JorgeA

Wired Routers for Win98

62 posts in this topic

Hello,

I have two Windows 98 and two Vista computers to take care of in my office, and I'm thinking of buying a wired router to help protect them when they go on the Internet.

Currently the computers are each connected to a switch, and otherwise they all fend for themselves with their own software firewalls. The router would be to add a hardware firewall layer to my defenses.

As currently configured, all the computers pass every one of Gibson Research's ShieldsUP!! vulnerability inspections, except for the Ping Reply test.

I have two questions:

1. Can you recommend any wired routers that work well on both Vista and Windows 98FE, or does it not really matter to the router what kind of computers are hooked up to it?

2. Considering that Win98 systems are involved (an FE tower and an SE laptop), are there any special issues Ill need to keep in mind when setting up the wired router for the first time?

Im not looking (necessarily) into setting up a network to enable the computers to talk to each other. Im mainly interested in replicating the star configuration that I now have, where each computer connects to the switch and then the switch connects to the DSL modem. The only difference would be that Id be using a wired router instead of a switch, or maybe in addition to the switch.

Any guidance you can provide will be welcome. I apologize if I chose the wrong forum section to post this on!

--JorgeA

Edited by JorgeA
0

Share this post


Link to post
Share on other sites

Any router will do, they just 'talk Ethernet', and any OS which supports Ethernet will just work.

I *think* there is already a router in your modem, else you should have 4 public IP addresses. That is not impossible, but only rare.

0

Share this post


Link to post
Share on other sites

Any router will do, they just 'talk Ethernet', and any OS which supports Ethernet will just work.

I *think* there is already a router in your modem, else you should have 4 public IP addresses. That is not impossible, but only rare.

Mijzelf,

Thanks, that's what I thought -- that nothing special needs to be done. But I'm new at this, so I wanted to make sure!

I checked two of my PCs on the Gibson Research site, and they have the same IP address. But then the DSL modem from the phone company is billed as just a modem. They do sell other devices that they call routers, so I figure that my modem is just a modem. And it has only one connection for a PC. Does any of this make a difference as to whether the "modem" could actually work as a router?

--JorgeA

0

Share this post


Link to post
Share on other sites

Thanks, that's what I thought -- that nothing special needs to be done. But I'm new at this, so I wanted to make sure!

I checked two of my PCs on the Gibson Research site, and they have the same IP address. But then the DSL modem from the phone company is billed as just a modem. They do sell other devices that they call routers, so I figure that my modem is just a modem. And it has only one connection for a PC. Does any of this make a difference as to whether the "modem" could actually work as a router?

--JorgeA

If they're selling routers, it's highly unlikely the modem is a router. The fact it only has one ethernet port is another clue - even today's cheap wired routers usually have more than one internal (LAN) port, to hook up multiple wired PCs internally. I'd guess you need an actual consumer-grade router to connect to the DSL modem's ethernet port, and then you'd connect your PCs to the router's LAN ports.
0

Share this post


Link to post
Share on other sites

Thanks, cluberti -- I'm glad that you roam around these forums!

Would I be right to assume that you agree with me and Mijzelf (sorry everyone, couldn't resist saying that), that no particular router model or special setting is needed to get Win98 and Vista PCs working off the same router?

--JorgeA

0

Share this post


Link to post
Share on other sites

It's quite easy to find out if your modem is actually a router. When the IP address which shows up on Gibson's site (or on www.whatismyip.com) is a different one then that what shows up in winipcfg (98) or ipconfig (Vista), than it's a router.

What type of modem do you have?

0

Share this post


Link to post
Share on other sites

I have two Windows 98 and two Vista computers to take care of in my office, and I'm thinking of buying a wired router to help protect them when they go on the Internet. Currently the computers are each connected to a switch, and otherwise they all fend for themselves with their own software firewalls. The router would be to add a hardware firewall layer to my defenses.

