ZDNet - Tech Update - "Security issues move Linksys router..

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

Just sharing...

http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and_DDoS.html


--

To reply by e-mail, remove the "-nospam-" from the reply to address
12 answers Last reply
More about zdnet tech update security issues move linksys router
  1. Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

    On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh

    >Just sharing...
    >
    >http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and_DDoS.html


    "David Berlind's Reality Check"?

    Seriously, the one who needs a reality check may be David Berlind
    himself. Complaining about port 113 being closed as opposed to stealth
    while considering UPnP for firewall devices is a good thing clearly
    shows how David Berlind doesn't know enough about the topic at hand to
    be considered an expert giving advice to others.


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  2. Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

    Lars M. Hansen wrote:
    > On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
    >
    >> Just sharing...
    >>
    >>
    http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and_DDoS.html
    >
    >
    > "David Berlind's Reality Check"?
    >
    > Seriously, the one who needs a reality check may be David Berlind
    > himself. Complaining about port 113 being closed as opposed to stealth
    > while considering UPnP for firewall devices is a good thing clearly
    > shows how David Berlind doesn't know enough about the topic at hand to
    > be considered an expert giving advice to others.
    >
    >
    >
    > Lars M. Hansen
    > http://www.hansenonline.net
    > (replace 'badnews' with 'news' in e-mail address)

    If you have a quantitative viewpoint on the article, I for one will be
    happy to read what you have to say.

    Q
  3. Archived from groups: alt.internet.wireless (More info?)

    The majority of people are not going to scan IP addresses in order to find
    targets for DoS attacks (especially, when all one has to do is look at the
    headers of e-mail messages from people who one does not like). Sure, there
    might be occasional random DoS attacks, but those are unlikely to last for a
    long time and are unlikely to originate from more than a few hosts. Sure,
    the presence of a port that responds to incoming connections might subject
    ones other ports to increased scanning. However, neither of these two are
    exceptionally worrisome.

    I would be much more worried if Linksys routers could be remotely
    compromised to give people access to a LAN (e.g. by placing a computer into
    the DMZ). As long as that is not the case, I'm not worried. As far as UPnP
    is concerned, there has to be a way of allowing certain ports to be
    forwarded; and manually configuring ports is too difficult for most home
    users. Sure, UPnP could be exploited by worms to communicate with one
    another, and UPnP could allow poorly-written applications to compomise a
    computer behind an otherwise properly-configured router, but UPnP alone will
    not allow a worm to propagate to a computer that is behind a router that
    does not allow incoming connections.

    -Yves

    "Quaoar" <quaoar@tenthplanet.net> wrote in message
    news:GuednXJPypp1IuvdRVn-hw@comcast.com...
    > Lars M. Hansen wrote:
    > > On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
    > >
    > >> Just sharing...
    > >>
    > >>
    >
    http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and_DDoS.html
    > >
    > >
    > > "David Berlind's Reality Check"?
    > >
    > > Seriously, the one who needs a reality check may be David Berlind
    > > himself. Complaining about port 113 being closed as opposed to stealth
    > > while considering UPnP for firewall devices is a good thing clearly
    > > shows how David Berlind doesn't know enough about the topic at hand to
    > > be considered an expert giving advice to others.
    > >
    > >
    > >
    > > Lars M. Hansen
    > > http://www.hansenonline.net
    > > (replace 'badnews' with 'news' in e-mail address)
    >
    > If you have a quantitative viewpoint on the article, I for one will be
    > happy to read what you have to say.
    >
    > Q
    >
    >
  4. Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

    On Fri, 9 Apr 2004 09:23:18 -0600, Quaoar spoketh

    >Lars M. Hansen wrote:
    >> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
    >>
    >>> Just sharing...
    >>>
    >>>
    >http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and_DDoS.html
    >>
    >>
    >> "David Berlind's Reality Check"?
    >>
    >> Seriously, the one who needs a reality check may be David Berlind
    >> himself. Complaining about port 113 being closed as opposed to stealth
    >> while considering UPnP for firewall devices is a good thing clearly
    >> shows how David Berlind doesn't know enough about the topic at hand to
    >> be considered an expert giving advice to others.
    >>
    >>
    >>
    >> Lars M. Hansen
    >> http://www.hansenonline.net
    >> (replace 'badnews' with 'news' in e-mail address)
    >
    >If you have a quantitative viewpoint on the article, I for one will be
    >happy to read what you have to say.
    >
    >Q
    >

    David Berlind (DB) writes: "To the extent that national security relies
    on the vitality of the economy, I consider the mDDoS a significant
    threat to our national security."
    http://techupdate.zdnet.com/techupdate/stories/main/defenses_against_MDDoS_attacks.html

    Seriously? A script-kiddies ability to use two servers to knock out a
    cheap NAT router is a threat to national security? Wouldn't such a
    "mini-DDoS" attack on multiple servers be considered an actual DDoS
    attack? And, just because two servers where used to knock out one
    router, it's suddenly classified "mini"?. Sounds like someone want's to
    be another Steve Gibson and "invent" some totally nonsensical term for
    something internet related in order to get their name written down in
    the annals of the internet.

    DB writes: "Firewall ports have three modes: open, closed, and stealth."
    http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and_DDoS.html

    Ports only have two states: Open or closed. "Stealth" is not a normal
    state of any port, firewalled or not. "Stealth" is an open port that
    doesn't send a RST after receiving a SYN. In Mr. Berlind's brush with
    his "mDDoS", having port 113 being "stealth" rather than closed probably
    wouldn't have made any difference, as I suspect the attacker really
    didn't care if there was any ACKs or RSTs being returned (a simple SYN
    flood).

    DB writes: "The stealth mode hides a port's existence altogether (if all
    ports are stealthed, the existence of the entire Internet connection is
    basically hidden)"
    http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and_DDoS.html

    Actually, the complete lack of responses are a loud and clear "I'm here,
    and I have firewall dropping your packets" response. There's nothing
    stealthy about that at all.

    DB quotes Steve Gibson: "When a user connects to an IRC server, that
    server turns around and makes an IDENT query back to the user's system."

    "But that practice, which dates back to the early 90's, has long since
    stopped."
    http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and_DDoS.html

    If that were only true. IRC is not the only service that uses IDENT.
    Many SMTP servers still uses IDENT, including those of several large
    ISPs. Stealthing port 113 may cause significant delays when sending
    e-mails, as the mail server has to wait for it's IDENT connection to
    time out rather than simply getting an "RST" from you.

    Can't argue with Gibsons' thoughts on UPnP, though. Hopefully, Mr.
    Berlind will soon share that opinion as well.


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  5. Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

    Lars M. Hansen <badnews@hansenonline.net> wrote in
    news:qlcd70h7qeah0uml4uk7dfpvhet9095jle@4ax.com:

    > On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
    >
    >>Just sharing...
    >>
    >>http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and
    >>_DDoS.html
    >
    >
    > "David Berlind's Reality Check"?
    >
    > Seriously, the one who needs a reality check may be David Berlind
    > himself. Complaining about port 113 being closed as opposed to stealth
    > while considering UPnP for firewall devices is a good thing clearly
    > shows how David Berlind doesn't know enough about the topic at hand to
    > be considered an expert giving advice to others.

    I agree. He seems to be getting all excited about something he knows little
    about. Complaining about using a port closed in one breath then suggesting
    UPnP to be used the next.

    Lots of people are using the Linksys routers and getting better than
    average security compared to people who've got nothing. And I've seen just
    as many Zone Alarm misconfigurations to know that it's not really any
    "safer". I spent an entire weekened trying to remotely get my sister's
    Zone Alarm config to work properly with VNC before we finally uninstalled
    it. Not that I'm bashing a free product but seriously, they all have their
    issues.

    Anyone who is willing to spend the low price to put one of these cheap DSL
    / cable routers on in front of their PC is getting at least some basic
    level of security that the majority of users out there simply don't have or
    are not using (ie XP / 2003 internet security). I found it laughable that
    the author suggests he'd be going with Netgear, as if their support is
    somehow so much better. All the support in this price range leaves
    something to be desired, but in my opinion these hardware devices require
    less support than the comparable software solutions.
  6. Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

    Mr. Grinch wrote:
    > Lars M. Hansen <badnews@hansenonline.net> wrote in
    > news:qlcd70h7qeah0uml4uk7dfpvhet9095jle@4ax.com:
    >
    >> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
    >>
    >>> Just sharing...
    >>>
    >>>
    http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and
    >>> _DDoS.html
    >>
    >>
    >> "David Berlind's Reality Check"?
    >>
    >> Seriously, the one who needs a reality check may be David Berlind
    >> himself. Complaining about port 113 being closed as opposed to
    >> stealth while considering UPnP for firewall devices is a good thing
    >> clearly shows how David Berlind doesn't know enough about the topic
    >> at hand to be considered an expert giving advice to others.
    >
    > I agree. He seems to be getting all excited about something he knows
    > little about. Complaining about using a port closed in one breath
    > then suggesting UPnP to be used the next.
    >
    > Lots of people are using the Linksys routers and getting better than
    > average security compared to people who've got nothing. And I've
    > seen just as many Zone Alarm misconfigurations to know that it's not
    > really any "safer". I spent an entire weekened trying to remotely
    > get my sister's Zone Alarm config to work properly with VNC before we
    > finally uninstalled it. Not that I'm bashing a free product but
    > seriously, they all have their issues.
    >
    > Anyone who is willing to spend the low price to put one of these
    > cheap DSL / cable routers on in front of their PC is getting at least
    > some basic level of security that the majority of users out there
    > simply don't have or are not using (ie XP / 2003 internet security).
    > I found it laughable that the author suggests he'd be going with
    > Netgear, as if their support is somehow so much better. All the
    > support in this price range leaves something to be desired, but in my
    > opinion these hardware devices require less support than the
    > comparable software solutions.

    Three ad hominem replies about why Berlind knows nothing, but nothing
    quantitative about why he is incorrect. Suspect the posters themselves
    know nothing.

    Q
  7. Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

    thanks for keeping count and adding nothing.

    --

    "Quaoar" <quaoar@tenthplanet.net> wrote in message
    news:cMSdnfPuv6G_YOvdRVn-sw@comcast.com...

    > Three ad hominem replies about why Berlind knows nothing, but nothing
    > quantitative about why he is incorrect. Suspect the posters themselves
    > know nothing.
    >
    > Q
    >
    >
  8. Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

    on Fri, 9 Apr 2004 13:44:33 -0600, Quaoar spoketh

    >
    >Three ad hominem replies about why Berlind knows nothing, but nothing
    >quantitative about why he is incorrect. Suspect the posters themselves
    >know nothing.
    >
    >Q
    >

    Wrong #1: Ports have 3 states: open, closed, stealth.
    Wrong #2: mini-DDoS is a "national security issue".
    Wrong #3: UPnP is good.
    Wrong #4: mini-DDoS.
    Wrong #5: Stealth makes your computer "basically hidden".
    Wrong #6: Stealth would have solved his "mDDoS" issue.

    That pretty much sums up the quantitive part of his three articles
    regarding this "mDDoS" that he's invented.

    Now, maybe you can do a "quantative" on why he's right...


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  9. Archived from groups: alt.internet.wireless (More info?)

    Also, I think the average home user will experience many more wireless
    interruptions due to neighbors with microwaves, cordless phones, and evil
    channel-hogging 108Mbps access points than due to DoS attacks.

    -Yves

    "Quaoar" <quaoar@tenthplanet.net> wrote in message
    news:cMSdnfPuv6G_YOvdRVn-sw@comcast.com...
    > Mr. Grinch wrote:
    > > Lars M. Hansen <badnews@hansenonline.net> wrote in
    > > news:qlcd70h7qeah0uml4uk7dfpvhet9095jle@4ax.com:
    > >
    > >> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
    > >>
    > >>> Just sharing...
    > >>>
    > >>>
    > http://techupdate.zdnet.com/techupdate/stories/main/Linksys_routers_and
    > >>> _DDoS.html
    > >>
    > >>
    > >> "David Berlind's Reality Check"?
    > >>
    > >> Seriously, the one who needs a reality check may be David Berlind
    > >> himself. Complaining about port 113 being closed as opposed to
    > >> stealth while considering UPnP for firewall devices is a good thing
    > >> clearly shows how David Berlind doesn't know enough about the topic
    > >> at hand to be considered an expert giving advice to others.
    > >
    > > I agree. He seems to be getting all excited about something he knows
    > > little about. Complaining about using a port closed in one breath
    > > then suggesting UPnP to be used the next.
    > >
    > > Lots of people are using the Linksys routers and getting better than
    > > average security compared to people who've got nothing. And I've
    > > seen just as many Zone Alarm misconfigurations to know that it's not
    > > really any "safer". I spent an entire weekened trying to remotely
    > > get my sister's Zone Alarm config to work properly with VNC before we
    > > finally uninstalled it. Not that I'm bashing a free product but
    > > seriously, they all have their issues.
    > >
    > > Anyone who is willing to spend the low price to put one of these
    > > cheap DSL / cable routers on in front of their PC is getting at least
    > > some basic level of security that the majority of users out there
    > > simply don't have or are not using (ie XP / 2003 internet security).
    > > I found it laughable that the author suggests he'd be going with
    > > Netgear, as if their support is somehow so much better. All the
    > > support in this price range leaves something to be desired, but in my
    > > opinion these hardware devices require less support than the
    > > comparable software solutions.
    >
    > Three ad hominem replies about why Berlind knows nothing, but nothing
    > quantitative about why he is incorrect. Suspect the posters themselves
    > know nothing.
    >
    > Q
    >
    >
  10. Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

    I couldn't agree more...

    The rambling on and on about closed versus "stealth" on port 113 is almost
    nonsense...
  11. Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

    In article <tkvd709fe814f4tbj204d7gbh49ll4m7av@4ax.com>,
    Lars M. Hansen <badnews@hansenonline.net> wrote:

    > DB quotes Steve Gibson: "When a user connects to an IRC server, that
    > server turns around and makes an IDENT query back to the user's system."
    >
    > "But that practice, which dates back to the early 90's, has long since
    > stopped."

    MANY irc servers require ident still, but as many don't. IOW, having
    that port forwarded is nice - and permits you to dump the ~ off your id
    in the ulist, but it's simply not a necessity.

    - Dan.
    --
    - Psychoceramic Emeritus
    - South Jersey, USA, Earth
  12. Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

    My D-Link DI-624 wireless router also closes port 113 rather than 'stealth'
    the port as confirmed by Shields Up and Symantec port scans to my router.
    Maybe this is a widespread 'problem'. Any others you know of that do this?
    If so, Mr. Berlind should be notified so he can remove all of them from the
    'short list'. I wonder who is on the short list? Microsoft OS products
    certainly should have been removed from the short list long ago.
Ask a new question

Read More

Cable Wireless Networking