From: Digest To: "OS/2GenAu Digest" Date: Mon, 5 Feb 2007 00:01:01 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600 Subject: [os2genau_digest] No. 1433 Reply-To: X-List-Unsubscribe: www.os2site.com/list/ ************************************************** Sunday 04 February 2007 Number 1433 ************************************************** Subjects for today 1 Re: Firewalls : BruceD 2 Re: Firewalls : Kev 3 Re: Firewalls - Clarification : Ian Manners" 4 Re: Firewalls : Ed Durrant 5 Re: Firewalls : Ed Durrant 6 Re: Firewalls : Voytek Eymont" 7 Re: Firewalls : Leigh Bunting 8 Re: Firewalls : Ian Manners" **= Email 1 ==========================** Date: Sat, 03 Feb 2007 22:44:08 +0900 From: BruceD Subject: Re: Firewalls Alan Duval wrote: > Hi, > > Thanks to everyone who responded to my query about firewalls. I've > found that the Billion 5100 router does have a firewall incorporated. > Hence I'll not worry any further. > > Cheers, > > Alan Duval I am sure you are incorrect in thinking that the Billion 5100 has a firewall. It does not have a firewall. I used to own a 5100 it had no firewall, nor will it ever. ---------------------------------------------------------------------------------- **= Email 2 ==========================** Date: Sat, 03 Feb 2007 23:54:08 +0900 From: Kev Subject: Re: Firewalls BruceD wrote: > Alan Duval wrote: >> Hi, >> >> Thanks to everyone who responded to my query about firewalls. I've >> found that the Billion 5100 router does have a firewall incorporated. >> Hence I'll not worry any further. >> >> Cheers, >> >> Alan Duval > I am sure you are incorrect in thinking that the Billion 5100 has a > firewall. It does not have a firewall. I used to own a 5100 it had no > firewall, nor will it ever. Actually Bruce I think that you may be mistaken. Look at the heading on p9 of the manual. It says, "Configuring Your ADSL Firewall Router". On the face of it I'd guess there's a firewall in there somewhere. Certainly it was sold to me as having a firewall. Cheers Kev -- ========================= Kev Downes kdownes at tpg dot com dot au ph 0404 7 0808 2 We use and recommend Xandros 4.1 ========================= There are 10 types of people ... ... those who understand binary, and those who don't! ========================= "Jesus Christ is the centre of everything and the object of everything; He who does not know him, knows nothing of the order of the world and nothing of himself." Blaise Pascal ========================= ---------------------------------------------------------------------------------- **= Email 3 ==========================** Date: Sun, 04 Feb 2007 02:36:12 +1100 (EDT) From: "Ian Manners" Subject: Re: Firewalls - Clarification Hi Everyone I think you need to keep in mind what some people call "Firewalls" for marketing purposes. I cant speak for the products mentioned but from the Netcomm's and others I've seen, what they call a firewall is no more than a NAT engine. I can state that a Cisco ADSL Router has I would call a basic firewall :-) And that can do a lot more than other, cheaper ADSL modem/routers but note that there is a big price difference. InJoy firewall v3 is what I would call an intermediate firewall but it would be overkill for your average home user who has no intention of hosting servers and/or a dedicated IP(s) with VPN's etc. A lot of people of knowledge in the subject define a firewall as something that can give you fine control of a packet, ie "Packet Inspection" and similar functions, as well as the capability of being able to control a packets in relation to rules that you can build up. I havent seen a cheapish ADSL Router that can do that, doesnt mean there not out there, maybe, and keep in mind I havent had much to do with ADSL routers produced in the past 12 to 18 months. One Netcomm, think it was the NB5 will allow you to "disallow" IP's, and control if an internal IP/IP Range has access to certain ports to the outside world but this isnt even what I personally would call a firewall. The firewall function that comes with the OS/2 TCP/IP 32bit stack will give a lot more control than your general ADSL Modem/Router but you need to learn the basics and do a bit of reading. For your average OS/2 box on the internet, I wouldnt worry about a firewall unless your on a dedicated IP. If you have windows boxes I would use a minimum of NAT, and drop all data on the ports 135 to 445 both in and out, as well as disallow any Netbios over TCP/IP access outside your local network. Cheers Ian Manners Tech Fossil (Often called a Dinosaur) - ancient animal that gets things done http://www.os2site dot com/ Wouldya do it for a Scooby Snack? ---------------------------------------------------------------------------------- **= Email 4 ==========================** Date: Sun, 04 Feb 2007 09:10:15 +1100 From: Ed Durrant Subject: Re: Firewalls BruceD wrote: > Alan Duval wrote: >> Hi, >> >> Thanks to everyone who responded to my query about firewalls. I've >> found that the Billion 5100 router does have a