Are All Firewalls The Same ?

[sub101uk]

I have been using for a few months a TD-8817 modem and its very clear that the firewall on this has been hacked . Now I was thinking of upgrading to ADSL-II/2 Router 300Mb WLAN TP-LINK (W8961ND) Just thinking is the firewall going to be the same ? .

I live in the south of Thailand but can travel up to bangkok since I think you may have more to pick from as in the south all have is ADSL-II Router 150Mb WLAN LINKSYS (WAG120N) I have heard that this Modem is crap !

any one using a ADSL-II Router (4-por) SMC (SMC7904BRA3) .

So I wonder what the rest of you are using ?

Cheers and thanks again for reading this .

Subman

Edited June 12, 2011 by sub101uk

[Darrel]

"its very clear that the firewall on this has been hacked"

What makes you think that?

[sub101uk]

Hi Darrel

TOT gave me a new modem a T-P link 8817 its a very basic Modem costing about 400 baht soon after I had this new modem strange things started to happen and then I saw the cursor move by its self and clicking on icons so I would say that the firewall on this modem is crap as it says Dual Firewall SPI and NAT Firewall protects end users devices from Potential attacks across the internet , The modem is being used in Ethernet mode ( would it help if I used it in USB mode ?

I had the loan of a Draytec Vigor 2820 ADSL2+ Firewall and while I have the unit every thing was fine but when I switched back to the TP Link the attacks started again I dont seem to be able to get a Draytec over in the south of Thailand so I was wondering what was a good replacement .

Thanks for your help

Subman

[justsumhelp]

Have you changed the default password on router? If your cursor is moving on its own and clicking icons then it could be that a certain port is being forwarded which is not blocked by the TOT router but blocked by the Draytec. Remote administration tools (RAT'S) could be the cause of your problem. I would suggest a complete antivirus scan, avgfree is decent and free.

Hi Darrel

TOT gave me a new modem a T-P link 8817 its a very basic Modem costing about 400 baht soon after I had this new modem strange things started to happen and then I saw the cursor move by its self and clicking on icons so I would say that the firewall on this modem is crap as it says Dual Firewall SPI and NAT Firewall protects end users devices from Potential attacks across the internet , The modem is being used in Ethernet mode ( would it help if I used it in USB mode ?

I had the loan of a Draytec Vigor 2820 ADSL2+ Firewall and while I have the unit every thing was fine but when I switched back to the TP Link the attacks started again I dont seem to be able to get a Draytec over in the south of Thailand so I was wondering what was a good replacement .

Thanks for your help

Subman

[ozzydave]

Without getting into a brand bashing excercise - there is a signicamt different between the firewall tiers. Based on the price and models mention I conclude you are interested in lowest price

Note that firewalls stop traffic, NOT content (that may be malicious). By default 99.99% firewalls permit outbound traffic only. For any malware to get on your PC it is either a direct result of attaching compromised storage, or download from the intenet or WIFI. This appears to be the issue you are experiencing

If your computer is being remote controlled it is unlikely to be the firewall causing the issue, as most (consumer grade) firewalls dont have a provision to get command line access or run other programs that would permit such activities 9or launch of such activities from the firewall itself)

It is more probable that your computer(s) have been compromised by download of some type (either deliberate or 'drive by' web download). Check your computer(s) using several different AV / root kit detection programs.

If you want a firewall that does content inspection you will need to add some zero to the price you quoted. Even if a product comes with builtin content filtering, it will be of dimimished value a month after it is released due to new malware releases. The signatures need to be updated atleast every week, and preferably every day. This will require a subscription to be maintained (read pay more $ every year). Now you are starting to move into the low end commercial grade products, and you will need more that just adding a 0 to the price. Start with decent AV/Malware program suite (there are a few decent inexpensive ones on the market - not I did not say synemtec).

The biggest issue with any 'firewall' is the configuration. Get the device manual if you are not familar with that device.

Firewall co0nfiguration policy;

No. 1 rule is to change all of the adminstrative access settings.

No. 2 rule is deny all admin access from any place but the LAN (physical cabled side) - this includes wireless

No. 3 rule is deny all traffic from any place but the LAN

NOW consider what traffic is required.

IF you NEED wireless, then set the wireless paramaters such as;

a. WPA2-PSK - do not even think about WEP - you might as well adverise the password on your door! (IF there is choice of enterprise or personal choose personal for home use

b. AES encryption

c. generate a long random preshared secret - about 16 characters (or more) of mixed alpha/numeric/punctuation is best

A brief discussion on firewall trends (although I do not agree 100% with the band related statements - but you will notice that no SOHO brands get a mention)

Network World post on firewalls

Hope that helps.

