From: Digest <deadmail>
To: "OS/2GenAu Digest"<deadmail>
Date: Mon, 5 Feb 2007 00:01:01 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600
Subject: [os2genau_digest] No. 1433
Reply-To: <deadmail>
X-List-Unsubscribe: www.os2site.com/list/

**************************************************
Sunday 04 February 2007
 Number  1433
**************************************************

Subjects for today
 
1  Re:  Firewalls : BruceD <os2box at niclan.homeip dot net>
2  Re:  Firewalls : Kev <kdownes at tpg dot com dot au>
3  Re:  Firewalls - Clarification : Ian Manners" <deadmail>
4  Re:  Firewalls : Ed Durrant <edurrant at bigpond dot net dot au>
5  Re:  Firewalls : Ed Durrant <edurrant at bigpond dot net dot au>
6  Re:  Firewalls : Voytek Eymont" <voytek at sbt dot net dot au>
7  Re:  Firewalls : Leigh Bunting <vh_gdn at internode.on dot net>
8  Re:  Firewalls : Ian Manners" <deadmail>

**= Email   1 ==========================**

Date:  Sat, 03 Feb 2007 22:44:08 +0900
From:  BruceD <os2box at niclan.homeip dot net>
Subject:  Re:  Firewalls

Alan Duval wrote:
> Hi,
>
> Thanks to everyone who responded to my query about firewalls. I've 
> found that the Billion 5100 router does have a firewall incorporated. 
> Hence I'll not worry any further.
>
> Cheers,
>
> Alan Duval
I am sure you are incorrect in thinking that the Billion 5100 has a 
firewall. It does not have a firewall. I used to own a 5100 it had no 
firewall, nor will it ever.

----------------------------------------------------------------------------------
 

**= Email   2 ==========================**

Date:  Sat, 03 Feb 2007 23:54:08 +0900
From:  Kev <kdownes at tpg dot com dot au>
Subject:  Re:  Firewalls


BruceD wrote:
> Alan Duval wrote:
>> Hi,
>>
>> Thanks to everyone who responded to my query about firewalls. I've 
>> found that the Billion 5100 router does have a firewall incorporated. 
>> Hence I'll not worry any further.
>>
>> Cheers,
>>
>> Alan Duval
> I am sure you are incorrect in thinking that the Billion 5100 has a 
> firewall. It does not have a firewall. I used to own a 5100 it had no 
> firewall, nor will it ever.

Actually Bruce I think that you may be mistaken.  Look at the heading on 
p9 of the manual.  It says, "Configuring Your ADSL Firewall Router".  On 
the face of it I'd guess there's a firewall in there somewhere. 
Certainly it was sold to me as having a firewall.

Cheers
Kev

-- 
=========================
Kev Downes
kdownes at tpg dot com dot au  ph 0404 7 0808 2
We use and recommend Xandros 4.1
=========================
There are 10 types of people ...
    ... those who understand binary, and those who don't!
=========================
"Jesus Christ is the centre of everything and the object of everything;
He who does not know him, knows nothing of the order of the world
and nothing of himself."             Blaise Pascal
=========================
----------------------------------------------------------------------------------
 

**= Email   3 ==========================**

Date:  Sun, 04 Feb 2007 02:36:12 +1100 (EDT)
From:  "Ian Manners" <deadmail>
Subject:  Re:  Firewalls - Clarification

Hi Everyone

I think you need to keep in mind what some people call "Firewalls"
for marketing purposes. I cant speak for the products mentioned
but from the Netcomm's and others I've seen, what they call a
firewall is no more than a NAT engine.

I can state that a Cisco ADSL Router has I would call a basic firewall :-)
And that can do a lot more than other, cheaper ADSL modem/routers
but note that there is a big price difference.

InJoy firewall v3 is what I would call an intermediate firewall but
it would be overkill for your average home user who has no
intention of hosting servers and/or a dedicated IP(s) with VPN's
etc.

A lot of people of knowledge in the subject define a firewall as
something that can give you fine control of a packet, ie 
"Packet Inspection" and similar functions, as well as the capability
of being able to control a packets in relation to rules that you
can build up. I havent seen a cheapish ADSL Router that can
do that, doesnt mean there not out there, maybe, and keep in
mind I havent had much to do with ADSL routers produced in
the past 12 to 18 months.

One Netcomm, think it was the NB5 will allow you to "disallow"
IP's, and control if an internal IP/IP Range has access to certain
ports to the outside world but this isnt even what I personally
would call a firewall. The firewall function that comes with the
OS/2  TCP/IP 32bit stack will give a lot more control than your
general ADSL Modem/Router but you need to learn the basics
and do a bit of reading.

For your average OS/2 box on the internet, I wouldnt worry
about a firewall unless your on a dedicated IP. If you have
windows boxes I would use a minimum of NAT, and drop
all data on the ports 135 to 445 both in and out, as well as
disallow any Netbios over TCP/IP access outside your
local network.