There's something I don't understand here. Do you have or own a small IP-subnet, or do you connect to the internet via a single IP (either dynamic or static) ?

If you connect to the net or are otherwise assigned a single IP address, and if all computers have simultaneous internet access, then you must have NAT functionality somewhere in your network - most likely in the modem.

The network I manage is exactly like that. A DSL modem that has NAT functionality is connected to a 24-port giga-bit hub / switch. All our machines (including the win-98 machines we have) all have 1000 mb cards and our local lan runs at giga-bit speed.

It's been like this since late 2005. Between 2000 and 2005, we had an ISDN connection to the internet, but we had a 32-address subnet assigned to us, so each of our machines was directly facing the internet. Our win-98 machines had no problems with that - they had no firewall, but win-98 is not really vulnerable to network worms like NT-based OS's were. We used Netbeui for file sharing (which is secure on a lan that is exposed directly to the internet).

Running firewall software on a win-98 system is, in my opinion, complete garbage and a waste of time and resources. There is nothing to be gained by it, especially if you are already behind a nat-router.

0

Share this post


Link to post
Share on other sites

It's quite easy to find out if your modem is actually a router. When the IP address which shows up on Gibson's site (or on www.whatismyip.com) is a different one then that what shows up in winipcfg (98) or ipconfig (Vista), than it's a router.

What type of modem do you have?

Mijzelf,

The IP address on those two sites is in fact different from the one that shows up in ipconfig. I guess that suggests that it's a router?

In case it makes a difference, the three computers are each connected to a switch, which is then connected to that DSL device.

The device is a Westell F90-610015-06. After a Web search I couldn't really settle in my mind the question of whether it's a modem or a router, but I still suspect it's a modem.

After seeing this info, what does it sound like it is to you?

Thanks!

--JorgeA

0

Share this post


Link to post
Share on other sites

wsxedcrfv,

No, my setup right now is really simple. I'm slowly poking my toes into this ocean.

The PCs are not networked, at least not with each other. (File sharing is turned off on all of them.) That's not to say that I won't set up an actual network at some point, but for the time being I'm avoiding that level of complexity.

So I guess that the answer would be that the PCs connect via the same IP address, but no local network is set up (nor can any of my PCs detect one).

Here's my progression. Up till December 2008 I had a single Win98 PC connected to the Internet via dial-up. When the computer developed major problems (which seem to have been fixed), I bought a Vista system and moved up to DSL service. Once I got used to that, and the old PC seemed to get better, I decided to experiment with putting both computers on the 'Net, so I bought a switch and both of them can surf the Web at the same time, but with no networking between the two of them. Then I added a Win98SE notebook, and it surfs great at the same time, too. My Vista laptop can jump in as well, no problem.

And now that I have a handle on that, the next level is to set up a router so that these PCs can enjoy its hardware firewall. Maybe later on I'll try to network them, but right now that's beyond my pay grade....

Steve Gibson's tests indicate that my PCs are fairly well cloaked, except for the Ping Test. I'm not sure if that protection comes from the DSL modem (there's some question as to whether it's actually a router), or from my ISP, or from the computers' individual firewalls. I'm willing to learn.

Hope this helps to make my situation clear!

--JorgeA

0

Share this post


Link to post
Share on other sites

The PCs are not networked, at least not with each other. (File sharing is turned off on all of them.)

Whether or not the PC's are configured as a peering network, or a domain-controlled network, or neither, is not important, and has no impact or influence on your network hardware.

So I guess that the answer would be that the PCs connect via the same IP address, (...)

Steve Gibson's tests indicate that my PCs are fairly well cloaked, except for the Ping Test. I'm not sure if that protection comes from the DSL modem (there's some question as to whether it's actually a router), or from my ISP, or from the computers' individual firewalls. I'm willing to learn.

