[Ham-Computers] DSL info: Thanks again all

[Philip Atchley]

Hello Aaron et al,

I changed the subject field.

First, thank you to EVERYONE who provided this "Wideband neophyte" with 
all this good information.  I've been on the WWW about 7 years now and 
am just now able to go with wideband, thanks to SBC's special offer (and 
which may 'bite' me later ;-).

Anyway, I've been offered a USED LinkSys BEFSR41 at a price I could 
(barely) afford, but which is cheaper than new, so I took the gentleman 
up on it.  Of course it may mean that the wife has to serve me Chile 
beans or cheap burritos 3 meals a day for the rest of the month <grin>.

But now I can follow Aaron's advice and use the 'free' version of Zone 
Alarm or similar, and go back to my "Free" Avast4 anti-virus program, 
this route is actually much cheaper than buying the full blown ZA 
package. By the way, I've found that the freeware Avast4 home version  
seems to be a VERY effective anti-virus program, free for home use. 
Though it occasionally 'alarms ' on Email Viri and even a couple 
websites I've visited (I try to be very cautious where I browse), so far 
as I can tell nothing has ever sneaked through it.  And it automatically 
updates every time I connect to the web. Before I installed ZA and was 
still running the XP firewall it even caught and blocked DCOM Port 135 
Exploit probes, something I didn't expect.  (I've since plugged that 
"hole", DCOM is turned off).

73 de Phil  KO6BB

Aaron (NBC Universal) wrote:

>Hi Phil (et al),
>
>I think most have answered your questions already - yes, broadband
>connections are more of a target due to their "always-on" nature.  They are
>also "preferred" by hackers as they are "broadband" and won't get the
>response latency from dial-up users.
>
>I do question your decision to purchase ZoneAlarm vs a router.  A router
>will offer you a first line of defense against hackers by providing a NAT
>firewall (Network Adress Translation).  NAT firewalls are simple, but
>effective.  By positioning itself between your computer(s) and the Internet,
>it takes the brunt of hacking attempts.  In fact, you'll probably notice
>that ZA will no longer report incomming intrusion attempts as the router is
>effectively "blocking" all of them.
>
>Most of the newer SOHO routers today also include an SPI firewall (Stateful
>Packet Inspection).  This ensures that the only traffic allowed into your
>network is traffic that was requested from within your network - all other
>packets are dropped.
>
>Yes, this still leaves computers on your network vulnerable to trojans, but
>the free version of ZA and a good AV program should handle these.  Careful
>surfing should take care of the rest.
>
>Now, your purchase decision may actually rest on what type of DSL
>modem/router SBC sends you.  The 5100b, which I got last December, is itself
>a NAT firewall by default.  However, it only supports one computer on the
>"inside", meaning it only accepts traffic from one IP address on your
>network.  This would preclude you from connecting both your computers to the
>Internet without a router (or Windows ICS, which I don't recommend).  With
>the 5100b AND a router, you'll effectively have dual NAT firewalls - this is
>how I have my network setup at home - DSL line the 5100b, 5100b to a Linksys
>router, and all my systems attached to the router (wired and wireless via
>WPA).  I use BlackICE (vs ZA) and the only reports I get are usually
>malformed HTTP headers, icons, or trojans/virii in e-mail.  The malformed
>headers and icons are blocked by BI (or ignored by Firefox) and the
>trojans/virii are handled by NAV.  In the 6 years I had ISDN and now with
>DSL, I have not had any virii, trojans, or successful hacking attempts
>(knock wood <g>).   
>
>I haven't used ZA for many years (since it's infancy when it had a tendency
>to completely hose your system if you un-installed it - been there, done
>that), but it shouldn't prevent you from networking your computers together.
>There are a lot of nuances in networking a "mixed" Windows environment (9x
>with NT/2K/XP), so you might be seeing a Windows networking interaction.
>You also need to make sure that ZA is configured to leave the Windows
>Networking ports open so another system can connect to yours.  If you have
>ZA "cranked all the way up", then Windows Networking will most likely not
>work, even with the "Pro" version of ZA.  Basically, I believe you've
>reached a stage that requires a bit of planning and configuration to get
>everything working.  It took me a while to trust the router's firewall
>enough to "turn down" BlackICE so that I could do Windows networking, but it
>works once you do.  I'm sure ZA will also work the same way.
>
>So, for your situation, my personal (and professional) recommendation is to
>spend your $$$ on a good router *FIRST*.  Then consider ZA if you have any
>funds left over.  A Linksys WRT54G can be had for about $60 on sale, and
>they'll often also come with a mail-in rebate for another $20 or $30.  The
>retail is $79.  Oh, and the WRT54G has wireless.  The BEFSR41, the basic
>non-wireless router retails for about $59 and rarely is on sale or has
>rebates.  Can you spot the cost effective way to go here?  I believe you're
>in the SF Bay area, so check the Thursday edition of your local paper for
>Fry's Electronics ads.  There's a router on sale w/rebates every weekend.
>Fry's isn't the greatest place (don't get me started!), but if you know what
>you want and don't deal with the sales scum, it's worth the trip.
>
>If you need any help with the setup, send me an e-mail and I'll help step
>you through.  If I have the time, I can even give you a call.  If you have
>HF capabilities and the bands cooperate, we can sked a contact.
>
>Oh, and *please* don't install the SBC start-up software!
>
>
>73,
>
>  - Aaron, NN6O
>_______________________________________________
>Ham-Computers mailing list
>Ham-Computers at mailman.qth.net
>http://mailman.qth.net/mailman/listinfo/ham-computers
>
>  
>