network security related question

Vitorio Okio ovitorio at hotmail.com
Fri Feb 27 05:17:40 UTC 2009


I need an explanation from somebody that knows about networking security 
a bit more than I do.  The question below also might be particular to my 
hardware/software set.

I'm behind Linksys WRT54 router with DD-WRT v.24 on it with the router 
SPI firewall enabled.

I also have Firestarter running on my Ubuntu 8.04.

I used to think that being behind a NAT router is quite safe.  And I used 
to think that keeping Firestarter running is my tribute to security 
paranoia.

But today I've noticed a huge number of incoming connections reported 
blocked by Firestarter. All of them are of ICMP protocol, and my 
understanding is they are either pings, or simple port scans, or 
something of the kind. 

Though almost all of them come from the same 2 sources outside of my 
country and this persistence worries me.

My question is how do they ever reach my Firestarter? How they go through 
my NAT router? I thought they are supposed to be blocked on that level.

Am I missing something in my knowledge or my router firewall is just 
doing a poor job?

Can anybody of networking gurus explain it to me, please?






More information about the ubuntu-users mailing list