What's my smartest choice for a robust firewall?

M

MinPins

Limp Gawd
Joined
Aug 30, 2007
Messages
368
Some background:

 The other day I decided to turn on "informational" logging on my D-Link DGL-4100 router just to see what “information” it would report. About 5-6 hours later I was surprised when the log showed up in my email because it was already full! I opened it to find that there were thousands of access attempts on my router from many IPs to various ports on my WAN IP address (my router is set to not respond to WAN pings).

These were mostly in the form of “incoming TCP packets” and “incoming UDP packets” and also “incoming TCP” and “UDP connection requests”. There were also a number of SYN ACK and other access type attempts. I utilized IP lookup and determined that these were coming mostly from China, but there were also a number of them from Malaysia, Russia, Eastern Europe and also from inside the USA. Below is a small sample from the log, I removed my WAN IP from the entries and only included the port numbers that were attempted:

109.169.61.114:10560 to port 22
109.230.213.43:12200 to port 27977
119.12.45.29:23620 to port 24008
121.221.232.213:52331 to port 44521
121.98.100.110:50340 to port 44521
122.204.40.2:5060 to port 5060
137.226.34.42:80 to port 1599
173.201.165.90:80 to port 19920
173.244.218.225:53 to port 53326
184.73.179.154:80 to port 45000
184.84.222.41:80 to port 3207
202.102.234.87:12200 to port 2301 (this Chinese IP address had a few hundred access attempts to various ports)
208.83.125.193:80 to port 2778
209.127.89.29:1089 to port 2517
221.192.199.46:12200 to port 8085 (this Chinese IP address had several hundred access attempts to these two ports)
221.192.199.48:12200 to port 27977
222.186.13.212:12200 to port 27977 (this Beijing IP address had several hundred access attempts to these five ports)
222.186.13.212:12200 to port 3246
222.186.13.212:12200 to port 8090
222.186.13.212:12200 to port 9000
222.186.13.212:12200 to port 8085
58.218.199.147:12200 to port 2479 (Another few hundred from Beijing)
58.218.199.147:12200 to port 27977
58.218.199.147:12200 to port 3246
58.218.199.147:12200 to port 6588
58.218.199.147:12200 to port 7212
59.50.43.234:61201 to port 22
60.172.230.110:5061 to port 5060
61.132.36.202:6000 to port 65500
61.142.12.86:4162 to port 1434
62.135.105.7:11614 to port 2517
64.90.170.10:80 to port 2302

The log continues on and on, but you get the general idea. I am now very interested in seriously beefing up the security of my home network. My security currently consists of the DGL-4100 and running Norton Internet Security on my PCs.

Although there are no state secrets or launch codes residing on my server or on my PCs, I would still like to:

  1. Ensure that my network and my data are as secure as possible within a reasonable cost (<$1000 USD)
  2. Maintain a high level of throughput (>20Mb) on my DOCSIS 3.0 cable modem
  3. In addition to intrusion prevention I also need VPN and would be very interested in a device that has anti-virus, anti-spyware and anti-spam filtering (zero-day?), essentially a UTM device as far as I am aware.
  4. I have 4 IP cameras in my home that I routinely access while traveling abroad and I need to retain this ability.
  5. I also want the new device to fit in my rack and I only have 2U of space remaining.
I looked on Newegg and saw that they had a number of very favorably reviewed hardware firewalls (ZyXEL ZyWALL 2 PLUS, CISCO ASA5505, NETGEAR FVS338) but most of these seem to have been around for a number of years and I really desire very up to date firewall technology.

I’m not an IT guy so setting up my own Pfsense rig might be a tad over my head although it is a project that interests me since I love learning new things. I would be starting from zero knowledge so I think it would probably take me some time before I got a DIY Pfsense rig up and running effectively and I would like to bolster my network security sooner than that.

I also read up a bit on the Netgear ProSecure UTM5 and UTM10 and they definitely appeal to me although I’m not a fan of yearly subscription fees. The fees are definitely not a deal-breaker since I want my network to be safe and secure, but I also like saving money when possible. Having said that I think this device is near the top of my list (despite the fees) depending upon your input of course.

Finally, I found a few ready-made Pfsense devices like the Netgate m1n1wall 2D3. The cost and throughput of this tiny device (with the optional VPN1411 installed) are impressive and I think I would honestly prefer something like this over building my own Pfsense rig from scratch.

Having said all of that I would greatly appreciate your opinions and recommendations please.


 
You're looking at normal internet "noise"....worms, exploits, kiddie script hackers, etc. Yup..that's normal. And some people, if they read a firewall log...will bite their nails and loose sleep over it.

Seriously, that's normal. Let your DLinks "NAT" do it's job and protect your network. You're fine. You're behind a NAT router...you're fine. If you DMZ a computer, or if you plug a computer directly into a broadband modem sitting on a public IP address...NOW you have to worry about that stuff.

But getting afraid of what's normal on the internet and thinking you need some big fancy schmancy firewall because of stuff like that? Nahhh....let NAT do its job...you already have that.

Now, if you want to beef up your home networks security from malware threats on the internet, like rogues/fake alerts...NOW we can talk about UTM appliances like Untangle or Astaro..but that's a whole different reason.
www.untangle.com
www.astaro.com
 
Thanks for the explanation.

<snip>
YeOldeStonecat said:
Now, if you want to beef up your home networks security from malware threats on the internet, like rogues/fake alerts...NOW we can talk about UTM appliances like Untangle or Astaro..but that's a whole different reason
Click to expand...

Actually that is exactly what I am wanting to do.

After running several of the tests utilizing the guidance in the Virus/Trojan/Malware Removal thread I found a total of six instances of malware and trojans on one of my PCs and my server. In fact a recent torrent file had a rather nasty one on it, luckily it had not yet activated or caused any harm AFAIK. I was able to remove it without issue.

In addition to Pfsense I did read a little about Untangle and Astaro, but the more I think about it I may not really be knowledgeable enough to run those setups even though I always build my own PCs and I installed my entire network myself. I think I am leaning toward a purchasing ready-made device.
 
Plenty of pre-made untangle appliances available. The NG 25 would be perfect for you lol.

http://untangleappliances.com/next-gen-appliances.html

Its really not hard to make your own though. I could get you a parts list for a fairly robust white box based DIY system. Untangles installer is made for people with no linux experience. No command line necessary, its all GUI and its really intuitive and easy to use.

Stay away from the netgear UTM, its junk. It wont push your wan with all the utm features enabled. Someone did a review of one on here, they didnt like it at all.

Here is a review on Untangle's forums: http://forums.untangle.com/off-topic/17715-tried-some-appliance-based-competition.html
http://www.smallnetbuilder.com/secu...-unified-threat-management-appliance-reviewed
 
Last edited:
Because of the nature of P2P files, even a UTM isn't going to stop you from downloading malware infected files via that method unless you just have it block all P2P downlaod traffic. The anti-virus/malware software you use is the only protection against that, once the download is completed.

UTM will help with any unecrypted transfers over SMTP, POP, IMAP, FTP, and HTTP protocols. And you can set block lists to block certain categories of sites as well very easily.

For a typical home user, something like your DGL-4100, with its DNS configured to use OpenDNS servers set to block access to adware sites (and any other categories of your choosing) in addition to good anti-virus/malware software installed on everything, will go a long way.

That said, I have a VM server that had plenty of capacity left over, so I installed Untangle on it as a VM. I've been very happy with it.
 
@Proactivens: Thanks for the info on the Netgear UTM

@nessus: I think I will switch to OpenDNS and will begin reading up on Untangle. I have a bunch of spare parts around here so I should have most of what I need to build one. I will need to find a 2U case that is very quiet though, the only spare cases I have are to big to fit in my rack.
 
I gotta look closer are astrao that looks sweet.

Running untangle now but kinda looks like Astaro will fit my needs better
 
MinPins said:
In addition to Pfsense I did read a little about Untangle and Astaro, but the more I think about it I may not really be knowledgeable enough to run those setups even though I always build my own PCs and I installed my entire network myself. I think I am leaning toward a purchasing ready-made device.
Click to expand...

Don't let them scare you. Untangle is actually easier to install and setup than PFSense. PFSense is not a UTM, they have an add-on for ClamAV scanning...but it's primitive. Untangle and Astaro are true UTMs. Untangle is actually the easiest to setup, for the novice....not that Astaro is complicated...but it's a tad more to get going.

Download the ISO, burn to CD...boot from it using x86 hardware with standard components...Intel chipset motherboard, Intel or Broadcom NICs...and follow the easy peasy hand-holding install wizard. Managing them is via your web browser..much like your standard home grade Stinksys or Nutgear router.
 
Heh, I remember when I first plugged in my Cisco router as my edge router and set up my ACL (firewall). I turned on logging and sat back as a wall of connection attempts began pouring down my screen. Within an hour I had an (automated) individual actively trying to SSH into my router making attempt after attempt to break my username and password. Day and night, attempts to break my password, occasionally switching to various proxies around the world. Countless connection attempts, port

It was an eye-opening moment, to be sure. But it's typical, and your average home router has no problem keeping all the bad nasty out... except of course, the bad nasty you let in, even if unintentionally. And that's what a UTM is good for.
 
Last edited:
is this where i step in and say something about Untangle ?


1000557.jpg



I think a Untangle sticker will fit PERFECTLY on this bad boy :)
 
dashpuppy said:
is this where i step in and say something about Untangle ?
think a Untangle sticker will fit PERFECTLY on this bad boy :)
Click to expand...

I got a few NG units coming in, NG-100 and an NG-50....and hopefully another order of 5 coming up soon....and a 3rd order by end of Jan. :D
 
YeOldeStonecat said:
I got a few NG units coming in, NG-100 and an NG-50....and hopefully another order of 5 coming up soon....and a 3rd order by end of Jan. :D
Click to expand...

I will be doing stickers for them ( i think ) for Jim.

In the new year i will be looking to get a NG-100 Rackmount unit also.

:)
 
Yeah Dash ill order some stickers from you. Get in touch with me tomorrow.

Sold 4 NG 100's in the last 2 days :) These things are flying off the shelf!
 
Running OpenDNS now, no change in speed according to Speedtest.net. Still ~25Mb/s down, 3.22 Mb/s up.
 
You must log in or register to reply here.
Back
Top