1. Home
  2. UK Do-It-Yourself Forum
  3. Black Ice Defender
  4. Page 3

Black Ice Defender

There are a number of IT professionals here.

Reply to
Huge
Loading thread data ...

Well, there are a number of people who work in IT. [I long since abandoned the idea that it's a "profession" :-)]

At least this group is mostly Conor-free, and has a long history of being pretty tolerant of off-topic discussions.

Whatever happened to the original FAQ keeper, Matthew at the Beeb - does anyone know ?

Reply to
John Laird

*grin*

I take your point. Especially with manufacturers shoving their worthless "certifications" down people's throats. OK, I revise my statement; "There are a number of people who make their living in IT here".

Hurrah!

And long may it continue.

Reply to
Huge

That would be a Router with built-in firewall then. I understand from that what you thought you were saying, but it was making assumptions that may not be true. In fact except in sub $100 home devices they probably aren't by default.

A router passes packets based on src & dst address (IP, although it's equally valid for any higher level protocol ifyou want to get picky).

NAT'ing is the process of altering one or both of the src/dst addresses in the packet headers. Advanced implementations can alter some of the embedded addresses in higher level protocols as well. (e.g. ftp command connections).

A firewall is the device that blocks packets based on one or all of src/dst IP, src/dst port numbers, or even the higher level protocols within. Many will snoop the traffic to ensure they open the correct ports based on previous connections. e.g. ftp data connections from the ftp command connection and rpc program connections from the portmap connection, base don rpc program number.

Sorry, but the fact that cheap home market routers come pre-configured for NAT with a DHCP server on the LAN port, and also allow only outbound connections doesn't excuse the fact that NAT & router don't equal firewall. Especially when most of them come with uPNP that's designed to allow your PC to silently register for inbound connections just by asking it to do so. And don't care if the keyboard snooper you just recieved in your email is sending every keystroke to that website in China.

regards Hamish.

Reply to
Hamie

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.