Will A Firewall Do Me Any Good
This is a discussion on Will A Firewall Do Me Any Good within the Linux Security forums, part of the System Security and Security Related category; I have a Linksys cable router. Behind it I have a Linux and a Windows machine. Is there any point ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-15-2004
|
|||
|
|||
Will A Firewall Do Me Any Good
I have a Linksys cable router. Behind it I have a Linux and a Windows
machine. Is there any point in putting up a firewall on Linux if only port 22 is open on the router? Specifically, I want to prevent spoof attacks, but it doesn't seem like Linux, being behind the firewall, not the firewall itself, would be able to know if the local address was coming from outside or inside. Is my understanding correct? Any way to guard against spoofing with a cable router? 
|
|
12-15-2004
|
|||
|
|||
|
Re: Will A Firewall Do Me Any Good
On Tue, 14 Dec 2004 20:39:01 -0500, Buck Turgidson wrote:
> I have a Linksys cable router. Behind it I have a Linux and a Windows > machine. Is there any point in putting up a firewall on Linux if only port Heheh, I would just to protect linux from the windows box. > 22 is open on the router? Hey, the firewall log would tell you about ssh attempts could rate/burst limit for you. Counters reset Fri Dec 10 12:40:02 CST 2004 pkts bytes target prot opt in out source destination 20594 3134K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 TOS set 0x10
|
|
12-15-2004
|
|||
|
|||
|
Re: Will A Firewall Do Me Any Good
In article <5BMvd.33135$Jk5.3853@lakeread01>, Buck Turgidson wrote:
> I have a Linksys cable router. Behind it I have a Linux and a Windows > machine. Is there any point in putting up a firewall on Linux if only port > 22 is open on the router? Do you trust the router? > Specifically, I want to prevent spoof attacks, but it doesn't seem like > Linux, being behind the firewall, not the firewall itself, would be able to > know if the local address was coming from outside or inside. That depends. If the attacks aren't compromising the router, you might be able to filter based on mac address and detect spoofed packets coming from the router that way. This will work if the "router" behaves like a "switch" for your local network. If the router is compromised, then things become a lot more difficult. > Is my understanding correct? Any way to guard against spoofing with a cable > router? If you really don't trust the router, another option is to put to nics in your linux box and have the router connected to one and a switch (used for your local network) to the other and use the linux box as a firewall.
|
Linear Mode
