[prev in list] [next in list] [prev in thread] [next in thread]
List: blackicedefender-general
Subject: RE: [bidgeneral] Re: Compatibility with NAT/"broad-router"
From: "Neil O. Helgeson" <neilolif () flash ! net>
Date: 2002-05-23 14:54:28
[Download RAW message or body]
Hi;
Regarding the statement: "It is almost pointless to run an IP based
firewall behind a NAT..,"
Agreed. ALMOST.
One thing keeping a firewall running does for you is let you know when
somebody changed the settings on the router. If you start getting hit, it's
time to visit the I.S. guys and whack them soundly round the head and
shoulders.
This scenario recently happened to me, and BID notified me that the outside
was getting in..,
Regards;
Neil H.
> -----Original Message-----
> From: L.W. Kramer [mailto:lwkramer@twocat.com]
> Sent: Tuesday, May 14, 2002 1:43 PM
> To: bidgeneral@yahoogroups.com
> Subject: Re: [bidgeneral] Re: Compatibility with NAT/"broad-router"
>
>
> No.
>
> L.
> >--- In bidgeneral@y..., "L.W. Kramer" <lwkramer@t...> wrote:
> >
> >
> >Thank you for your reply. And that's exactly what 2wire had told me.
> >Blackice just isn't necessary. Nothing can get past this NAT and
> >SPI, they state. I like Blackice's reporting features. My hardware
> >firewall doesn't have extensive reporting features like BID. I
> >suppose I would just like to run it, in case a packet gets through.
> >Is that configuration possible?
> >
> >
> > > It is almost pointless to run an IP-based firewall behind a NAT
> >router as
> > > all meaningful information will have been translated by the time
> >it reaches
> > > your PC. If you are running a web server behind your nat, you may
> > > filter for specific incoming url content, but that's about it. You
> >would
> > > also want to run a good antivirus... but your nat router is the
> >only
> > > place (by virtue of its public interface) where a firewall or IDS
> >will be
> > > effective.
> > >
> > > L.
> > >
> > >
> > > >I have two pc's running xp professional behind a 2wire home portal
> > > >that performs NAT, port address translation, and stateful packet
> > > >inspection.
> > > >
> > > >2wire, the manufacturer recommends that blackice be removed to
> >avoid
> > > >any problems.
> > > >
> > > >How can I configure BID to work behind this router?
> > > >
> > > >My guess is to accept (not trust) traffic from my local ip addies
> > > >under the advanced firewall tab. Am I missing something?
> > > >
> > > >Any suggestions would be greatly appreciated.
> > > >
> > > >Thank you.
> > > >
> > > >
> > > >
> > > >To Post a message, send it to: bidgeneral@e...
> > > >To Unsubscribe, send a blank message to: bidgeneral-
> >unsubscribe@e...
> > > >
> > > >Your use of Yahoo! Groups is subject to
> >http://docs.yahoo.com/info/terms/
> >
> >
> >
> >To Post a message, send it to: bidgeneral@eGroups.com
> >To Unsubscribe, send a blank message to:
> bidgeneral-unsubscribe@eGroups.com
> >
> >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
>
>
> To Post a message, send it to: bidgeneral@eGroups.com
> To Unsubscribe, send a blank message to:
> bidgeneral-unsubscribe@eGroups.com
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tied to your PC? Cut Loose and
Stay connected with Yahoo! Mobile
http://us.click.yahoo.com/QBCcSD/o1CEAA/sXBHAA/dkFolB/TM
---------------------------------------------------------------------~->
To Post a message, send it to: bidgeneral@eGroups.com
To Unsubscribe, send a blank message to: bidgeneral-unsubscribe@eGroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic