idiot on broadband - lookout!

[zlim]

I just got broadband (cable) and am now starting to pay attention to all the stuff I never needed to know.I have my desktop connected to the modem by ethernet. I was intending to buy a Linksys router (WRT54G) and a pc card (WPC54G) to be able to surf anywhere in the house on my laptop.Now I read this about the router http://www.extremetech.com/article2/0,1558...2129TX1K0000532Apparently there is a work around http://seclists.org/lists/bugtraq/2004/May/0329.htmlThe problem is - I have no idea how to do port forwarding. :'( Can someone explain what I need to do in language that this newbie will comprehend? Thanks.

[Ed_P]

zlim once you get your router and sign on to it change the Admin password to something that is not easily deciphered like the brand name of the router, the model number, "password", etc. and you should be ok.According to the article you referenced the problem pertains to people who don't change the password or who change it to something easily guessed.There are other tweaks you should do like turn off broadcast of the SSID but we'll let you get set up 1st. :'( BTW Congratulations on getting broadband. You'll never go back.

[nlinecomputers]

How basic do we need to be?Forgive me if I state the obvious.Every computer on the internet has an unique IP address, your router will have such a number. The computers on the inside of your home network are blocked from direct network access and have there own private IP numbers that are not seen by the net. Computers talk to each other using ports. Ports have assigned numbers. Web access is port 80, email ports 25 and 110 and so on. All your computers are sitting behind a firewall router so that they aren't directly attached to the internet. Instead of public IP numbers you have a private IP numbers and no direct access. So if you wanted to run a web server your firewall would block access to it. You have to go into the router and tell it to forward all port 80 access to the computer's IP number that is your web server. This work around is doing the same thing except that you point it to an unused IP number. Most routers use DHCP to assign IP numbers to the local computers. So if your DHCP server is assigning a range of 192.168.0.100-150 for clients then using an IP address of 192.168.1.151 will send the hacker into a dead spot.That make it a bit more clear?

[Peachy]

Even safer would be to forward port 80 and 443 to the broadcast address, 192.168.1.255 or the network address, 192.168.1.0, since neither of those IP addresses are assigned to any hosts. :'(

[JackR]

I think there is some confusion here between the Public (WAN/Internet Side) and the private LAN side.Many Entry level cable/DSL Routers have the capacity to be configured from the WAN side.This is in case you need to configure a Router from a remote location through the Internet.If this capacity is checked the Router listens through an assigned port to the WAN side.I.e. My Router if set to be configured by port 1234, and my External IP address is 60.321.456.1. Any one in the world with internet connection can type to his browser address bar http://60.321,456,1:1234 and if they decipher the Router setting menu Password they can play around with my Router settings and hack my Network.Linksys apparently Goofed in setting of the BIOS in the WRT54G, and made it easily exposed from the outside as described in the second link of the first post.Security from the Inside is another story.Link to: Wireless Security. :'(

[lewmur]

I just got broadband (cable) and am now starting to pay attention to all the stuff I never needed to know.I have my desktop connected to the modem by ethernet. I was intending to buy a Linksys router (WRT54G) and a pc card (WPC54G) to be able to surf anywhere in the house on my laptop.Now I read this about the router http://www.extremetech.com/article2/0,1558...2129TX1K0000532Apparently there is a work around http://seclists.org/lists/bugtraq/2004/May/0329.htmlThe problem is - I have no idea how to do port forwarding.  Can someone explain what I need to do in language that this newbie will comprehend? Thanks.

The only problem is the Linksys set wan access as the default value. But smart proceedure in installing *ANY* router is to connect the LAN side ONLY, setup the router configuration (turn OFF the wan access or set a *secure* password,) and only then connect the WAN side.

[Gus K]

This site might be of some help.http://www.portforward.com/default.htm

[linuxdude32]

This site might be of some help.http://www.portforward.com/default.htm

Wow, what an excellent resource!

[zlim]

Thanks a ton Gus K! I have lots of notes on the other things that all posters have mentioned but never heard of portforwarding, yet alone how to do it. Cachinggg, another bookmark added for when I set up my wireless network.