Your modem is performing NAT (network address translation) which is a form of routing. The IP address that you are assigned by your ISP is being used by your modem on it's WAN side. On the LAN side of the modem, you are most likely using 192.168.x.x or 10.x.x.x or 172.x.x.x for the IP addresses for your individual computers. Your Gibson Shield's UP test will not show anything of any value in this case because if your modem is configured for default operation, it will be blocking all unsolicited in-bound packets. Running a firewall on your windows 98 machines in this situation is of very little value because your modem is operating as an in-bound firewall. This is what most broad-band modems do these days. Maybe 5+ years ago some of them didn't do that.

You are failing the ping test because your modem is responding to ICMP packets. If you turn that off, or if you route ICMP packets to an unused LAN ip address, then you will pass the ping test. There is not much value in doing that, and sometimes for diagnostic or speed-testing reasons you want your modem to respond to pings.

You can connect any router or hub or switch to your modem without worrying about security or firewall issues.

0

Share this post


Link to post
Share on other sites

Your modem is performing NAT (network address translation) which is a form of routing. The IP address that you are assigned by your ISP is being used by your modem on it's WAN side. On the LAN side of the modem, you are most likely using 192.168.x.x or 10.x.x.x or 172.x.x.x for the IP addresses for your individual computers. Your Gibson Shield's UP test will not show anything of any value in this case because if your modem is configured for default operation, it will be blocking all unsolicited in-bound packets. Running a firewall on your windows 98 machines in this situation is of very little value because your modem is operating as an in-bound firewall. This is what most broad-band modems do these days. Maybe 5+ years ago some of them didn't do that.

wsxedcrfv,

Fascinating! Looks like I'll be reading up on NAT and subnets sooner than I'd thought.

You can connect any router or hub or switch to your modem without worrying about security or firewall issues.

Cool. The firewalls DO eat up some resources, so this is a tempting idea. It's too bad that there doesn't seem to be any official documentation anywhere that's specific to my particular modem (Westell F90-610015-06), so that we could explore and tinker with the settings, and maybe see what the manufacturer has to say about their product's features.

I did find the following webpage where this issue is addressed. (See "Solution #2.")

One question about dispensing with the software firewall. My understanding is that a hardware firewall stops unwanted inbound traffic, but not outbound. Wouldn't there be a use then for the software firewall, in case one of my PCs got turned into a zombie?

It's an interesting concept that you suggest, going without a software firewall. I'll look into it deeper. For now, it's starting to look like I already have the capabilities that I was looking for, so I don't need a router.

--JorgeA

0

Share this post


Link to post
Share on other sites
It's too bad that there doesn't seem to be any official documentation anywhere that's specific to my particular modem (Westell F90-610015-06),

According to this your modem is a 6100F. So maybe you can find a manual here

0

Share this post


Link to post
Share on other sites

Cool. The firewalls DO eat up some resources, so this is a tempting idea. It's too bad that there doesn't seem to be any official documentation anywhere that's specific to my particular modem (Westell F90-610015-06), so that we could explore and tinker with the settings, and maybe see what the manufacturer has to say about their product's features.

Mijzelf posted a link to the PDF manual. The default LAN network for your modem is 192.168.1.0. To bring up the configuration page for your modem, open a web browser and enter 192.168.1.1 into the location bar. It will ask for user name and password. User name is "admin" and password is "password".

Your manual can be directly downloaded from here:

http://www.dslreports.com/r0/download/1265034~8caa974466bfc1f04bc28a03065e10b9/Verizon_proline_e90610015_draft1_041007.pdf

One question about dispensing with the software firewall. My understanding is that a hardware firewall stops unwanted inbound traffic, but not outbound. Wouldn't there be a use then for the software firewall, in case one of my PCs got turned into a zombie?

A software firewall that is operating on a PC can examine and block data packets in both directions (in-bound into the computer, and out-bound out of the computer). A NAT-router can only perform in-bound filtering.

The software firewall, because it's running on the PC, will know which apps or processes are trying to send data out of the PC, and can follow and apply rules as to which are allowed to send data out of the PC.

