lynksys router.... secure?

adam_boz · 10-16-2002, 09:30 PM

Hi all. I am behind a lynksys dsl router with "no incomming connections" set. Is this a pretty good level of security, or do I need some more protection. I don't have any extremely important data.... one MS box (housemates) and my linux machine, both of which only have homework and what not.

jetblackz · 10-16-2002, 09:35 PM

A router doesn't protect you from anything.

NAT + SPI does.

Give me the link to the product and I'll see how secure it CAN be.

A firewall is as secure as the configuration. Johnny can buy a PIX 5 and still gets hacked.

The best practise would be safe computing and never typing personal info on the computer. If you must, use an Internet-disabled PC.

adam_boz · 10-16-2002, 10:30 PM

here's the page for my router. I guess it has NAT, but nothing about SPI... what's that?

http://www.linksys.com/Products/prod...rid=23&prid=20

I don't know about this thing.... it just seems a bit cheesy to be really secure, what you think?

jetblackz · 10-17-2002, 12:20 AM

I have the exact model.

If I can find and afford PIX 5, I'm buying it. A better router would be

http://www.netscreen.com/products/ap....html#ns5xp_xt

I love it. I hear people swear by it. It can be had for about $150-200 on ebay.

I think you should learn to secure Linux and Linky.

adam_boz · 10-17-2002, 12:53 AM

thanks, I've been avoiding the security subject I guess.... time for some long nights!!!

Son77 · 10-17-2002, 01:52 PM

What kind or linksys do you have?

adam_boz · 10-17-2002, 06:37 PM

an Etherfast "instand broadband series" dsl router w/ 4 port switch... the link is up there on the third post. You know much about these?

Son77 · 10-17-2002, 11:31 PM

Depending on the kind of activities you usually do on your network, I suggest you check the following:

1. Use a good password. Know that if you choose your browser to remember the password at the login prompt, it will stored on your computer.

2. Very important, if you don't want the following vulnerabilities; upgrade your firmware and regularly check for new ones. Only download them from the manufacturer website.(gotta trust him, hey

Here are some details of LinkSys vulnerabilities found on securityfocus.com:
2002-03-08: Linksys BEFVP41 Key Truncation Encryption Weakening Vulnerability (http://online.securityfocus.com/bid/4250)
2002-01-06: Linksys DSL Router SNMP Trap System Arbitrary Sending Vulnerability (http://online.securityfocus.com/bid/3797)
2002-01-06: Linksys DSL Router Default SNMP Community String Vulnerability (http://online.securityfocus.com/bid/3795)
2001-08-02: LinkSys EtherFast Router Password HTML Source Revealing Vulnerability (http://online.securityfocus.com/bid/3141)

3. Try not using DHCP. It's not the end of the world, but again it increase the security of the network. If you have to use it, restric t the number of users(Setup menu, DHCP section).

4. This is not mandatory, but you can save the logs(Setup menu, Log section).

5. Define an IP for each machine, and exempt all other IPs(Setup menu, Security section. Also Filter section in the Advanced menu).

6. Control the physical access to the router.(especially the reset button

7. Block WAN request, disable all Pass Through, the Remote Management and the Remote Upgrade(Advanced menu, Filters section).

8. Use the Fowarding section(in the Advanced menu) to control the port access to each of the computer.

9. You can always use an IDS like Snort(http://www.snort.com) if you really want to filter the whole thing.

10. Don't count on only one solution to protect your network.

11. I know there is a way to probe specific URLs using the internal IP of the router, and found some information whatever the security settings on the LinkSys.(Is it set using DHCP, the Internal IP of the router, etc, but nothing too explicit)

13. An easy way to bypass all this is to set the DMZ Host to your computer. The router will not filter anything. You could use it as an honeypot and see how script kiddies react.

Despite the fact there as been some vulnerabilities, I think it is secure enough for a small network.

You can always do more to secure the think, but this should be a good start. Since I'm not an expert, don't take all this for perfect. Hope it helped.

RijilV · 10-25-2002, 03:42 AM

shrug, one thing you can try is run a packet dump on the inside of your network, from a host outside loose source route packets inbound to your internal address without the syn flag set...(you need r00t on an Unix-esk box somewhere on the net, and a decent packet generator ..)

Most Linksys' will route those packets inbound. The real trick is finding a path through the net that'll route your loose source routed crap, which is still too easy.

adam_boz · 10-25-2002, 04:00 AM

Thank you everybody who replied. I have just accomplished masquerading on my linux box... and I'll soon be diving into iptables and firewalling and all that.

I will be looking at this thread a lot for all the good security strategies you all have given me.

unSpawn · 10-25-2002, 10:16 PM

Not to downplay anyone elses involvement in this thread but it has to be said that was a darn good summary, Son77.