Re: router log by N
N
Tue Jun 08 01:16:45 CDT 2004
In article <199da01c44d09$69a67ea0$a001280a@phx.gbl>, says...
> thanks for responding Norman,
> yes ,the password is changed. do you mean xp's
> remote "assistance"? it was enabled but is disabled now.
No, I meant the router. You stated that you saw a router log entry, so my
response was entirely intended for the router operation. Most SOHO routers
allow remote administration from the Web, but should have that feature
disabled by default; you would have to go out of your way to enable it. Most
home users don't need it enabled, and should leave it disabled. I was also
referring to the router password. All ship with a default password, so that
password is well known to malicious actors who would try and crack the
router security. Therefore you should change it, and make it at least ten
characters, or the maximum length allowed if the router doesn't support as
many as ten characters. Mix up alpha, case, and numeric characters.
Because you only mentioned the router log, I never even considered your OS.
With a router between your modem and your computer, the computer is,
effectively, invisible to the Internet.
> i'm a novice which means i don't understand everything i
> know. what is the web interface? is that the
> 192.168.xxx.xxx local address? or is it the WAN address?
> i know that my browser is sending my WAN address out but
> how does one even know that my local address exists.
A router has two interfaces; one facing the Internet, which is the WAN, and
gets an IP address from the ISP, the other facing the LAN, and has a default
IP address set by the manufacturer. The LAN IP address is in one of the RFC
1918 IP address blocks reserved for private networks; usually in
192.168.0.0/16 (the "Classless Iner-Domain Routing" (CIDR) notation for the
IP address you cite). If you Google on RFC 1918, you will get an explanation
of the IP addresses reserved for private networks, as well the purpose of
reserving those IP addresses.
The only way that a remote site can determine the LAN IP address is using a
JavaScript, or a similar (ActiveX for MSIE, or Java) scripting language, in
your browser, or other Internet aware program, to make a local query on your
system. That is not the only hazard of allowing scripts to run locally, but
an example of why you need to tame local scripts in your browser. And it
isn't so much that your browser sends your WAN IP address as that the remote
computer detects it. A Web server is as good at reading the IP address of
incoming connections as a mail server; and, while I don't run a Web server,
I do run a mail server, and see those remote IP addresses connecting to my
computer. They are logged.
> i have ICMP blocked?
It is probably a good idea to block ICMP, but I don't worry about it for
myself. The worst that can be done, that I know of, is a DoS attack from
something like a "Ping of Death". While that would knock me off of the
Internet, I spend way too much time on line for my own good anyway; I'd
probably just shut down the DSL modem and router, and engage in some more
productive local activity for a couple of hours. Or go to bed! ;)
> thanks for helping, stevo111 at muchomail.com
The thing to keep in mind is that your router is, technically, a computer.
Think of the router as like a computer with ICS, but no other applications
except ICS. While that is a gross over-simplification, it should help to
understand your security. The router's refusal to accept unsolicited packets
is nearly as good protection as a firewall; but it isn't a firewall. It is
good enough, though, to keep 'Blaster', 'Sasser', and those annoying Windows
popups (on the WinNT kernel systems) at bay.
--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint