cancel
Showing results for 
Search instead for 
Did you mean: 

Does the broadband firewall actually work?

m063
Grafter
Posts: 166
Registered: 11-08-2007

Does the broadband firewall actually work?

I'm on BB+ and have the Broadband firewall on and set to high.
But I'm seeing a fair few entries in my router log for attempted incoming requests.
I'm seeing TCP, UDP, and ICMP messages all being dropped by my router firewall. Here's an example:
Quote
Feb 19 16:33:52 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.100.224.190 DST=87.113.208.248 LEN=1492 TOS=0x00 PREC=0x60 TTL=57 ID=26737 DF PROTO=TCP SPT=80 DPT=3232 WINDOW=6432 RES=0x00 ACK URGP=0

All the UDP and TCP messages have DPT> 1024 (I assume this is destination port).

Documentation says that a setting of high blocks all incoming messages. Is this true, or does it really mean ports 1024 and below?
7 REPLIES
Community Veteran
Posts: 26,357
Thanks: 607
Fixes: 8
Registered: 10-04-2007

Does the broadband firewall actually work?

It obviously does something as there is another post in here from someone who found it stopped his VPN (I got over-enthusiastic and set it to high and it stopped my VPN).

Have you disconnected/reconnected as it does need that to activate it?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Does the broadband firewall actually work?

Hi,

The high setting should block all incoming TCP connections and UDP traffic below port 1024. It won't block ICMP (ping) or UDP traffic above port 1024.

http://212.100.224.190 appears to be a Norwegian betting site - oddsnet.com, could that be a site you've visited (or site you've been to had a pop up for)?
m063
Grafter
Posts: 166
Registered: 11-08-2007

Does the broadband firewall actually work?

Quote

The high setting should block all incoming TCP connections and UDP traffic below port 1024. It won't block ICMP (ping) or UDP traffic above port 1024.

http://212.100.224.190 appears to be a Norwegian betting site - oddsnet.com, could that be a site you've visited (or site you've been to had a pop up for)?


Should it block TCP connections above 1024?

Haven't visited oddsnet. I generally block popups, so I guess I wouldn't have seen it.

I can understand ICMP, but why not block UDP to ports>1024? The documentation says all, shouldn't it mean all? (or change the documentation)
m063
Grafter
Posts: 166
Registered: 11-08-2007

Does the broadband firewall actually work?

Quote
Have you disconnected/reconnected as it does need that to activate it?


My setup is a broadband router (Linksys WRT54GL) connected to a bridged modem (Linksys ADSL2MUE). All the Plusnet logon details are in the WRT54GL. I rebooted this, but not the modem (which has only the VCI and VPI settings).

Have now recycled power on both modem and router and I'll check later.
m063
Grafter
Posts: 166
Registered: 11-08-2007

Does the broadband firewall actually work?

Quote
Have now recycled power on both modem and router and I'll check later.

Just got 10 incoming messages like this:
Quote
Feb 19 19:46:34 WRT54GL user.warn kernel: DROP IN=ppp0 OUT= MAC= SRC=212.159.14.71 DST=87.112.211.25 LEN=1492 TOS=0x00 PREC=0x60 TTL=58 ID=64559 DF PROTO=TCP SPT=80 DPT=6074 WINDOW=91 RES=0x00 ACK URGP=0

212.159.14.71 seems to be the Plusnet portal server!

Curious.
Community Veteran
Posts: 26,357
Thanks: 607
Fixes: 8
Registered: 10-04-2007

Does the broadband firewall actually work?

I'm wondering if they are very badly delayed responses - I'm sure I've seen somewhere that they can cause attempted intrusions to be logged.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Does the broadband firewall actually work?

Yep, I think the firewall is being a bit too efficient, used to see this quite a bit with delayed DNS lookups. Actually, just wondering did you receive a PM? If so you normally get a pop-up to alert you to it, wondering if it's blocking pop-ups, otherwise I'd agree with jelv about delayed responses.