Norton Crazy?

[Blackhawk3D]

I have my computers jury rigged to share an internet connection from my speedstream 5100B Modem/1 Port one IP router by putting them on the same subnet as the modem (One is DHCP for ease, I change the linux distro kind of frequently as I am still experimenting and just having fun). As far as I know, the computers on the 192.168.0.3x are completely invisible to the outside world. Now. I had norton turned off because of this, and also to save CPU power. Norton all of a sudden just popped up it's little warnings incessently, not even a minute break between them, so I just turned the firewall back on (Norton must assume every computer user is dumb) for now. I have gotten a couple of norton security alerts, one high saying that there was an attempt to access my computer. Now, if the computer is completely stealth/firewalled by the method it is connected, and the other computer turned off, how is this possible, or is it? Is norton just acting up?

 

[riser]

First, get rid of Norton.

If you're using a switch to connect all your computers to the modem, Norton might be detecting the DHCP server on your ISP trying to find an available computer.. but normally DHCP only replies to requests.

Chances are, a program is probably doing a network scan on your IP address, or just pinging/quering/accessing x.x.x.1, 2, 3, 4, 5... until it finds something.

Port scans happen all the time.. it's common on broadband. If you're using ICS, it shouldn't be able to get to you. But from what you're explaining you're probably using a switch and not a router - meaning other computers are available to the outside network and open for attacks and such.

 

[Blackhawk3D]

What other computers? The only other computer is running Linux, and isn't on all the time. Are you saying it is possible for someone to get behind my modem and to my computers?

 

[riser]

How many computers do you have running?

If you have anything turned on that has an internet connection, it's available to the outside world aside from whatever is protecting it.

If it's turned off, no one can get to it. If it requires another computer to be on to get to the internet and that computer is off, it's safe. If it's on, it might not be so safe.

 

[Blackhawk3D]

This is how it is hooked up, both computers connect to the switch, which connects to the speedstream modem/router:

Q: How to use the standard 5100B as a simple router (#11077)

A:

For those that want a cheap, easy way to share their SBC DSL with multiple computers, the 5100B CAN be used as a simple router. As the screenshot above shows, the modem is listed as a single device router, meaning that it will only allow one connection. This actually only applies to how many WAN IPs it will pass thru.

To get around this limitation, simply hard code the LAN IPs of the different PCs into the same IP range as the modem. 192.168.0.x, subnet mask 255.255.255.0 and the gateway of 192.168.0.1. Assign the DNS entries appropriate for the area you reside.

Now, just put a switch or hub in and woila!, you now have a very simple NAT router, and can share that DSL. Keep in mind, there are zero advanced features, so if you need those, invest in a dedicated DSL router, however this setup should be sufficient for many who just want to share the DSL and don't want to spend a lot of money to do so.

EDIT--This will also help eliminate the annoying connection drops that happens with WinXP SP2!

Originally contributed by kmac1 See Profile at »How to use the 5100B as a router

Added 12-16-2004: The "visibility" of the LAN-side when using this unit as a simple router was investigated in »5100b subtlety :

OK, I tested it and here are my results.

Using the private default IP address of 192.168.1.64 the 5100b doles out via DHCP is totally exposed.Having the 5100b pass the public Internet address results in an identical exposure. Akin to being on a DMZ.

Hardcoding a fixed IP address in the downstream router (or PC) per the "Poor Mans Router 5100b" FAQ (eg. IP=192.168.0.2, Mask=255.255.255.0, DG=192.168.0.1, DNS=192.168.0.1) is NATed and totally Stealth (per Steve Gibson's Shields Up at www.grc.com).

I see no way to (un)stealth it or make it pingable or enable ANY port forwarding when using other than the default private IP address. So it's an ALL or NOTHING scenario. Either totally exposed or totally stealth. Take your pick.


Thanks to schja01 See Profile for raising the question and doing the heavy lifting.

 

[riser]

Ok, so you're hard coded as per the bottom portion.

The NAT means your signal leaves your computer as 192.168.x.x, hits the modem, turns into a public IP address, then goes about it's merry way.

It's stealthed and fairly secure.. BUT.. always the but..

If someone truly wanted to, they could capture you traffic, figure out what IP you have.. yada yada.. it gets a little complex.

So, I'll say you're mostly safe.. but do expect norton to pop up once in a while because you're not on a true router.. hence the poor mans router.

You're almost stealing an IP.. but you're not more secure that your main computer hooked to your DSL. Keeping a firewall is advised.. at some point investing in a router would be a good step forward.

but you're onl vulnerable if someone takes the time to focus on you.. but then again, most home routers can be compromised by someone who focuses on it.. if they want in bad enough, they'll get in.

Now here's the catch.. your ISP gives those modems out to all it's customers.. and they have a set IP address scope they hand out, meaning your information is very common and a lot of people know you're doing that.. and attacks might focus on that.

all in all..
I'd say you're secure against most things, but not as secure as using a router with a software firewall.

 

[Blackhawk3D]

Okay, thanks. I'm getting a router/firewall/wireless pretty soon, this was just so me and my bro don't have to give up the internet when the other wants it.