|
PureBytes Links
Trading Reference Links
|
> Thank you, Dennis, for explaining how the router foils illegitimate
> requests. And so how do *legitimate* requests come through the router from
> the outside to your internal LAN to a real computer in the DMZ? Does your
> Linksys router handle that?
There is no real computer in the DMZ. The DMZ is wide open to the
internet and is normally used for hosting a server or something where
you want to allow public access. The whole point of a personal firewall
is to keep the public OUT. As far as I'm concerned, there are no
legitimate requests from the outside. If any outside requests come
along, I just don't "answer the phone." In fact, it doesn't even ring.
:-) The only way an outside computer can talk to me is if *I* initiate
the contact from my end.
Hmmmmm, I think I'm making this too complicated. Without the DMZ thing,
the router will still refuse requests from the outside. BUT (and this is
the difference) the snooper will get a message back telling him there is
a computer there but it's refusing his requests. That might pique his
curiosity and make him want to try a little harder to get in. With the
DMZ trick, he gets nothing back. It's as if I unplugged my cable modem.
So, unless he knows my address and has some reason to hate me, his
software will just move on to the next address and probe there. I'm
essentially invisible to the simplistic software used by teenie bopper
cracker wannabes. That's what's called a "stealth firewall."
For a quick check of your defenses, go to http://www.grc.com and tell it
to probe your ports. If you get anything less than a full stealth
(invisible) reading, your firewall needs some work.
--
Dennis
|