HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 43 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow How safe is a computer behind a home router?
EH-Net
May 21, 2013, 01:57:00 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: How safe is a computer behind a home router?  (Read 5791 times)
0 Members and 1 Guest are viewing this topic.
bamajedi
Newbie
*
Offline Offline

Posts: 3


View Profile
« on: December 07, 2007, 09:29:40 AM »
I have a question maybe you guys can settle for me. A friend and myself both work in the technical field. He and I go back and fourth about this issue:

If you have a PC behind a Linksys (for example) connected to a DSL or Cable connection, is the nat provided by that connection safe enough to not need a firewall? Or can someone see and penetrate the system from the internet. I know from various research I am right but, I cannot pinpoint why, after all hackers penetrate professional grade firewalls. Im sure a home router would be no problem Grin

Thanks guys

P.S. If you have any useful links describing why it's unsafe that would be helpful also.
Logged
LSOChris
Guest
« Reply #1 on: December 07, 2007, 10:42:38 AM »
getting into your PC thru your router, why...

i just get you click on something and i get a reverse shell back to me from your PC
Logged
bamajedi
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #2 on: December 07, 2007, 10:57:36 AM »
Yes, That would be the easy way and from what ive seen Limewire would give you hundreds if not thousands of reverse shells a day. But what about getting into someones system from the internet.

I know an ISP I worked for prevented all computers but the ones on the same subnet from seeing one another but you could still proxy back in I guess. So what can you see, how would you get in from the internet without binding your malware to the latest nude pic of <insert name here>  Roll Eyes
Logged
Kev
Sr. Member
****
Offline Offline

Posts: 428


View Profile
« Reply #3 on: December 08, 2007, 08:37:04 AM »
As with most things concerning this subject, it comes down to the skill level. In my tests, over 90% of attacks on the net fail if you are behind even a home router. That of course is due to the amazing amount of script kiddie activity out there. Routers can be exploited but that requires a higher level of skill and why would someone with that ability waste his time on your home router?
Logged
nebu10uz
Sr. Member
****
Offline Offline

Posts: 368



View Profile WWW
« Reply #4 on: December 08, 2007, 07:39:21 PM »

Easy, if you visit a malicious website that is hosting... well malicious code, your doomed. Your basic home router will not help you here unless it's geared up with good security software.

You also need to have a good on access protection antivirus and antispyware software. Patch up your OS and a good personal firewall app. Configurations of these software is important too. If not well configured, consider your computer owned.
Logged
Security+, OSCP, CEH
pseud0
Recruiters
Full Member
*
Offline Offline

Posts: 208



View Profile
« Reply #5 on: December 09, 2007, 08:44:13 AM »
Most home routers are going to act as a pretty good firewall for 2 reasons:
-they are "dumb."  Most home routers don't come bundled with a lot of extra services and options which are the source of many attacks against high end firewalls.  If a service just doesn't exist, it is pretty hard to exploit. 
-most people using home routers don't ever setup rules to allow traffic back into their environment.  They buy the device, plug it in, and that's it.  Many problems with firewalls are based on their rule set rather than the device itself.  They allow malicious traffic to reach places that it shouldn't by being too broad, including unnecessary ports, the dreaded *.*, and so on.   Of course, this situation leads to the most common home firewall attack... default username and password.

Even with those two comments I say most home systems still need a local firewall to catch outbound traffic.  As the previous posters have already pointed out, most home users are hit from malicious websites and files (OS and app level hacks) rather than network based attacks.  Most home routers won't alert you to suspicious outbound traffic.   Local firewalls will at least attempt to warn you that a new app/service is trying to reach out and touch someone.
Logged
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
Kev
Sr. Member
****
Offline Offline

Posts: 428


View Profile
« Reply #6 on: December 09, 2007, 09:59:21 AM »
Yes thats a good point about client side attacks. This is really the growing area for not just crackers but for those of us that pentest. For most of us, if we cant  get in through the front door, we try and slip in by exploiting a client on the network. It often is a little more complicated because it can require a little social engineering and patients.  If I can get someone to click onto the website and download my code, assuming they are vulnerable, I can slip right by everything and now I am inside the network.
Logged
bamajedi
Newbie
*
Offline Offline

Posts: 3


View Profile
« Reply #7 on: December 09, 2007, 06:31:54 PM »
First, thank you all for your wonderful insights. So basically you are putting the firewall on a users home pc to alert them if something is trying to get out. There should be no real concern if the user just checks email and sticks to safe surfing and doesnt do any port forwarding?
Logged
jimbob
Guest
« Reply #8 on: December 10, 2007, 07:38:20 AM »
It's worth mentioning the need to secure home/small office routers. Many models have HTTP/telnet access on the WAN side (a massive mistake on the part of the manufacturer). If you don't disable this and/or change the default password then anyone could potentially access your router. Given most of them have the option to effectively expose a single LAN IP address as though it were connected directly to the net you could be in trouble.

Jimbob
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.07 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.