[JorgeA]

Hello,

I have two Windows 98 and two Vista computers to take care of in my office, and I'm thinking of buying a wired router to help protect them when they go on the Internet.

Currently the computers are each connected to a switch, and otherwise they all fend for themselves with their own software firewalls. The router would be to add a hardware firewall layer to my defenses.

As currently configured, all the computers pass every one of Gibson Research's ShieldsUP!! vulnerability inspections, except for the Ping Reply test.

I have two questions:

1. Can you recommend any wired routers that work well on both Vista and Windows 98FE, or does it not really matter to the router what kind of computers are hooked up to it?

2. Considering that Win98 systems are involved (an FE tower and an SE laptop), are there any special issues I’ll need to keep in mind when setting up the wired router for the first time?

I’m not looking (necessarily) into setting up a network to enable the computers to talk to each other. I’m mainly interested in replicating the star configuration that I now have, where each computer connects to the switch and then the switch connects to the DSL modem. The only difference would be that I’d be using a wired router instead of a switch, or maybe in addition to the switch.

Any guidance you can provide will be welcome. I apologize if I chose the wrong forum section to post this on!

--JorgeA

This post has been edited by JorgeA: 04 June 2010 - 11:11 AM

[Mijzelf]

Any router will do, they just 'talk Ethernet', and any OS which supports Ethernet will just work.

I *think* there is already a router in your modem, else you should have 4 public IP addresses. That is not impossible, but only rare.

[JorgeA]

Mijzelf, on 04 June 2010 - 11:38 AM, said:

Any router will do, they just 'talk Ethernet', and any OS which supports Ethernet will just work.

I *think* there is already a router in your modem, else you should have 4 public IP addresses. That is not impossible, but only rare.

Mijzelf,

Thanks, that's what I thought -- that nothing special needs to be done. But I'm new at this, so I wanted to make sure!

I checked two of my PCs on the Gibson Research site, and they have the same IP address. But then the DSL modem from the phone company is billed as just a modem. They do sell other devices that they call routers, so I figure that my modem is just a modem. And it has only one connection for a PC. Does any of this make a difference as to whether the "modem" could actually work as a router?

--JorgeA

[cluberti]

JorgeA, on 04 June 2010 - 01:49 PM, said:

Thanks, that's what I thought -- that nothing special needs to be done. But I'm new at this, so I wanted to make sure!

I checked two of my PCs on the Gibson Research site, and they have the same IP address. But then the DSL modem from the phone company is billed as just a modem. They do sell other devices that they call routers, so I figure that my modem is just a modem. And it has only one connection for a PC. Does any of this make a difference as to whether the "modem" could actually work as a router?

--JorgeA

If they're selling routers, it's highly unlikely the modem is a router. The fact it only has one ethernet port is another clue - even today's cheap wired routers usually have more than one internal (LAN) port, to hook up multiple wired PCs internally. I'd guess you need an actual consumer-grade router to connect to the DSL modem's ethernet port, and then you'd connect your PCs to the router's LAN ports.

[JorgeA]

Thanks, cluberti -- I'm glad that you roam around these forums!

Would I be right to assume that you agree with me and Mijzelf (sorry everyone, couldn't resist saying that), that no particular router model or special setting is needed to get Win98 and Vista PCs working off the same router?

--JorgeA

[Mijzelf]

It's quite easy to find out if your modem is actually a router. When the IP address which shows up on Gibson's site (or on www.whatismyip.com) is a different one then that what shows up in winipcfg (98) or ipconfig (Vista), than it's a router.

What type of modem do you have?

[JorgeA]

Mijzelf, on 04 June 2010 - 03:45 PM, said:

It's quite easy to find out if your modem is actually a router. When the IP address which shows up on Gibson's site (or on www.whatismyip.com) is a different one then that what shows up in winipcfg (98) or ipconfig (Vista), than it's a router.

What type of modem do you have?

