Home page logo
/

basics logo Security Basics mailing list archives

Re: router question...
From: Tom Yarrish <tom () yarrish com>
Date: Mon, 23 Jan 2006 12:43:03 -0600 (CST)

I would strongly recommend not using an off-the-shelf router as a firewall for your websites. From my experience with the BEFSR and SX41's, they can have issues with a very active internet connection. To give you an example I used them last year for a company event and they started resetting on their own and knocking people off of the Internet. I would say if budget is an issue, get an old computer and install either Smoothwall or IPCop on it. I've been using smoothwall for about two years now and have never had an issues with any Internet activity. Plus you have more granular control over traffic through the firewall, and you could even set up a DMZ with it (to put your webserver on). Did you have any logging turned on at the router level? You might see if there was anything there as well.

But that's just my 2 cents.....

Tom

On Sat, 21 Jan 2006, Dave wrote:

I had an odd experience yesterday and was wandering if anyone could help shed some light on it...

I run a webserver that I keep behind a router/firewall. The router is a standard store bought Linksys BEFSX41. The firewalls NAT feature is disabled so someone on the local LAN can access the server via it's Internet domain name. The routers 'remote administration' feature is disabled so no one outside the LAN can log into the config page.

The problem: Yesterday a couple of the websites being hosted on the server were basiclly unavailable. At first we were thinking DoS of some sort but no evidence in the servers logs to support this as far as I know. At any rate, when I would try to access the problem page I was greeted with the router log in prompt! I (using a local machine) log into the router to verify that the 'remote administration' option is dissabled...it was. So why when I tried to access the troubled website via domain name (www.troubled_site.com) I was greeted with my routers log in prompt?

The routers firmware is up to date...I call linksys and asked if they knew what it could be. they did not know. I looked for and asked if anyone knew of any exploit code that could do this to this router...no luck (doesnt mean it doesnt exist). So why was my router (for a short time only) prompting website visitors with it's log in prompt?

Any ideas / comments appreciated.

dave

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



We crucify ourselves between two thieves- regret for yesterday and fear of tomorrow.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]