Broadband....

Latest Articles

Broadband....
Page Previous 1, 2, 3

Downsizer Forum Index -> IT Matters

Author

Message

Gervase

Joined: 17 Nov 2004
Posts: 8655

Posted: Sat Feb 26, 05 10:20 am Post subject:
Blimey, I used a Dynamode router that cost me under £40 and which seems to do the job on our 1Mbs connection here. Connects up to four machines, with any OS, and regularly gets uplink to the broadband service in excess of 1Mbs according to the stats.

mrutty

Joined: 28 Oct 2004
Posts: 1578

Posted: Sat Feb 26, 05 12:23 pm Post subject:
Not a bad product range. Firewall looks a bit weak, but at £40 can't moan. Would like to know more about the remote management settings and the SNMP versions, sadly not too much detail on the site

dougal

Joined: 15 Jan 2005
Posts: 7184
Location: South Kent

Posted: Sat Feb 26, 05 5:08 pm Post subject:

Sean -
In reply to your original question, you will *need* Mac OS X driver software for your USB broadband modem. (Should be on the CD, check the label!)

And your username and password.
It might be handy to have the IP addresses of your ISP's DNS servers.
That should allow you to setup access to the net.

For email, you're going to need the names of the ISP's mailserver computers, your email box id(s) and password(s). These, except the passwords, should be visible in your existing PC mail setup.

The standard Mac OS X install includes a pretty good firewall.
To turn it on, open System Preferences, Sharing, click the Firewall tab and then the Start button.

Funny name "Firewall" when its ability is *not* to absolutely shut everyone out, but to carefully *allow* (specified) restricted access.
Unless you are intending to do videoconferencing, or run something that you want the world to have access to (like your own webserver), then you *don't* want to allow *anyone* *any* access to your machine. So for the Mac firewall, you shouldn't 'tick' any of the allowed access options...
Important note - we aren't talking about shutting out replies (to your requests for web pages or email), but shutting out traffic *originating* from out there.
Potentially a 'bad' agent on your machine could originate a connection to a bad guy, but the Mac won't allow any installation (of any program) without an 'Administrator' password.

If you are going to continue with a PC as well as the Mac, (or any second computer), a router is obviously the way to go - and incidentally provides another line of defence. It is a moot point as to whether its better to set up the router to ignore all incoming traffic attempts, or to forward it to a non-existant machine.
But ANY router hides your computer from the net, and if there's no way - at all - that traffic can reach your machine uninvited, that has to be a good thing.
I'd say that a cheap router would meet your needs; I don't think an expensive full-featured firewall would do anything more useful for you.

For basic ADSL routers, you could do worse than check out www.solwise.co.uk

mrutty

Joined: 28 Oct 2004
Posts: 1578

Posted: Sat Feb 26, 05 5:56 pm Post subject:

A firewall is a logging router and I agree that you can set any router up to find your machine. However logging routers don't understand packet structures and can't do proxying.

You can DoS a router quite easily and because it routes you don't need to be able to see it to take it down.

Hey at the end of the day it's down to how much money you want to spend. I run a two layer (three layer in some parts) firewall infrstructure and have an air gapped machine, but that's much more to do with my line of business.

jema
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 28112
Location: escaped from Swindon

Posted: Sat Feb 26, 05 6:26 pm Post subject:
I run a network here that I occasionally allow access to specific machines via my basic linksys router. I'd say that puts me on a more complex level than most people here and yet a cheap router does it for me. I'd say for £40 a router is a great way of sharing a connection and offers a massive level of protection compared to the software firewall most people are running.

Treacodactyl
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 25795
Location: Jumping on the bandwagon of opportunism

Posted: Sat Feb 26, 05 6:51 pm Post subject:
It also depends what you want from you home setup. £200 would be worth it for some.

dougal

Joined: 15 Jan 2005
Posts: 7184
Location: South Kent

Posted: Sat Feb 26, 05 7:57 pm Post subject:

mrutty wrote:

A firewall is a logging router and I agree that you can set any router up to find {hide??} your machine. However logging routers don't understand packet structures and can't do proxying.

You can DoS a router quite easily and because it routes you don't need to be able to see it to take it down.

Hey at the end of the day it's down to how much money you want to spend. I run a two layer (three layer in some parts) firewall infrstructure and have an air gapped machine, but that's much more to do with my line of business.

IIRC Sean has not indicated any intention of being other than a 'net "consumer". He isn't going to be running any servers - and doesn't want any access at all from outside.
AFAIK he has no need to filter/inspect/record traffic content, or restrict access to particular websites - which I understand to be the function of a proxy server.
I doubt he's going to attract any attention from anyone that would think of flooding his connection and denying him service. He has no need to worry about his (non-existant) servers being denied to the world.
Also a DoS attack is surely pretty unlikely on someone without a fixed IP address, isn't it?
Can someone please explain what I'm missing, 'cos while I can recognise that these would be useful functions, and well-nigh essential and worth most web-enterprises (with multiple locations or employees) paying money for - I'm afraid I really don't see what's in it for someone like Sean to have anything beyond a basic router... (£200 is lots of potatoes...)

Treacodactyl
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 25795
Location: Jumping on the bandwagon of opportunism

Posted: Sat Feb 26, 05 8:08 pm Post subject:
I thought broad band gives you a fixed IP address? I also don't think Sean will be paying £200 for a router.

mrutty

Joined: 28 Oct 2004
Posts: 1578

Posted: Sat Feb 26, 05 8:42 pm Post subject:

dougal wrote:

AFAIK he has no need to filter/inspect/record traffic content, or restrict access to particular websites - which I understand to be the function of a proxy server.
I doubt he's going to attract any attention from anyone that would think of flooding his connection and denying him service. He has no need to worry about his (non-existant) servers being denied to the world.
Also a DoS attack is surely pretty unlikely on someone without a fixed IP address, isn't it?

