LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-16-2002, 10:30 PM   #1
adam_boz
Member
 
Registered: Jul 2002
Location: Santa Cruz, CA
Distribution: lfs
Posts: 538

Rep: Reputation: 30
lynksys router.... secure?


Hi all. I am behind a lynksys dsl router with "no incomming connections" set. Is this a pretty good level of security, or do I need some more protection. I don't have any extremely important data.... one MS box (housemates) and my linux machine, both of which only have homework and what not.
 
Old 10-16-2002, 10:35 PM   #2
jetblackz
Member
 
Registered: Mar 2002
Location: Debian Galaxy
Distribution: Debian
Posts: 711

Rep: Reputation: 30
A router doesn't protect you from anything.

NAT + SPI does.

Give me the link to the product and I'll see how secure it CAN be.

A firewall is as secure as the configuration. Johnny can buy a PIX 5 and still gets hacked.

The best practise would be safe computing and never typing personal info on the computer. If you must, use an Internet-disabled PC.
 
Old 10-16-2002, 11:30 PM   #3
adam_boz
Member
 
Registered: Jul 2002
Location: Santa Cruz, CA
Distribution: lfs
Posts: 538

Original Poster
Rep: Reputation: 30
here's the page for my router. I guess it has NAT, but nothing about SPI... what's that?

http://www.linksys.com/Products/prod...rid=23&prid=20

I don't know about this thing.... it just seems a bit cheesy to be really secure, what you think?
 
Old 10-17-2002, 01:20 AM   #4
jetblackz
Member
 
Registered: Mar 2002
Location: Debian Galaxy
Distribution: Debian
Posts: 711

Rep: Reputation: 30
I have the exact model.

If I can find and afford PIX 5, I'm buying it. A better router would be

http://www.netscreen.com/products/ap....html#ns5xp_xt

I love it. I hear people swear by it. It can be had for about $150-200 on ebay.

I think you should learn to secure Linux and Linky.
 
Old 10-17-2002, 01:53 AM   #5
adam_boz
Member
 
Registered: Jul 2002
Location: Santa Cruz, CA
Distribution: lfs
Posts: 538

Original Poster
Rep: Reputation: 30
thanks, I've been avoiding the security subject I guess.... time for some long nights!!!
 
Old 10-17-2002, 02:52 PM   #6
Son77
LQ Newbie
 
Registered: Oct 2002
Location: Quebec city
Distribution: RedHat 8.0
Posts: 4

Rep: Reputation: 0
What kind or linksys do you have?
 
Old 10-17-2002, 07:37 PM   #7
adam_boz
Member
 
Registered: Jul 2002
Location: Santa Cruz, CA
Distribution: lfs
Posts: 538

Original Poster
Rep: Reputation: 30
an Etherfast "instand broadband series" dsl router w/ 4 port switch... the link is up there on the third post. You know much about these?
 
Old 10-18-2002, 12:31 AM   #8
Son77
LQ Newbie
 
Registered: Oct 2002
Location: Quebec city
Distribution: RedHat 8.0
Posts: 4

Rep: Reputation: 0
Depending on the kind of activities you usually do on your network, I suggest you check the following:

1. Use a good password. Know that if you choose your browser to remember the password at the login prompt, it will stored on your computer.

2. Very important, if you don't want the following vulnerabilities; upgrade your firmware and regularly check for new ones. Only download them from the manufacturer website.(gotta trust him, hey

Here are some details of LinkSys vulnerabilities found on securityfocus.com:
2002-03-08: Linksys BEFVP41 Key Truncation Encryption Weakening Vulnerability (http://online.securityfocus.com/bid/4250)
2002-01-06: Linksys DSL Router SNMP Trap System Arbitrary Sending Vulnerability (http://online.securityfocus.com/bid/3797)
2002-01-06: Linksys DSL Router Default SNMP Community String Vulnerability (http://online.securityfocus.com/bid/3795)
2001-08-02: LinkSys EtherFast Router Password HTML Source Revealing Vulnerability (http://online.securityfocus.com/bid/3141)

3. Try not using DHCP. It's not the end of the world, but again it increase the security of the network. If you have to use it, restric t the number of users(Setup menu, DHCP section).

4. This is not mandatory, but you can save the logs(Setup menu, Log section).

5. Define an IP for each machine, and exempt all other IPs(Setup menu, Security section. Also Filter section in the Advanced menu).

6. Control the physical access to the router.(especially the reset button

7. Block WAN request, disable all Pass Through, the Remote Management and the Remote Upgrade(Advanced menu, Filters section).

8. Use the Fowarding section(in the Advanced menu) to control the port access to each of the computer.

9. You can always use an IDS like Snort(http://www.snort.com) if you really want to filter the whole thing.

10. Don't count on only one solution to protect your network.

11. I know there is a way to probe specific URLs using the internal IP of the router, and found some information whatever the security settings on the LinkSys.(Is it set using DHCP, the Internal IP of the router, etc, but nothing too explicit)

13. An easy way to bypass all this is to set the DMZ Host to your computer. The router will not filter anything. You could use it as an honeypot and see how script kiddies react.

Despite the fact there as been some vulnerabilities, I think it is secure enough for a small network.

You can always do more to secure the think, but this should be a good start. Since I'm not an expert, don't take all this for perfect. Hope it helped.
 
Old 10-25-2002, 04:42 AM   #9
RijilV
Member
 
Registered: Sep 2002
Location: somewhere
Distribution: gentoo
Posts: 123

Rep: Reputation: 15
shrug, one thing you can try is run a packet dump on the inside of your network, from a host outside loose source route packets inbound to your internal address without the syn flag set...(you need r00t on an Unix-esk box somewhere on the net, and a decent packet generator ..)

Most Linksys' will route those packets inbound. The real trick is finding a path through the net that'll route your loose source routed crap, which is still too easy.
 
Old 10-25-2002, 05:00 AM   #10
adam_boz
Member
 
Registered: Jul 2002
Location: Santa Cruz, CA
Distribution: lfs
Posts: 538

Original Poster
Rep: Reputation: 30
Thank you everybody who replied. I have just accomplished masquerading on my linux box... and I'll soon be diving into iptables and firewalling and all that.

I will be looking at this thread a lot for all the good security strategies you all have given me.
 
Old 10-25-2002, 11:16 PM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,679
Blog Entries: 54

Rep: Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955Reputation: 2955
Not to downplay anyone elses involvement in this thread but it has to be said that was a darn good summary, Son77.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how secure is a router? speel Linux - General 5 03-02-2006 04:25 AM
Problems routing through a Lynksys firewall router Homer Glemkin Linux - Networking 24 11-19-2004 08:28 AM
Lynksys router, no DHCP. Have to use IP manualy, some one give me low down. RHLinuxGUY Linux - Networking 1 07-08-2004 03:16 AM
LAN over Lynksys router between RH9 and two Win2KPro machines GTBlackwell Linux - Networking 4 08-28-2003 01:12 AM
lynksys router.... static ip? adam_boz Linux - Networking 7 09-25-2002 04:47 AM


All times are GMT -5. The time now is 01:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration