[XCSSA] Help I'm under attack!

[xcssa@xcssa.org]

On Wednesday 29 November 2006 20:43, Gene wrote:
> Recently switched from RR to AT&T DSL in the last month or so. 
<<snip typical Internet doorknob-rattling>>
> Can anyone recommend a beginners book on network/router settings?

You should be aware that the main security exploits today are built 
around malicious websites that few consumer-grade routers can 
block--the malware just rides in with the rest of the Web page. Using a 
non-Microsoft OS and browser is a really good first step in avoiding 
trouble.

Since you didn't specify the brand & model you have, I can't make 
specific suggestions, so here's the general path I take when setting up 
new consumer-grade routers.

0. Research the product I'm considering, using the appropriate forum on 
DSLreports.com (also known as BroadBandReports.com) and the 
manufacturer's website. If you inherited someone else's setup, this 
will give you a chance to get manuals and learn what it's supposed to 
do. Treat the vendor's claims as political promises (i.e. guilty until 
proven innocent.)

1. Leave the new item disconnected and powered off. If you have a 
working network, introducing a new device with default configuration is 
likely to cause interesting problems.

2. Using a known working computer and Internet connection, go to 
www.DSLreports.com/forums/all and check for the latest _working_ 
firmware for your product. Many vendors have shipped broken firmware in 
the box, and some do it frequently. The latest factory version is not 
always the best choice. Knowing what is broken on each available 
version will help a lot later. You may also learn who has done stupid 
and harmful things lately and should be avoided.

3. Using said known working system, download and update the firmware to 
the best version for your needs. Follow the update procedure 
recommended in the forum. If there is no forum-recommended procedure, 
follow factory instructions. Generally the computer should be connected 
only to the router being updated, and running as few tasks as possible. 
Do _NOT_ connect more than one computer. Do _NOT_ connect to the 
Internet while flashing.

4. Now explore the options available in the updated firmware. Learn what 
each setting means, and what options you have. Features like stateful 
packet inspection (SPI) are generally good to turn on, while others 
like DMZ and UPnP are generally bad and should be turned off. Logs may 
or may not be useful. Remote management and SNMP should be off until 
you have a need for them. Look things up online until you have a good 
grasp of the terminology. As long as you know the proper way to reset 
the device to defaults, you can experiment and see what happens.

Final notes: There's a lot of garbage online pretending to be useful 
information. I went through seven pages of Yahoo! results and didn't 
find any general router/firewall setup info that didn't have glaring 
errors. No wonder so many Windows boxes get pwned. I hope the pages 
with specific model info are better.

Enjoy your learning experience!  --Don