Cheers
Ian Manners
Tech Fossil (Often  called a Dinosaur) - ancient animal that gets things done
http://www.os2site dot com/


Wouldya do it for a Scooby Snack?
----------------------------------------------------------------------------------
 

**= Email   4 ==========================**

Date:  Sun, 04 Feb 2007 09:10:15 +1100
From:  Ed Durrant <edurrant at bigpond dot net dot au>
Subject:  Re:  Firewalls

BruceD wrote:
> Alan Duval wrote:
>> Hi,
>>
>> Thanks to everyone who responded to my query about firewalls. I've 
>> found that the Billion 5100 router does have a firewall incorporated. 
>> Hence I'll not worry any further.
>>
>> Cheers,
>>
>> Alan Duval
> I am sure you are incorrect in thinking that the Billion 5100 has a 
> firewall. It does not have a firewall. I used to own a 5100 it had no 
> firewall, nor will it ever.
>
 
>
> 

>
Well Billion thinks it has !!

http://www.billion dot com/product/adsl/bipac5100.php

Cheers/2

Ed.
----------------------------------------------------------------------------------
 

**= Email   5 ==========================**

Date:  Sun, 04 Feb 2007 09:34:21 +1100
From:  Ed Durrant <edurrant at bigpond dot net dot au>
Subject:  Re:  Firewalls

Ed Durrant wrote:
> BruceD wrote:
>> Alan Duval wrote:
>>> Hi,
>>>
>>> Thanks to everyone who responded to my query about firewalls. I've 
>>> found that the Billion 5100 router does have a firewall 
>>> incorporated. Hence I'll not worry any further.
>>>
>>> Cheers,
>>>
>>> Alan Duval
>> I am sure you are incorrect in thinking that the Billion 5100 has a 
>> firewall. It does not have a firewall. I used to own a 5100 it had no 
>> firewall, nor will it ever.
>>
> 
>>
>> 
>
>>
> Well Billion thinks it has !!
>
> http://www.billion dot com/product/adsl/bipac5100.php
>
> Cheers/2
>
> Ed.
 
>
> 

>
Having read a bit more - this is a VERY BASIC firewall, relies on 
NATTing and packet filtering only, so an additional software firewall 
may be a good idea.

By the way "Zampa" is the tool to configure the OS/2 TCP/IP stack to be 
a firewall - you can get it from Hobbes - here:

http://hobbes.nmsu.edu/pub/os2/apps/internet/util/zampa10b.zip

Cheers/2

Ed.
----------------------------------------------------------------------------------
 

**= Email   6 ==========================**

Date:  Sun, 4 Feb 2007 11:05:47 +1100 (EST)
From:  "Voytek Eymont" <voytek at sbt dot net dot au>
Subject:  Re:  Firewalls


<quote who="Ed Durrant">
> Ed Durrant wrote:
>
>> BruceD wrote:
>>
>>> Alan Duval wrote:

> Having read a bit more - this is a VERY BASIC firewall, relies on
> NATTing and packet filtering only, so an additional software firewall
> may be a good idea.

and don't forget anti virus software




-- 
Voytek

----------------------------------------------------------------------------------
 
**= Email   7 ==========================**

Date:  Sun, 04 Feb 2007 17:23:06 +1030
From:  Leigh Bunting <vh_gdn at internode.on dot net>
Subject:  Re:  Firewalls

Hi All,

The iconnect 624 router I use uses  as its firewall , "stateful packet 
inspection", which according to one site  is:

*Stateful packet inspection:* An important security feature, SPI digs 
deep into the packets used to encapsulate data traversing the network. 
The result: A firewall can do more than simply prohibit packets from a 
specific source and take action based on the content or behavior of 
packets. For instance, an SPI firewall can tell if an incoming packet 
was unsolicited (and therefore, unwanted) or if it arrived in response 
to a request from the local network (in which case it would be allowed 
through).

But, taking out all the technojargon, is it any good?

Cheers,

Leigh Bunting
Colonel Light Gardens
South Australia
<Open Windows and let the bugs in>


----------------------------------------------------------------------------------
 
**= Email   8 ==========================**

Date:  Sun, 04 Feb 2007 18:18:03 +1100 (EDT)
From:  "Ian Manners" <deadmail>
Subject:  Re:  Firewalls

Hi Leigh

>The iconnect 624 router I use uses  as its firewall , "stateful packet 
>inspection", which according to one site  is:

ie, can check packet header information.

>*Stateful packet inspection:* An important security feature, SPI digs 
>deep into the packets used to encapsulate data traversing the network. 
>The result: A firewall can do more than simply prohibit packets from a 
>specific source and take action based on the content or behavior of 
>packets. For instance, an SPI firewall can tell if an incoming packet 
>was unsolicited (and therefore, unwanted) or if it arrived in response 
>to a request from the local network (in which case it would be allowed 
>through).

I've always liked that word "Stateful", sounds good doesnt it ;-)

Sounds like it simply checks to see if the packet is ACK'ed, ie, a
'return' packet, NAT does that so it can push the incoming packet to
its right destination. ie, Still sounds like marketing talk to me. I think
a lot of modern hardware players are using Microsoft as a marketing
model these days.

>But, taking out all the technojargon, is it any good?

It's still good, ie, does the job and probably does it well for a simple
home based network, so if your not wanting to host any internet
based services at home on a windows machine, I'd say it would
be all you would need.

If you want something like full ADSL 2+ however, a lot of the
earlier ADSL 2+ Modem/routers cant handle the speed to well
so check out places like http://whirlpool dot net dot au/ and the router
/hardware section.

Hardware companies are misusing the term "Firewall" to include
"NAT', and NAT is a different beast to a Firewall.

Cheers
Ian Manners
Tech Fossil (Often  called a Dinosaur) - ancient animal that gets things done
http://www.os2site dot com/


Emptiness is filling me
----------------------------------------------------------------------------------
 

