Page 3 of 3

Re: Virus/Internet Protection Software

Posted: Thu Nov 12, 2009 2:23 am
by MrAl
Hi Ron,


How does that work? I've had a router for several months now and that doesnt keep the attacks out.

Re: Virus/Internet Protection Software

Posted: Thu Nov 12, 2009 4:22 pm
by reloadron
Let's look back at what SET said:
To make a complicated process simple, your ISP assigns you a public facing IP address, your router takes this address for you and assigns all LAN connected (your home PC) computers a private IP address which is not externally accessible. So if anyone trys to attack your machine the farthest they can get is your router which is speaking on your behalf. The router by nature of how it works ignores spurious packets that are not associated with a request you made. There are a lot of caveats to those statements but that's the jist of it. Any decent router will have no open ports and will perform stateful packet inspection to determine legitimate traffic. Once you initiate an outbound connection, to a web site for example, the router tags the packet, sends it out, gets the response and allows it in at which point it is passed to your computer. You can enable port forwarding but that's a whole new can of worms....
What the router is doing is placing itself between you and the outside world. As Set mentions rather than your computer facing the outside worls the router doews that and assigns your computers behind it private IP (Internet Protocol) addresses.

Now all of that is well and fine but... The router will not block anything you allow through. For example if I visit a website and download a malicious file the router won't prevent that. The router also will not prevent a download initiated by a malicious site that I visit. The router will only allow content inbound from places you visit. The router isn't anti-virus but does serve well as a hardware firewall.

This link provides a simple overview of Firewalls and includes a short sentence on how the router figures into things.

Hope that helps a little.

Ron

Re: Virus/Internet Protection Software

Posted: Fri Nov 13, 2009 3:03 am
by MrAl
Hi Ron,


Thanks for the info, and i think i see what you and SET are saying now.
If i got this right now, you guys are saying that the router DOES do something
but it doesnt do everything. In other words, all this time is HAS been doing
something but because it was doing it i didnt notice. What i did notice
was what it wasnt doing, which as you say, allowing things to get past it that
it thinks i want. It is on the other hand keeping out other things which would
get past if it wasnt there.
Does that sound right now?

Is it also true that some hacker attackers search for addresses being used and
work from that too?

I noticed that as you say it will not keep out things like trojans when you visit
a site, and some sites automatically send you a trojan when you visit their
site! Gee how do we thank these sites for trying to mess up our computer? ha ha.
Seems there should be a way to get those sites banned or something.

Re: Virus/Internet Protection Software

Posted: Fri Nov 13, 2009 3:45 am
by SETEC_Astronomy
Sounds like you got it.

It is true that hackers, worms and bots work through the IP space scanning ports that might be vulnerable to attack.
MrAl wrote:Seems there should be a way to get those sites banned or something.
That would be nice but for various reasons it's not feasible. You do have options similar to that available to you though. You should create an account with OpenDNS. Once you've created an account you can set it to block like adult sites, phishing sites and so on. The service is free and it's easy to use. To use it you need to set your router to use their DNS servers 208.67.222.222 and 208.67.220.220 (Instructions here).

Re: Virus/Internet Protection Software

Posted: Sat Nov 14, 2009 2:32 am
by MrAl
Hi again,


Well, i dont know if i want to go that far, but thanks for the link, i'll have to read
about this.

Re: Virus/Internet Protection Software

Posted: Sat Nov 14, 2009 4:08 am
by SETEC_Astronomy
After hearing someone talking about routers a thought struck me that might help explain how routers act as a firewall. You can think of it this way, without a router you have a phone number that if I had the desire I could find by calling every number 000-000-0000, 000-000-0001, 000-000-0002... Eventually I'll find your number and as the bad guy I could choose to attack/harass you. There's nothing you can do about it because you need a phone and you can't be sure when the phone rings if it's an important call you need to answer or me again. A router in this context is an answering center, even if I find your number and call it I have to know who to ask for. If I don't know to ask for you (you in this case can be one of several of your home computers connected to the router) I'll simply hit a dead end and be hung up on. Unmarked data has no where to go and the router will simply drop the packet. Sometimes you get infected because going to a bad site is like saying hey by the way here's my number. when you call ask for MrAl.

Did that help at all?

Re: Virus/Internet Protection Software

Posted: Sat Nov 14, 2009 5:22 am
by reloadron
That had to be the best analogy I have ever heard. Really, really good.

Ron

Re: Virus/Internet Protection Software

Posted: Mon Nov 16, 2009 7:35 pm
by SETEC_Astronomy
Thanks, that's quite a compliment.

Re: Virus/Internet Protection Software

Posted: Tue Nov 17, 2009 5:06 am
by MrAl
SETEC_Astronomy wrote:After hearing someone talking about routers a thought struck me that might help explain how routers act as a firewall. You can think of it this way, without a router you have a phone number that if I had the desire I could find by calling every number 000-000-0000, 000-000-0001, 000-000-0002... Eventually I'll find your number and as the bad guy I could choose to attack/harass you. There's nothing you can do about it because you need a phone and you can't be sure when the phone rings if it's an important call you need to answer or me again. A router in this context is an answering center, even if I find your number and call it I have to know who to ask for. If I don't know to ask for you (you in this case can be one of several of your home computers connected to the router) I'll simply hit a dead end and be hung up on. Unmarked data has no where to go and the router will simply drop the packet. Sometimes you get infected because going to a bad site is like saying hey by the way here's my number. when you call ask for MrAl.

Did that help at all?

Ha ha, yeah that's what it's like just about.
"Give me a call and BTW when you do call feel free to drop off a virus or trojan".

I am starting to get the idea that some sites do this on purpose, just to limit traffic to the site.
If they drop off a virus that causes you to have to react to that and fix it, that saves bandwidth.
Other sites try to sell virus software by giving you a virus and then stating, "Hey look, you just
got a virus...wouldnt it be nice if you bought our software to fix it?". No thanks! he he.

A few attacks i had gotten in the past caused me to have to work for several hours just to
get rid of all the files left from the attack. That's why i had gotten interested in software
to prevent this. I wrote my own software to get rid of stuff, but sometimes it still takes too
long to get rid of everything. Better to stop it in the first place.