Results 1 to 9 of 9

Thread: Oldsod :Securing the router

  1. #1
    Charles_B Guest

    Default Oldsod :Securing the router

    Guru Oldsod, I read your thread : Firewall

    http://forums.zonealarm.org/zonelabs...essage.id=5423

    I'm not doing Internet Connection Sharing.Just one computer using D-Link DI-604 router, using ZASS 7.0.483.Disaable the UPnP and the Reply to Pings already setup on router.

    Would this still applied under this setup.Lock in the assigned IP and the gateway IP in the Properties of the network device in windows and then disable the dhcp and dns client services in windows.

    Please advice for appropriate setup.




    XP SP3
    ZAFF Version 1.2.144.0
    ZoneAlarm Security Suite version:7.0.483.000
    TrueVector version:7.0.483.000
    Driver version:7.0.483.000
    Anti-virus engine version:3
    Anti-virus SDK version:5.0.1.85
    Anti-virus signature DAT file version:978717879
    Anti-spyware engine version:5.0.189.0
    Anti-spyware signature DAT file version:01.200902.5375
    AntiSpam version:5.0.6.8903

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Guru Oldsod :Securing the router

    Yes it does help - some malware can not change your default dhcp and dns server as easily.
    Some malware will attempt to changes these servers (special concerns for the dns changer malware) but these will first need to attempt to re-enable the dhcp and dns client services befre making any changes.
    There are specifc 'leak tests' involving the dns attacks where the malware must first start the dns client services to be able to change the usual dns servers. (but not all malware does this and can fail in their attempts).
    (the change by the malware to the dns client services should be alerted by the ZA so there is additional security added to this).

    But in addition to the previous advice, the router itself must be locked in for the computer's IP and MAC.
    This gives a permanent IP lease and no further changes to the assigned IP given to the computer.
    Thus there is a minor benefit of slightly less traffic of certain kinds on the local area network as both computer and router and locked in to each other at all times.

    Also by disabling the dns client services, it now forces the supported internet capable programs to do their own dns lookups, instead of using the windows to do the dns lookups (svchost.exe). Thus there is another benefit - less direct internet connections by the windows when browsing or updating and so forth. A little less use of the bandwidth and a little more security.

    Also the MAC and IP of the router can be locked in the ZA's expert rules:

    http://forum.zonelabs.org/zonelabs/b...d=92624#M52448

    http://forum.zonelabs.org/zonelabs/b...ssage.id=52286


    In addition to disabling the UPnP and the Reply to Pings in the router, change the default password and login account name for the router to something more secure.
    Not only have there been UPnP attacks designed especially for the router but there is malware designed to use the router's default passwords and logins to enter the router and then change it's correct dns servers (applies only if the router is the computer's dns server) to dns servers that are serving up malware. (this attacks was based on malicious javascripts obtained through the browser when browsing the web).


    Oldsod.
    Best regards.
    oldsod

  3. #3
    Charles_B Guest

    Default Re: Guru Oldsod :Securing the router

    Thanks for quick reply.

    I type ipconfig /all and it shows Physical Address and shows router MAC address so that is ok.Disabling the UPnP and the Reply to Pings in the router was already set on the router.

    Now to disable the dhcp and dns client services in windows do I go to Control Panel\Performance and Maintenance\Administrator Tools\Services and disable both the DHCP Client and the DNS Client by going to Properties and change Startup type to Disable,click Stop and OK for both Clients.

    Is this correct Oldsod

  4. #4
    Charles_B Guest

    Default Re: Guru Oldsod :Securing the router

    Forgot to mention I Stealth port 113, IDENT on router when I got DI-604 in 2003.Enter password for router then.Two years ago updated firmware on router.

  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Guru Oldsod :Securing the router

    Yes correct and before doing this, in the properties of the network connection (adapter or local area connection) set the correct dhcp and dns and assigned IP into the properties of the Internet Protocol (tcp/ip).





    Then after disabling the two services, then immediately reboot to fully disable the two services.

    Port 113 is usually left alone by many router vendors - it is needed for VPN and often some P2P programs. The VPN use is probably the reason why they leave the port closed but not stealth - the port has to be visible and be able to respond to the incoming VPN connections.
    (no vpn on the computer and no forwarded port 113 in the router and no vpn setup or arranged on the router itself means the connections to port 113 will get dropped. Port 113 is IDENT or identification port to establish the very beginning of the VPN connections).

    A closed port of the router is okay - it just means the port is seen and get more dropped connection attempts but is still safe as the connections are still dropped by the router.
    It may add more entries to the router logs showing dropped connections but is still safe.

    But I still stealth the router ports of my routers anyways even if there is no risk (and use two routers both providing dhcp/nat/spi and a bridging firewall which also provides stealth/closed ports and spi).

    Oldsod.

    Message Edited by Oldsod on 02-22-2009 04:30 PM
    Best regards.
    oldsod

  6. #6
    Charles_B Guest

    Default Re: Guru Oldsod :Securing the router

    Set the correct dhcp and dns and assigned IP into the properties of the Internet Protocol (tcp/ip).Under General Tab.Do I get

    * Use the following IP address from my own ipconfig /all addresses.

    * Under Use the following DNS server addresses :

    Can we use free public dns server for personal and business use other than the one in ipconfig /all

    OpenDNS Free DNS Server IP address

    => 208.67.222.222
    => 208.67.220.220

  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Guru Oldsod :Securing the router

    Yes you can use opendns.com for the dns servers instead of using your own's provider dns server(s). Just reboot after changing your dns servers and be prepared to enter the new opendns servers into the zones as Trusted.

    resolver1.opendns.com = 208.67.222.222
    resolver2.opendns.com = 208.67.220.220

    Assuming your router is not the dns server for your computer - or else you will need to change the usual dns server(s) to the new opendns servers.

    Optional: open an account with the opendns and use their blocking features to block unwanted ( no domain name lookup for unwanted sites is basically a completely blocked site).
    Blocks sites such as ads, not family friendly sites, some malware sites, social sites and so forth.
    Opendns does have merit.

    Oldsod.
    Best regards.
    oldsod

  8. #8
    Charles_B Guest

    Default Re: Guru Oldsod :Securing the router

    Thank you for your help for the optiminum security setttings.Have a nice evening.

  9. #9
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Guru Oldsod :Securing the router

    Charles_B, thank you. Have a great week!
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Securing yourself & your computer
    By sweetypie in forum Off-Topic
    Replies: 0
    Last Post: October 18th, 2007, 11:50 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •