Is NAT with ADSL modem router enough or...

[Marsha]

I have a Netcomm ADSL modem router with NAT and was told I don't
really need a firewall any more. Both I and the other networked comp
used free Zone Alarm previously.

We stopped running Zone Alarm. My brother's machine collected the
download.exe trojan, though he barely uses the Internet. I'm still
struggling with getting rid of it's after-effects.

So I have lost fairh in the NAT and Norton (which he had running) for
sole protection. And yes, we do practice 'safe hex' as I heard it
called.

So what's the opinion here? Another firewall as well as NAT?

 

[Geese_Hunter]

I have a Netcomm ADSL modem router with NAT and was told I don't
really need a firewall any more. Both I and the other networked comp
used free Zone Alarm previously.

We stopped running Zone Alarm. My brother's machine collected the
download.exe trojan, though he barely uses the Internet. I'm still
struggling with getting rid of it's after-effects.

So I have lost fairh in the NAT and Norton (which he had running) for
sole protection. And yes, we do practice 'safe hex' as I heard it
called.

So what's the opinion here? Another firewall as well as NAT?

The post probably should have gone into the comp.security.firewalls
group. But the answer is YES you should continue to run ZAP. Having a
hardware & software firewall is a great idea. To prove it go to this
site before you install ZAP to see what your routers firewall is letting
through. http://grc.com/x/ne.dll?rh1dkyd2

 

[Beauregard T. Shagnasty]

Quoth the raven named Geese_Hunter:

To prove it go to this site before you install ZAP to see what your
routers firewall is letting through.
http://grc.com/x/ne.dll?rh1dkyd2

Good idea, but this will still not show what your computer is allowing
*out*. With a router [excellent idea] the main purpose of a software
firewall is to inform you of unwanted /outbound/ transmission.
Spyware, trojans you let in, and so forth.

 

[FromTheRafters]

I have a Netcomm ADSL modem router with NAT and was told I don't
really need a firewall any more.

Well, you may have been misinformed. Without getting into the
"need" versus "want" of a firewall, I think it was Harry Houdini
that first pointed out that a safe was designed to keep intruders
out - not to keep them in. Most people like to have a personal
firewall to help keep a check on what is trying to get out. Neither
is *really* any good if you invite the malware into your computer,
but the personal firewall can bring some underhanded activities to
your attention.

My brother's machine collected the download.exe trojan, though
he barely uses the Internet. I'm still struggling with getting rid of it's
after-effects.
[snip]

And yes, we do practice 'safe hex' as I heard it called.
Hmmm.

So what's the opinion here? Another firewall as well as NAT?

Yes, it might help prevent some of the new malware damage
incurred while practicing your version of "safe hex".

 

[brushes]

I am using a NAT router here, each of the 5 machines also has the XP
firewall enabled as well as Zone Alarm, AVG, spybot,spyware blaster.

Overkill? No, not compared to losing my data! I don't regard any one piece
of hardware/software as sufficient protection, as the man said, "trust in
God, but tie up your camel first"

One other useful safe practice is to run your file and print sharing over
IPX and disable file and print sharing in tcp/ip

B

 

[optikl]

I have a Netcomm ADSL modem router with NAT and was told I don't
really need a firewall any more. Both I and the other networked comp
used free Zone Alarm previously.

We stopped running Zone Alarm. My brother's machine collected the
download.exe trojan, though he barely uses the Internet. I'm still
struggling with getting rid of it's after-effects.

So I have lost fairh in the NAT and Norton (which he had running) for
sole protection. And yes, we do practice 'safe hex' as I heard it
called.

So what's the opinion here? Another firewall as well as NAT?

I don't wish to sound argumentative, but if you truly practice safe hex,
then something broke down. Having ZA installed might not have kept
download.exe from being installed.

 

[Marsha]

I don't wish to sound argumentative, but if you truly practice safe hex,
then something broke down. Having ZA installed might not have kept
download.exe from being installed.

You're right, my brother I can't vouch for, except that he's burnt
his finger once before on a dialler which cost him some money, but
he's hardly on the net. However our sister did use his comp a few
times to browse , and I suspect she was the culprit.

I have now got spybot, and spyware blaster on our machines as well
as Avast and abour to re-install Zone Alarm.

I'm having probs re-establishing networking between our comps though.

Wow - it feels like war, as if you have to barricade yourself from
wild marauders. Afraid to click on attachments even from friends,
afrain to surf even.

It's turning into risky business with a lot of self-educating to be
done. (^.^)

Cheers,
Marsha

 

[optikl]

You're right, my brother I can't vouch for, except that he's burnt
his finger once before on a dialler which cost him some money, but
he's hardly on the net. However our sister did use his comp a few
times to browse , and I suspect she was the culprit.

I have now got spybot, and spyware blaster on our machines as well
as Avast and abour to re-install Zone Alarm.

I'm having probs re-establishing networking between our comps though.

That maybe because when you uninstalled ZA, all of its files didn't go
away. I'd suggest doing a google on "uninstalling zone alarm". IIRC,
when I last tried ZA, I had to manually remove 2 or 3 files, before I
could install my preferred FW product. Or it could be that Trojan hosed
some of your TCP/IP network settings. Can you connect to the Internet
from each machine? Which OS for each machine?

 

[Marsha]

That maybe because when you uninstalled ZA, all of its files didn't go
away. I'd suggest doing a google on "uninstalling zone alarm". IIRC,
when I last tried ZA, I had to manually remove 2 or 3 files, before I
could install my preferred FW product. Or it could be that Trojan hosed
some of your TCP/IP network settings. Can you connect to the Internet
from each machine? Which OS for each machine?

Zone alarm was uninstalled when I got the ADSL modem router and
networking worked fine till after I cleaned the download trojan from
my bro's comp..

My system is XP Home with SP1 with the ADSL and I can connect to the
net, but my bro has XP pro and can not, since I haven't managed to
restore networking on his machine.

I've spent hours today gathering info on networking probs and
solutions. Tomorrow I'll try to see if any of them work.

What, with scouting for solutions and installing the various cleaners
for the troj for the last few days and now for networking, my brain
is totally scrambled.

Talk about crash courses!

Thanks for the rep.

Marsha

 

[Geese_Hunter]

Zone alarm was uninstalled when I got the ADSL modem router and
networking worked fine till after I cleaned the download trojan from
my bro's comp..

My system is XP Home with SP1 with the ADSL and I can connect to the
net, but my bro has XP pro and can not, since I haven't managed to
restore networking on his machine.

I've spent hours today gathering info on networking probs and
solutions. Tomorrow I'll try to see if any of them work.

What, with scouting for solutions and installing the various cleaners
for the troj for the last few days and now for networking, my brain
is totally scrambled.

Talk about crash courses!

Thanks for the rep.

Marsha

Can you network to/from his pc from/to yours?
If not it could be a damaged winsock from the trojan. Try this link if
you still experience problems after your other items.
http://cexx.org/lspfix.htm

It worked for me on a pc that I worked on, after removing a few virus's,
trojans, mal-ware & spyware.

 

[Duane Arnold]

"> Good idea, but this will still not show what your computer is allowing

*out*. With a router [excellent idea] the main purpose of a software
firewall is to inform you of unwanted /outbound/ transmission.
Spyware, trojans you let in, and so forth.

Although I agree with you on the general principle on the use of a host
based FW on the machine, one should not depend upon a host based FW with
application control as the determining factor about outbound connections by
Trojans or spyware that can defeat this.

An example of this is on a machine reboot where a Trojan or spyware can
start and do it's thing before an application such as FW on the machine can
start to stop it.

One may want to use something like Active Ports and place a short-cut in the
Startup-up folder so that one can get a clear picture of the inbound and
outbound connections that are being made. Usually, if something out of the
norm is happening, something like Active Ports kind of holds on to
connections for a short period of time in the display, even though the
communications has been completed by a program.

Also, by using a log viewer for the router or going to the router logs by
using the router admin feature to view the logs, one can also see the
inbound and outbound traffic to and from the router, to determine if
something is out of the norm.

The bottom line is one shouldn't depend upon a host based FW as the only
determination factor as to what is happening on the machine with connections
on the LAN or WAN.

Duane

 

[Beauregard T. Shagnasty]

Quoth the raven named Duane Arnold:

You trimmed the attribute; good thing I remembered what I wrote four

"> Good idea, but this will still not show what your computer is allowing

*out*. With a router [excellent idea] the main purpose of a software
firewall is to inform you of unwanted /outbound/ transmission.
Spyware, trojans you let in, and so forth.

Although I agree with you on the general principle on the use of a host
based FW on the machine, one should not depend upon a host based FW with
application control as the determining factor about outbound connections by
Trojans or spyware that can defeat this.

Of course your statement is true. One should not depend on any single
piece of software (or hardware) to protect the computer. I was
answering the question about the usefulness of a software firewall.
because Marsha said she stopped running ZoneAlarm. There are lots of
other things to consider as well.
....
Practice safe hex.