network security related question
Vitorio Okio
ovitorio at hotmail.com
Fri Feb 27 05:17:40 UTC 2009
I need an explanation from somebody that knows about networking security
a bit more than I do. The question below also might be particular to my
hardware/software set.
I'm behind Linksys WRT54 router with DD-WRT v.24 on it with the router
SPI firewall enabled.
I also have Firestarter running on my Ubuntu 8.04.
I used to think that being behind a NAT router is quite safe. And I used
to think that keeping Firestarter running is my tribute to security
paranoia.
But today I've noticed a huge number of incoming connections reported
blocked by Firestarter. All of them are of ICMP protocol, and my
understanding is they are either pings, or simple port scans, or
something of the kind.
Though almost all of them come from the same 2 sources outside of my
country and this persistence worries me.
My question is how do they ever reach my Firestarter? How they go through
my NAT router? I thought they are supposed to be blocked on that level.
Am I missing something in my knowledge or my router firewall is just
doing a poor job?
Can anybody of networking gurus explain it to me, please?
More information about the ubuntu-users
mailing list