zone Alarm Pro I loved and it stopped everything.

On this PC I had the port 113 trouble.

Run scan on all ports to get info on port 133 and look here. https://www.grc.com/port_113.htm
I think I went into the router and made setting change that blocked it.

Wonder if you can still use the old Zone Alarm Pro 4.x on XP Pro. I ran it for years and did not pay after first year to get updates and I like how I could deal with program rights and block what came in or went out on the computer. They used to be really good but new owners made it go downhill. Then Online Armor was really nice but they made changes too and sold program. I won that program and ran a version for year as the Pro version because it had a bug. Bug was it did not change to the free version after year was up. I later got another free version of the program but after year ran out with new owner Emsisoft Anti-Malware + Firewall was the newer software and XP could not run it.

I hate to lose a great program. But XP Pro my time will come so things will end for this computer.
I would go with another firewall that works with XP hewee and then do a search online "how to stop the PING REPLY (ICMP Echo)."

Not sure if that answers your question though. :-\
Title: Re: Do you need a firewall if you have a router?
Post by: hewee on September 04, 2016, 06:12:35 am
Quote from: Hardhead on September 03, 2016, 04:06:04 am
Quote from: hayc59 on September 02, 2016, 11:49:51 pm
all passed four times I did this through out the day :)
no firewall...

Quote
GRC Port Authority Report created on UTC: 2016-09-02 at 22:48:01

Results from scan of ports: 0-1055
    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth

---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
NO unsolicited packets were received,
NO Ping reply (ICMP Echo) was received.

Here's two more test to run.
https://www.grc.com/dns/dns.htm (https://www.grc.com/dns/dns.htm) DNS Nameserver Spoofability Test
https://www.grc.com/dns/crashtest.htm (https://www.grc.com/dns/crashtest.htm) Router Crash Test


Your Router Survived !!

DNS Nameserver Spoofability Test I got Good and Bad.  :-\
Title: Re: Do you need a firewall if you have a router?
Post by: hewee on September 04, 2016, 06:38:11 am
I do not know how to stop the PING REPLY (ICMP Echo) but wish I could. The old 4.x of Zone Alarm Pro I loved and it stopped everything.

On this PC I had the port 113 trouble.

Run scan on all ports to get info on port 133 and look here. https://www.grc.com/port_113.htm
I think I went into the router and made setting change that blocked it.

Wonder if you can still use the old Zone Alarm Pro 4.x on XP Pro. I ran it for years and did not pay after first year to get updates and I like how I could deal with program rights and block what came in or went out on the computer. They used to be really good but new owners made it go downhill. Then Online Armor was really nice but they made changes too and sold program. I won that program and ran a version for year as the Pro version because it had a bug. Bug was it did not change to the free version after year was up. I later got another free version of the program but after year ran out with new owner Emsisoft Anti-Malware + Firewall was the newer software and XP could not run it.

I hate to lose a great program. But XP Pro my time will come so things will end for this computer.
I would go with another firewall that works with XP hewee and then do a search online "how to stop the PING REPLY (ICMP Echo)."

Not sure if that answers your question though. :-\

Found this but nothing is checked to show I get pinged so don't know what is going on.
http://www.sysprobs.com/disable-ping-reply-enable-file-sharing-windows-xp
Title: Re: Do you need a firewall if you have a router?
Post by: techie on September 22, 2016, 05:08:45 pm
I would recheck your router settings. I don't know your specific router, but you should have a option for WAN Ping Blocking. Every router with a Nat firewall I have ever seen has this option somewhere. It may just reference block pings, etc. It's usually found under advance features of the routers firewall settings.

I always block or disallow UPNP and remote management if it is available.

I have always preferred both hardware (router) or standalone and software firewalls.

Always change the router password, username is optional (Usually Admin), but never leave it as just a factory default password.

P.S.  Make sure your router firmware is up to date as well. Always restart your a router after changes have been made, it sometimes requires unplugging and plugging back in..
Title: Re: Do you need a firewall if you have a router?
Post by: hewee on September 22, 2016, 10:36:58 pm
I got the xfinity TC8305C Technicolor Modem/Router

http://setuprouter.com/router/technicolor/tc8305c/login.htm

Under Firewall setting I am at the Minimum Security (Low) setting.

Quote

Firewall Security Level

    Maximum Security (High)

    LAN-to-WAN: Allow as per below.