OK DoS, yes everyone can get hit. Something as dumb as Code Red which steps through all the public IP addresses regardless of static or dynamic. Just checked now and been hit 10 times in the last hour with an attempt. BUT XP firewall and a router would prevent these current script kiddie attacks.

Yes most people really could just renew their IP address and the DoS should go away.

Yes a proxy server can filter, but what it does is break the interactive connectivity of the traffic flow (wake up at the back I might set an exam). A proxy Firewall breaks the connection and then looks at the say the HTTP and checks that it's valid.

Stateful inspection or state of inspection firewalls just check that the packet is formed correctly.

Routing tables just say packet type A can go to this box or not with no further inspect. A CCSA would be able to set it up, but not so sure about home user, very easy to stuff it up.

Right that's just cut a 15 page firewall document down into 5 paragraphs

But yes look at all the options a choose what fits your budget and needs. I'm thinking of uping my ADSL to business to get 20/1 instead of 50/1 sharing, but then I can't get more than a 500 line because of the distance from the exchange. I've got a failed delivery on Friday of another DrayTek and an order out for ZoneLabs Pro. Other people I'm sure are saving instead for a new digital stereo.

Oh and yes I'd love a FW-1 and Cyberguard mix, but that's too expensive as is the 32 meg link the Er wouldn't let me get

dougal

Joined: 15 Jan 2005
Posts: 7184
Location: South Kent

Posted: Sat Feb 26, 05 9:39 pm Post subject:

Treacodactyl wrote:

I thought broad band gives you a fixed IP address? I also don't think Sean will be paying £200 for a router.

Some ISPs include a fixed IP address in the basic package. Some (inc BT IIRC) charge extra for it.

My comment re £200 was a in reference to the specific injunction that he SHOULD "Buy a DrayTek 2600P from www.seg.co.uk £200, it's the best value you can get. " Regardless of the 'value' *in* this piece of kit, I have yet to be convinced that it is appropriate to Sean's needs - and thus of its value *to* Sean.

dougal

Joined: 15 Jan 2005
Posts: 7184
Location: South Kent

Posted: Sat Feb 26, 05 9:49 pm Post subject:

mrutty wrote:

dougal wrote:

... I doubt he's going to attract any attention from anyone that would think of flooding his connection and denying him service. He has no need to worry about his (non-existant) servers being denied to the world.
Also a DoS attack is surely pretty unlikely on someone without a fixed IP address, isn't it?

Um, hang on - isn't "Code Red" a piece of malware (worm?) that *looks* for *PCs* that can be compromised - and *then* used as zombies to flood (deny service to) prominent websites (originally the White House?).
Now -
1/ Code Red would use Sean's PC as a zombie, and Code Red wouldn't deny service *to* Sean's PC (not that he's providing any service to deny), and AFAIK (bloody Mac user!) acting thus as a zombie shouldn't make very much impact on his own PC.
2/ And anyway Sean's iMac aint a PC ready to be compromised. So what is its relevance to Sean's needs ?
Reference: https://www.f-secure.com/v-descs/bady.shtml

mrutty

Joined: 28 Oct 2004
Posts: 1578

Posted: Sat Feb 26, 05 9:57 pm Post subject:

Code Red is a noisy worm that scans the entire IP address range and bought the 'Net' to almost a stand still. Whist it's true to say it was looking for hosts it still pinged machines that had to respond. Simple example that is all. On a large corperate network it took 53 machines to bring a Gigabit backboned network to it's knees. On BT Openwoe you'll have more machines than that in the IP range pinging, if you can drop the packets before it hits any IP aware machine all the better.

(Got paid a bonus for that weeks work

)

Oh and yes it was the White House, from memory they hardcoded the IP address so the White House just moved it's IP address and the service providers set the old address to dev\null

dougal

Joined: 15 Jan 2005
Posts: 7184
Location: South Kent

Posted: Sat Feb 26, 05 10:30 pm Post subject:

mrutty wrote:

... On a large corperate network it took 53 machines to bring a Gigabit backboned network to it's knees. On BT Openwoe you'll have more machines than that in the IP range pinging, if you can drop the packets before it hits any IP aware machine all the better.

That would be 53 compromised PC's...
No argument that such *external_requests* are best handled by being ignored at the router/firewall
BUT
The nuisance to Sean's iMac of having its (software) firewall pinged a dozen (or even 200, or 2,000...) times an hour is actually going to make VERY little impact on his surfing.
That's not going to deny *him* service.
And there's VERY little chance his Mac being compromised by anything similar.
Since he is hosting no servers, a router (any router) would provide an extra layer of security - which perhaps is redundant, but I'm not convinced there is any advantage -- to *Sean* -- in his having an additional full-featured, stand alone firewall that goes beyond packet state checking, let alone a proxy server...

mrutty

Joined: 28 Oct 2004
Posts: 1578

Posted: Sat Feb 26, 05 10:58 pm Post subject:
Each to his own

sean
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 42207
Location: North Devon

Posted: Mon Feb 28, 05 2:09 pm Post subject:
Thanks for all the advice everyone. I'll go and have a word with our local shop and see what he sells/charges.

	Downsizer Forum Index -> IT Matters	All times are GMT Page Previous 1, 2, 3
Page 3 of 3

View Latest Posts