>if you have an External Router (m10, m11, m1122), doesnt
>the router act as a phyisical firewall anyway?
>and therefore not requiring additional
>software like ZoneLabs or whatever ?
>Can someone clear this up?
The Herald Article mentioned Napster which includes features that are
usually found in Trojan Horse virus type programs. You are correct in
assuming the Mxx routers include a firewall, this is a byproduct and
desirable feature of NAT which is primarily there to allow multiple
computers to share the ADSL connection. If you have an Internal card then
the card is bolted direct to the Internet and there is no firewall
protection.
A NAT firewall only prevents unsolicited incoming connections, it is like a
PABX that has been switched to night service. Staff can still pick up a
phone and make an outgoing call to anywhere, incoming calls just ring the
night bells which happen to be diconnected so no one can hear them.
Pinholing the router is like DDI in a PABX, you are configuring which phones
incoming calls should go to.
A more advanced firewall also controls outgoing calls i.e. this person can
call this number etc, corporates use these features to ensure that staff are
using the Internet for it's intended purpose and also to limit the damage a
virus or Trojan horse can do. To understand the difference consider a virus
that arrives as a small email attachment which when opened connects to
Internet and downloads a more powerful virus e.g.
http://www.norman.com/virus_info/w32_mtx.shtml
A basic NAT firewall can not stop this behaviour, a more advanced firewall
can be configured to block the download (i.e. block the outgoing call) and
send an alarm if the behaviour is detected.
Napster works by running a client program that makes an outgoing call to an
Internet Server/Proxy Server, the client program leaves that call connected
so that other users can make "incoming requests" over it. The desired
functionality is that other users can pull files off your hard drive, the
concept is "what is mine is yours". A NAT firewall is useless if you want to
prevent this.
One "interesting" feature of Napster is that it includes functionality to
bypass firewall protection i.e. the outgoing call can be made on port 80 to
a proxy server on the Internet that "forwards" the call to a Napster server,
thus packet filtering on outgoing calls can be bypassed. Another feature is
that Napster will automatically download, install and run other
programs/upgrades without telling the user. Some features of Napster:
Requires that you run a program on your system.
That program makes connections to servers on the Internet.
Built in features to bypass firewall protection.
Automatically downloads and installs other programs.
Allows Internet users to access files on your hard drive.
Compelling reason to use the program "it's free".
This feature list reads more like a virus, as with any downloaded software
you are trusting the manufacturer and also trusting that no one substitutes
an infected version of their product. If you decide to use it you should
definately not leave it running when you have finished downloading unless
you wan't a huge bill for all the bandwidth consumed by Internet users
pulling files off your hard drive.
----------------------------------------------------
This e-mail message has passed virus scanning by our
outgoing email gateway (mx2.pcx.co.nz) prior to
delivery via the Internet.
----------------------------------------------------
This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Wed Nov 29 06:26:20 2000