        HTTP and HTTPS (TCP port 80, 443)
        DNS (TCP/UDP port 53)
        NTP(TCP port 119, 123)
        email (TCP port 25, 110, 143, 465, 587, 993, 995)
        VPN(GRE, UDP 500, TCP 1723)
        iTunes (TCP port 3689)

    WAN-to-LAN: Block all unrelated traffic and enable IDS.

    Typical Security (Medium)

    LAN-to-WAN: Allow all

    WAN-to-LAN: Block as per below and enable IDS.

        IDENT (port 113)
        ICMP request

        Peer-to-peer apps:
            kazaa - (TCP/UDP port 1214)
            bittorrent - (TCP port 6881-6999)
            gnutella- (TCP/UDP port 6346)
            vuze - (TCP port 49152-65534)

    Minimum Security (Low)

    Allow (LAN-to-WAN): all

    Blocked:
        IDS enabled
        IDENT (port 113)

    Custom Security

    LAN-to-WAN: Allow all.

    WAN-to-LAN: IDS enabled and block as per selections below.

    Block http (TCP port 80, 443)
    Block ICMP
    Block Multicast
    Block Peer-to-peer applications
    Block IDENT (port 113)
    Disable entire firewall

If I go to a higher setting it kills my phone. Got an Ooma Hub phone that workings over the internet.

 Maximum Security (High)
I call a number and they are all busy after long wait.
Incoming calls the phone will not ring but I can leave a message at Ooma for myself.
Ooma shows that I have a message. May of gone to message because it thinks I am online with the phone because it is not getting online right.

Typical Security (Medium)
Same trouble

Custom Security if used
 Block Peer-to-peer applications --- This seems to be what blocks the phone if checked.
What happen to the "IDS enabled" that was blocked under lower setting? What is IDS

So what is all safe to check under Custom?

Title: Re: Do you need a firewall if you have a router?
Post by: techie on September 23, 2016, 02:19:07 pm
You are being pinged constantly because of the the peer to peer file sharing services you are using. Turn them off or uninstall them and the pings will stop.

You can also look at the following, but if it works you wouldn't have to change it. It would probably work better if you did.

I was looking at what you are saying about your Ooma Hub phone. If I understand you are running the VOIP service behind your router. I have found that VOIP needs to be open, not behind a firewall. I don't particularly like to put anything in the DMZ zone, because it kind of defeats the purpose of the firewall. It's not that you would get hacked through your Ooma Hub phone, it's that you are saying I'm here. It's kind of like the ICMP ping you are talking about.

The Ooma Hub phone is a hub, which means it is designed to pass network traffic. I had to look at your VOIP hub and based on your setup it is incorrect. If you have a modem and router separate, then the hookup should be the Modem to Ooma Hub phone, then to router. This was how it was designed, to allow the VOIP to work without interference or behind a firewall. It gives it priority when you are using the phone.

Please take a look at the PDF manual for the Ooma Hub phone beginning on page 28 installation, installing the Ooma Hub.

http://www.ooma.com/sites/default/files/media/ooma_hub_1.pdf

It's not just going to be plug and play most likely. You will have to reconfigure the the router most likely. There is some topics on it at the Ooma forums.

http://www.ooma.com/forums/viewtopic.php?f=2&t=9906

There are some discussions on putting it into the DMZ zone,  in your router, on the VOIP forum. I would recommend you go with how it was designed and leave your firewall closed. I have setup VOIP behind a router firewall, but you would have know what ports to open to be triggers.

What IPS/IDS does look at this article. In order for  your firewall is enabled, then IDS probably has to be enabled. I can't say for sure but it looks as if you have a IDS only router.

http://www.internet-computer-security.com/Firewall/IPS.html

P.S.  this probably should have been in the Help and Discussion Forums



Title: Re: Do you need a firewall if you have a router?
Post by: hewee on September 23, 2016, 09:03:40 pm
Where do I look for the peer to peer file sharing services to turn off.

I know there are many ways to hook up Ooma. I used it a couple ways with a modem and a router. Now it is a modem/router together.
Still the HOME port on the Ooma has nothing plugged into it now a I guess that is what needs to go from there to PC. But this still has me after the modem/router.

Page 34 , 2 (optional) Plug the existing Ethernet cable into the port labeled HOME on the ooma Hub. is what I just changed to
Phone still works but still can not change Router firewall settings or it effects the phone but it is still behind the modem/router.

At the Ooma forums is getting over my head right now and I do not have the time to play around.

Now looking at the Modem/Router page or router setup page under Connected Devices > Devices it changed when I Plug the existing Ethernet cable into the port labeled HOME on the ooma Hub.