firewall incorporated. >> Hence I'll not worry any further. >> >> Cheers, >> >> Alan Duval > I am sure you are incorrect in thinking that the Billion 5100 has a > firewall. It does not have a firewall. I used to own a 5100 it had no > firewall, nor will it ever. > > > > Well Billion thinks it has !! http://www.billion dot com/product/adsl/bipac5100.php Cheers/2 Ed. ---------------------------------------------------------------------------------- **= Email 5 ==========================** Date: Sun, 04 Feb 2007 09:34:21 +1100 From: Ed Durrant Subject: Re: Firewalls Ed Durrant wrote: > BruceD wrote: >> Alan Duval wrote: >>> Hi, >>> >>> Thanks to everyone who responded to my query about firewalls. I've >>> found that the Billion 5100 router does have a firewall >>> incorporated. Hence I'll not worry any further. >>> >>> Cheers, >>> >>> Alan Duval >> I am sure you are incorrect in thinking that the Billion 5100 has a >> firewall. It does not have a firewall. I used to own a 5100 it had no >> firewall, nor will it ever. >> > >> >> > >> > Well Billion thinks it has !! > > http://www.billion dot com/product/adsl/bipac5100.php > > Cheers/2 > > Ed. > > > Having read a bit more - this is a VERY BASIC firewall, relies on NATTing and packet filtering only, so an additional software firewall may be a good idea. By the way "Zampa" is the tool to configure the OS/2 TCP/IP stack to be a firewall - you can get it from Hobbes - here: http://hobbes.nmsu.edu/pub/os2/apps/internet/util/zampa10b.zip Cheers/2 Ed. ---------------------------------------------------------------------------------- **= Email 6 ==========================** Date: Sun, 4 Feb 2007 11:05:47 +1100 (EST) From: "Voytek Eymont" Subject: Re: Firewalls > Ed Durrant wrote: > >> BruceD wrote: >> >>> Alan Duval wrote: > Having read a bit more - this is a VERY BASIC firewall, relies on > NATTing and packet filtering only, so an additional software firewall > may be a good idea. and don't forget anti virus software -- Voytek ---------------------------------------------------------------------------------- **= Email 7 ==========================** Date: Sun, 04 Feb 2007 17:23:06 +1030 From: Leigh Bunting Subject: Re: Firewalls Hi All, The iconnect 624 router I use uses as its firewall , "stateful packet inspection", which according to one site is: *Stateful packet inspection:* An important security feature, SPI digs deep into the packets used to encapsulate data traversing the network. The result: A firewall can do more than simply prohibit packets from a specific source and take action based on the content or behavior of packets. For instance, an SPI firewall can tell if an incoming packet was unsolicited (and therefore, unwanted) or if it arrived in response to a request from the local network (in which case it would be allowed through). But, taking out all the technojargon, is it any good? Cheers, Leigh Bunting Colonel Light Gardens South Australia ---------------------------------------------------------------------------------- **= Email 8 ==========================** Date: Sun, 04 Feb 2007 18:18:03 +1100 (EDT) From: "Ian Manners" Subject: Re: Firewalls Hi Leigh >The iconnect 624 router I use uses as its firewall , "stateful packet >inspection", which according to one site is: ie, can check packet header information. >*Stateful packet inspection:* An important security feature, SPI digs >deep into the packets used to encapsulate data traversing the network. >The result: A firewall can do more than simply prohibit packets from a >specific source and take action based on the content or behavior of >packets. For instance, an SPI firewall can tell if an incoming packet >was unsolicited (and therefore, unwanted) or if it arrived in response >to a request from the local network (in which case it would be allowed >through). I've always liked that word "Stateful", sounds good doesnt it ;-) Sounds like it simply checks to see if the packet is ACK'ed, ie, a 'return' packet, NAT does that so it can push the incoming packet to its right destination. ie, Still sounds like marketing talk to me. I think a lot of modern hardware players are using Microsoft as a marketing model these days. >But, taking out all the technojargon, is it any good? It's still good, ie, does the job and probably does it well for a simple home based network, so if your not wanting to host any internet based services at home on a windows machine, I'd say it would be all you would need. If you want something like full ADSL 2+ however, a lot of the earlier ADSL 2+ Modem/routers cant handle the speed to well so check out places like http://whirlpool dot net dot au/ and the router /hardware section. Hardware companies are misusing the term "Firewall" to include "NAT', and NAT is a different beast to a Firewall. Cheers Ian Manners Tech Fossil (Often called a Dinosaur) - ancient animal that gets things done http://www.os2site dot com/ Emptiness is filling me ----------------------------------------------------------------------------------