[sub101uk]

Thanks for your replys I have fully scanned my computer and have found nothing with Avast and turned the firewall up to High Risk Zone , It was set before at Medium Risk before .As for price I am more than happy to spend up to 10k Baht if it sorts the problem out but from looking at the shops in Songkhla and Hat Yai all they seem to have are TP - Link , D-Link , SMC , or Linksys so I may have to come up to Bangkok if I get no joy .

So at the moment I am using a D-Link DSL 526B , Yes fully understand change all the settings on the TP - Link Modem from Admin to what ever you want to use as for the other settings I think I will leave those alone since I dont know any thing about thoses ? Well thanks again and if someone knows were I can buy a good Modem / Firewall let me know .

Cheers

Subman

Edited June 13, 2011 by astral
No need to quote the entire post. Just pick out the relevant points, please - Astral

[astral]

What sw firewall are you running?

That is just as important as the hw side in the router.

I use Zone Alarm and have done so for years.

Never had a problem.

[sub101uk]

Hi Astral

The soft firewall is Avast that now is turned fully on to high risk and the current modem is the D-Link DSL 526B

Cheers

Subman

[Darrel]

soon after I had this new modem strange things started to happen and then I saw the cursor move by its self and clicking on icons ..... but when I switched back to the TP Link the attacks started again ...

Very odd. As others have mentioned the modem cant be doing this: there just isnt enough computing power in a modem to allow it. What could be happening is that someone is accessing the modem from the internet and setting up some port forwarding, but even so they would still need some sort of programme running on the PC for them to control. Even finding the modem in the first place isnt easy unless they have also set up some sort of DynDNS service, or some service pinging their own servers to say where it is.

I would flash the firmware in the modem with the most recent version available from the manufacturer (even if it appears to be the same version that you have now), then reset and reconfigure the modem and immediately change the default password. If you do all that then anything in the modem will have been eradicated.

However, as others have mentioned, I would certainly recommend looking for malware of some type on the PC as that is surely where the problem is.

All very odd though as no malware actually needs to move the mouse and click on icons to retrieve your data. Are you sure that you dont have something like logmein or teamviewer installed and running, and that someone doesnt have the access codes? You wouldnt be using a pirated "cheap" version of Windows such as one might get at Tukcom or some other shopping mall, would you?

[sub101uk]

Hi Darrel Yes its a strange problem I think my best bet is to replace the modem with some thing a bit better than TOT gave me but the problem is which one ? As for the software on my lap top no its all 100 % Microsoft since I use this computer for work .Well at the moment this little D-Link modem DSL 526B seems to be working fine but some times it just is a bit hit and miss as for this TP-Link TD-8817 I will check out the TP-web site and see if there is any upgrade I did a reset with the current firware but its still the same On checking the Firmware on this TP-8817 its Ver5.2 on checking on the web site under new firmware for TD8817 I find Ver 5 but installed firmware is 5.2

Cheers

subman

Edited June 14, 2011 by sub101uk

[Supernova]

The TP-LINK you received from TOT is probably running custom firmware. It's normal for ISPs to install their own firmware on modems they distribute to customers. Check the label at the back of the device. If the string reads "Ver 5.2", it means that the hardware version is V5. More info here.

Edited June 14, 2011 by Supernova

[Darrel]

I think my best bet is to replace the modem with some thing a bit better than TOT gave me

I dont think that this will really solve the problem. It may mask the symptoms but I want to know what is causing your mouse to move and click on icons on its own. It will not be the modem.

Has anyone ever had access to your PC since the operating system was installed?

[sub101uk]

Hi Darrel

Well all I know is the problem only seems to be there only when I use the TP modem as on the D-Link its fine same as the DrayTec so I think I will see if I can find and install new firmware but it only cost 400 baht from TOT so no big deal .

Looks like a trip up to Bangkok as we dont seem to have much down in the south , As for someone having access to my computer no body has has access accept me .So it all points to the TP modem that seems to be letting someone through unless its TOT since thats were the modem came from .I think its best to buy a new modem / firewall and like the other guys said with all the settings changed for max protection.

As soon as I find some place in Hat Yai or Bangkok selling a good modem I will be on my way .

Cheers

Subman