It shows Online Devices and Offline Devices but it now shows my computer and ooma as Offline Devices. But still all seems to act the same but it just says it is Offline when it is not.


Maybe they can move this post in the thread.
Title: Re: Do you need a firewall if you have a router?
Post by: techie on September 24, 2016, 12:18:11 am
If there running, they will probably be located in your task bar by the clock. Right click the icons and you should have the option to exit. This doesn't resolve the problem, it is just temporary. I really don't recommend p2p programs. Utorrrent I believe is set to automatically start with your computer, and the others may be as well.

I learned this from experience when one of daughters was running it and I couldn't figure why my router was being pinged constantly. It was uninstalled by me rather quickly.

You probably have an option in the programs, to disable starting when Windows start. You need to not have them in your Windows startup running every time the computer is turned on.

The real answer is not to use them, just uninstall them, but I don't tell people what they can and can't use. It's your choice.

Some of your pinging could be the VOIP service, don't know for sure.

With your single modem/router configuration, you pretty much have to be behind the router and it's firewall. Sorry I missed where you posted your modem/router model in the previous post.

Pretty much what you need to do and I have used VOIP with this is to setup a Port  forwarding on your router. This will allow your phone service to be outside of the the firewall and filter it to your Ooma hub. I would do this before putting in the DMZ setup.

6.1.2  Port forwarding Page 55

http://setuprouter.com/router/technicolor/tc8305c/manual-1246.pdf

You need to know the Ooma hubs ip address and which ports to unblock. That means going into the setup page for Ooma Hub and setting a (static) permanent ip. There telling you to set a static IP for the Ooma, a IP address that never changes. The UDP/TCP is going to be like starting 53 and ending at 30000. This allows the VOIP to run without the firewall interfering.

An example of a router is IP 192.168.0.1, than your sub IP addresses would be 192.168.0.2 to 192.168.0.100  This is where your computers wired or wireless connect to. You have to set the Ooma Hub to say for example to a static IP address 192.168.0.60 this means it will always connect at that IP address. I don't know what your IP addresses are specifically.

http://support.ooma.com/home/advanced-connections-and-service-ports

Run your computer directly to the router, not the Ooma hub if you use port forwarding.

It's not as complicated as may think, the settings have to match.



Title: Re: Do you need a firewall if you have a router?
Post by: hewee on September 26, 2016, 07:53:16 am
The use simple file sharing I unchecked. But other wise I do not have any sharing program or chat programs because I do not trust them.

I can see from the router page the Mac address for the Ooma and I can look at the Ooma setup page for more info.
http://support.ooma.com/home/accessing-your-device-settings.
Had page I seen the other day from Ooma that let me see the phone and setting I seen only that one time and now I can not fine it. Be something like the router setup page. Maybe I need to try again because it may be down now at night. This is not working http://setup.ooma.com

So will look again later.
Title: Re: Do you need a firewall if you have a router?
Post by: techie on September 27, 2016, 12:23:01 am
The use simple file sharing I unchecked. But other wise I do not have any sharing program or chat programs because I do not trust them.

I can see from the router page the Mac address for the Ooma and I can look at the Ooma setup page for more info.
http://support.ooma.com/home/accessing-your-device-settings.
Had page I seen the other day from Ooma that let me see the phone and setting I seen only that one time and now I can not fine it. Be something like the router setup page. Maybe I need to try again because it may be down now at night. This is not working http://setup.ooma.com

So will look again later.

The P2P may have been preconfigured or setup by your service provider.

I think you have to go directly from your computer to the home connection on the Ooma to see the internal settings.
Title: Re: Do you need a firewall if you have a router?
Post by: hewee on September 27, 2016, 04:55:18 am
I never installed any ISP or Comcast software so better not have P2P.
Or could that be the shared WiFi?

Ok maybe it was home connection on the Ooma to see the internal settings that was why I seen more.
Title: Re: Do you need a firewall if you have a router?
Post by: techie on September 27, 2016, 03:00:27 pm
I never installed any ISP or Comcast software so better not have P2P.
Or could that be the shared WiFi?

Ok maybe it was home connection on the Ooma to see the internal settings that was why I seen more.

It could be another user in the house on wifi or a recycled Comcast modem/router with it already on it when it was installed. 
Title: Re: Do you need a firewall if you have a router?
Post by: hewee on October 02, 2016, 07:32:40 am
I don't know.

Just got use of computer again after it crashed and killed my hard drive. So had not backup and adding drive as 2nd drive I can not see anything. So got other things to do now. Like find way to get data off the drive.