cancel
Showing results for 
Search instead for 
Did you mean: 

Router Firewall picking up a lot of issues

the_groundsman
Rising Star
Posts: 488
Thanks: 24
Fixes: 2
Registered: ‎12-08-2007

Router Firewall picking up a lot of issues

I had problems with my Belkin Router constantly dropping connection but an update of the firmware means that - other during appalling weather - the connection has been pretty good. Since then I have noticed that the firewall is picking up all manner of intrusions and PORT SCANNER ATTACKS . When I look up the IP addresses they are in France, Australia and a host of other nations of the world. There are also a mixed bag of source ports and destination ports.
I'm relieved that these are now being picked up by the firewall  on the router ( but worried that in the past this hasn't been happening).
I have zone alarm on my PC but there are a number of other machines and devices connected to the router so this could be an issue with them. They don't have anything other than windows firewall on the PCs
My plus-net firewall is on (low because i need VPN to connect to work).
Should I be worried and is there anything I can do to investigate this further?
How can I investigate the ports that are listed?

24 REPLIES 24
HairyMcbiker
All Star
Posts: 6,792
Thanks: 266
Fixes: 21
Registered: ‎16-02-2009

Re: Router Firewall picking up a lot of issues

Post scans are unfortunately  way of life now on the net. Script kiddies/worms/your isp all do it, as long as you only have the ports open on your firewall that you need (and the s/w behind it up to date) then there is no issue. If you are worried then have a look at the shieldsup web site, let it scan your network and tell you if there is anything to worry about.
All it means is someone is looking for a way into your network, and the only way in is through an open port on your firewall (if you have one that is). WRT it not being reported before maybe the update added this "feature".
More attacks come from internal to a network than from outside, a compromised website, a virus in a program run from a cd/usb stick/<i>floppy disk</i>.
VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: Router Firewall picking up a lot of issues

Even if you have all ports open, it won't get through because of NAT.
Even if it gets past that, you have to be running a server on that port in order to respond to it.
So port scans are pretty innocuous - although Windows likes to run a few servers that can get
hacked by this kind of activity.

"In The Beginning Was The Word, And The Word Was Aardvark."

ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Router Firewall picking up a lot of issues

Some things that used to be necessary precautions are not necessary any more.  You used to have to use a software firewall on your PC (like ZoneAlarm) but since Microsoft brought out Service Pack 2 for Windows XP that really has not been necessary as the Windows firewall is perfectly adequate.  Also, most people used to use modems to access the internet but now most people use routers which have a built-in firewall anyway.  So you should be pretty safe in this respect, unless you turn these firewalls off.
Most modern attempts to hack your computer rely on security holes in the software on your computer, particularly out-of-date software when you have not kept up to date with the latest Microsoft updates, updated your web browser to the latest version etc etc.  Or they try to trick you into installing malicious software yourself, on the pretext that it will give you some benefit.     
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Router Firewall picking up a lot of issues

I would never recommend relying on the Windows XP firewall as it does not block outbound connections.
http://www.helium.com/items/1424052-is-the-windows-xp-firewall-enough-to-to-the-job
I would always recommend a third part firewall and this test is a good starting point http://www.matousec.com/projects/proactive-security-challenge/results.php
Note that there are three excellent free firewalls
Comodo Internet Security
Outpost Firewall Free 2009
Online Armor Personal Firewall 3.5.0.14
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Router Firewall picking up a lot of issues

Oldjim, I completely disagree with you.
There are two reasons why someone might want to block outbound internet connections:
1)  They want to know when their computer has caught malware and some unidentified program starts attempting outbound connections.
2)  They are a control freak.
In either case the the outbound firewall will alert you with a query as to whether such-and-such a program/process can access the internet.  You are unlikely to be given any clues about what this program is supposed to do, just the name of the application.  If you are a computer expert you stop what you are doing and spend the next 15 minutes researching what is going on.  If you are a typical computer user you just authorize the program to access the internet because you haven't a clue about what is going on.
So the typical computer user derives no benefit from the outbound firewall.  The more expert computer user may derive some benefit but at a the cost of a lot of their time.  This time might be better spent in tightening their computer security so they don't get the malware in the first place.  Only the control freak wins.       
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Router Firewall picking up a lot of issues

