SPI and NAT firewalls

[Apokalipse]

about 2 weeks ago, I got a wireless router, and a wireless card for the Laptop
I secured it all, using WPA PSK + AES encryption, MAC filtering, and turning on SPI (it automatically runs NAT)
when I looked in its log, I found that it has blocked a CRAPLOAD of hackers. I mean, probabbly a hundred at least just for today.
I was really surprised that there were so many hackers trying to get in.
because of the sheer large volume of hackers the router has blocked, I was very impressed. I very much recommend people who use the internet a lot to invest in a router with SPI and NAT. they work really well.

I did a lookup on basically what they do, and this is the gist of it:

SPI - this blocks everybody from the internet from getting to your network, unless you have initiated the connection

NAT - this hides your network from internet users.

 

[DJ-CHRIS]

I get a hit at least once a minute on my connection.

A properly configured firewall is even better, using a cisco router myself after learning what the hell I am doing, I can just feel the POWER.

 

[m3trj]

Yeah SPI, or Stateful Packet Inspection, is all you need on a home network. It stops pretty much everything. People mostly run port scans. That will be what you're seeing. You don't need a Cisco firewall because it usually won't stop any more than a home router firewall. It just has more throughput and is more configurable.

Having said that having a Cisco firewall would be cool. Chris where did you get it from? They're pretty expensive things.

 

[DJ-CHRIS]

I got it from a cannot tell location, since I am not paying the full price, nor am I really paying for the software.

This one is only 500ish USD dollars however.

 

[toxicity_27]

Yes, ONLY 500 USD. Pshhhhhh I got that in my pocket right now.

 

[Chankama]

Yeah. But typical h/w firewalls don't really protect you from trojans.. Since the connection could be "started" from inside your system.

It's still essential though..

 

[DJ-CHRIS]

Yeah. But typical h/w firewalls don't really protect you from trojans.. Since the connection could be "started" from inside your system.

It's still essential though..

You can strictly deny access to all trojan ports so they cant do anything.

I have to learn how to do that.

 

[Chankama]

A good trojan won't restrict themselves to certain ports . So unless you know what to look for, you can't tell what to block. Of course, you could "find" out the characteristics of the trojan by various methods. But, I doubt if it is possible just by external means with a h/w router.

I mean. I could write a trojan that pretends to be a legitimate program - in the eyes of external entity (h/w router) to the computer is concerned, as they don't provide you application level security.

 

[Apokalipse]

my router has application level security aswell
I have the D-Link DI-524

 

[Chankama]

I doubt it man.

From their website:

Some firewall features include functions that allow or disallow certain ports to be open for certain applications.

This might be somewhat misleading. For example, ZoneAlarm I believe takes a keyed hash of the trusted executable and stores it in its database. When an .exe tries to access the internet, it compares to see if the keyed hash is in its db or not.

With a external entity, such a mechanism cannot be done as far as I know. You'd need some software running on the system that does something like what ZA does.