If your PC is infected with a trojan or back-door that is trying to send data out of the PC, it's highly likely that the trojan will try to disable your firewall software before it makes the attempt. Or it will use another method to send data out of the PC that the firewall will not block. See here for an example:

http://www.symantec.com/connect/blogs/inside-trojanclampi-bypassing-your-local-firewall

It's my general impression that there are very few malware agents in current circulation that are able to operate on Windows 9x/me in any way that is useful for organized botnet operators or information thieves. Just look at your own experience with running a firewall on your windows 98 system(s) and ask yourself how many times the firewall alerted you to a genuine instance of malware trying to communicate with the outside world.

When ever I have these discussions about software firewalls with people that believe in them and use them, it usually happens that they eventually say that they want more control over their computer and the various programs they run and how those programs behave, and the firewall allows them to do that. So it usually boils down to control more than security.

I think it's useful, or absolutely necessary, for NT-based PC's to be running an in-bound firewall, especially if it's a portable laptop, but that need goes away when it's a stationary desktop PC behind a NAT-router. I place very little value on out-bound firewalling as an anti-malware tactic on NT-based systems, and even less value on win-9x/me systems.

The only time you might (or should) be running an out-bound firewall is if you download certain application programs (like hacks, cracks, or keygens) and you want to contain the behavior of those programs if they turn out to be rogue or malicious (which is usually the case).

0

Share this post


Link to post
Share on other sites
It's too bad that there doesn't seem to be any official documentation anywhere that's specific to my particular modem (Westell F90-610015-06),

According to this your modem is a 6100F. So maybe you can find a manual here

Mijzelf,

You know, as I looked for info on my modem last night I did see that exact DSLR forum thread that you linked to, but in the process of visually scanning I did not see the sequence of characters that my eyes were looking for (F90-610015-06), so I ended up skipping it. The key, of course, was in knowing that a "6100F" is the same as an F90-610015. My Web search didn't turn up the other link you provided, and which puts the two sets of numbers together.

I continue to be amazed by the level of expertise shown by the folks who participate in the MSFN Forums, and most of all by their (your) willingess to help.

Many thanks! :thumbup

--JorgeA

P.S. Now that it's daytime, I can see clearly that my modem says, in little white letters on the front, "Model 6100F." Duh!! And here I thought I was being so sophisticated by going straight to the product label on the bottom... :blushing:

0

Share this post


Link to post
Share on other sites

If your PC is infected with a trojan or back-door that is trying to send data out of the PC, it's highly likely that the trojan will try to disable your firewall software before it makes the attempt. Or it will use another method to send data out of the PC that the firewall will not block. See here for an example:

http://www.symantec.com/connect/blogs/inside-trojanclampi-bypassing-your-local-firewall

wsxedcrfv,

Thanks for the link. Pretty nasty technique, there.

Would you say that there's generally just too much focus on (or trust in) software firewalls?

It's my general impression that there are very few malware agents in current circulation that are able to operate on Windows 9x/me in any way that is useful for organized botnet operators or information thieves. Just look at your own experience with running a firewall on your windows 98 system(s) and ask yourself how many times the firewall alerted you to a genuine instance of malware trying to communicate with the outside world.

I've never had a case where the Norton firewall alerted me to an unknown program trying to go out on the 'Net. But there have been times where it's told me that it blocked an outside attempt to invade my Win98 PC. However, that was when the PC was on dial-up. I don't remember it happening again since I got DSL.

I think it's useful, or absolutely necessary, for NT-based PC's to be running an in-bound firewall, especially if it's a portable laptop, but that need goes away when it's a stationary desktop PC behind a NAT-router.

Let me make sure I have this right. So I can actually set up a LAN behind this Westell device, enabling file sharing and the like, while dispensing with the various PCs' individual software firewalls, and they will still have as much protection from intruders as before?

BTW, there's no chance of me going into the Internet underworld, so I should be O.K. on that score.

Thanks again!

--JorgeA

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.