I think I understand your position even though I don't agree with it.
As far as I am concerned relying on a single line of defence (your anti virus) to fully protect you is bad practice and all the systems I have set up have used an integrated security package which doesn't throw up loads of alarms but just gets on with the job. It is only if you put it in full interactive mode that you get many or indeed any popups asking for a decision.
For example I set up a complete novice with Kaspersky Internet Security (currently version 2009) set in automatic mode and it does everything silently because it has an extensive list of known good applications and it automatically stops any others and she has had no problems at all.
just to add - this is from Microsoft describing the Vista Firewall http://www.microsoft.com/windows/windows-vista/features/firewall.aspx
Quote
More advanced than the Windows Firewall in previous versions of Windows, the firewall in Windows Vista helps protect you by restricting other operating system resources if they behave in unexpected ways-a common indicator of the presence of malware. For example, if a component of Windows that is designed to send network messages over a given port on your PC tries to send messages by way of a different port due to an attack, Windows Firewall can prevent that message from leaving your computer, thereby preventing the malware from spreading to other users.
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Router Firewall picking up a lot of issues

I'm a big fan of Kaspersky, I use their Antivirus product on my two work computers but this is a deliberate choice over their Internet Security package.  You only have to look at http://community.plus.net/forum/index.php/topic,77753.0.html to see what happens when the Kaspersky firewall goes wrong and blocks network connectivity.  Okay, maybe it had been accidentally set to function wrongly but I have never seen this type of problem with the Windows firewall.  With other software firewalls it is all too common.  Sometimes these products even take it upon themselves to block internet access completely, and what could be more secure than that?
I also doubt that having Kaspersky Antivirus leaves me less protected than having Kaspersky Internet Security.  If the security software spots that a program is malicious then it will quarantine it.  If the software misses a malicious program then what reason does it have for not allowing it outbound internet access?
I concede that the Vista firewall may be a little stronger than the XP firewall but:
1) Viruses that subvert Windows programs are in the minority so most of the time this extra strength won't help
2) The benefit of this extra strength is to protect others from your infected computer, not to protect you.
the_groundsman
Rising Star
Posts: 488
Thanks: 24
Fixes: 2
Registered: ‎12-08-2007

Re: Router Firewall picking up a lot of issues

Thanks for the advice.
Interesting debate on TP firewalls. I've used Zonealarm's free product for a while and have found it quite unobtrusive after the initial training period. I
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Router Firewall picking up a lot of issues

Except, presumably, for that time in 2008 when a clash with a Microsoft update blocked internet access for Zonealarm users?
Groundsman, how did you decide which programs should be granted internet access and which should not during the initial training period?  What would you do now if a program you did not recognize popped-up asking for internet access?     
adie:quote
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Router Firewall picking up a lot of issues

any sensible person would check to find out.
I have had some recently that Zonealarm blocked without asking me, they told me quickly, it is a convoluted exercise to get them released as a friend
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Router Firewall picking up a lot of issues

Quote from: pierre_pierre
any sensible person would check to find out....

No, any sensible computer expert like you or I would check to find out.  The typical computer user does not have the time, expertise or computer self-confidence to do this.
So you or I would spend, say, an average of 15 minutes per event checking out what is going on.  The end result would be either that we conclude the program is benign or we conclude our other security software has failed to spot a piece of computer malware.  I have better things to do with my time, not least making sure my computer security is good enough to stop malware getting onto my computer in the first place.     
the_groundsman
Rising Star
Posts: 488
Thanks: 24
Fixes: 2
Registered: ‎12-08-2007

Re: Router Firewall picking up a lot of issues

I agree with Pierre anyone with an ounce of common sense would do a check via google which takes next to no time. I'm pretty confident with my "denial" and "acceptance" decisions.
In terms of my expertise level -  I'm not a total novice but I'm not an expert either.
Everyone will have a different view - the trick is to make an informed decision based on your individual needs I think.
With Free software you have to expect the odd hiccough so I forgave Zonealarm for the 2008 incident you mentioned. Their forums gave me confidence that they were working on a solution and a work around was immediately available. Some like AVG were less good about sorting out their problems so I moved on to another AV solution (Avast) if that gave me headache I might even pay for Kaspersky 
Sounds like your on a crusade RR; you obviously feel strongly about this.
VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: Router Firewall picking up a lot of issues

Quote from: pierre_pierre
any sensible person would check to find out.

Any sensible person would wonder why each PC needed to run anti-virus software at all.
It's shutting the stable door after the horse has bolted.
If you suspect that you PC is infected, you don't just slap a patch on to try and limit the effects of the virus.

"In The Beginning Was The Word, And The Word Was Aardvark."

pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Router Firewall picking up a lot of issues

precisely why let rubbish that you have on your machine escape to harm other people, if you dont know what it is trying to get out ask.
its bad enough on my Zonealarm stopping routine programs, and then having to release them, but RR seems to be saying you should not have to check just let it stop all