Mijzelf,

The IP address on those two sites is in fact different from the one that shows up in ipconfig. I guess that suggests that it's a router?

In case it makes a difference, the three computers are each connected to a switch, which is then connected to that DSL device.

The device is a Westell F90-610015-06. After a Web search I couldn't really settle in my mind the question of whether it's a modem or a router, but I still suspect it's a modem.

After seeing this info, what does it sound like it is to you?

Thanks!

--JorgeA

[JorgeA]

wsxedcrfv,

No, my setup right now is really simple. I'm slowly poking my toes into this ocean.

The PCs are not networked, at least not with each other. (File sharing is turned off on all of them.) That's not to say that I won't set up an actual network at some point, but for the time being I'm avoiding that level of complexity.

So I guess that the answer would be that the PCs connect via the same IP address, but no local network is set up (nor can any of my PCs detect one).

Here's my progression. Up till December 2008 I had a single Win98 PC connected to the Internet via dial-up. When the computer developed major problems (which seem to have been fixed), I bought a Vista system and moved up to DSL service. Once I got used to that, and the old PC seemed to get better, I decided to experiment with putting both computers on the 'Net, so I bought a switch and both of them can surf the Web at the same time, but with no networking between the two of them. Then I added a Win98SE notebook, and it surfs great at the same time, too. My Vista laptop can jump in as well, no problem.

And now that I have a handle on that, the next level is to set up a router so that these PCs can enjoy its hardware firewall. Maybe later on I'll try to network them, but right now that's beyond my pay grade....

Steve Gibson's tests indicate that my PCs are fairly well cloaked, except for the Ping Test. I'm not sure if that protection comes from the DSL modem (there's some question as to whether it's actually a router), or from my ISP, or from the computers' individual firewalls. I'm willing to learn.

Hope this helps to make my situation clear!

--JorgeA

[JorgeA]

wsxedcrfv, on 04 June 2010 - 05:56 PM, said:

Your modem is performing NAT (network address translation) which is a form of routing. The IP address that you are assigned by your ISP is being used by your modem on it's WAN side. On the LAN side of the modem, you are most likely using 192.168.x.x or 10.x.x.x or 172.x.x.x for the IP addresses for your individual computers. Your Gibson Shield's UP test will not show anything of any value in this case because if your modem is configured for default operation, it will be blocking all unsolicited in-bound packets. Running a firewall on your windows 98 machines in this situation is of very little value because your modem is operating as an in-bound firewall. This is what most broad-band modems do these days. Maybe 5+ years ago some of them didn't do that.

wsxedcrfv,

Fascinating! Looks like I'll be reading up on NAT and subnets sooner than I'd thought.

wsxedcrfv, on 04 June 2010 - 05:56 PM, said:

You can connect any router or hub or switch to your modem without worrying about security or firewall issues.

Cool. The firewalls DO eat up some resources, so this is a tempting idea. It's too bad that there doesn't seem to be any official documentation anywhere that's specific to my particular modem (Westell F90-610015-06), so that we could explore and tinker with the settings, and maybe see what the manufacturer has to say about their product's features.

I did find the following webpage where this issue is addressed. (See "Solution #2.")

One question about dispensing with the software firewall. My understanding is that a hardware firewall stops unwanted inbound traffic, but not outbound. Wouldn't there be a use then for the software firewall, in case one of my PCs got turned into a zombie?

It's an interesting concept that you suggest, going without a software firewall. I'll look into it deeper. For now, it's starting to look like I already have the capabilities that I was looking for, so I don't need a router.

--JorgeA

[Mijzelf]

Quote

It's too bad that there doesn't seem to be any official documentation anywhere that's specific to my particular modem (Westell F90-610015-06),

According to this your modem is a 6100F. So maybe you can find a manual here. 

[JorgeA]

Mijzelf, on 05 June 2010 - 03:52 AM, said:

Quote

It's too bad that there doesn't seem to be any official documentation anywhere that's specific to my particular modem (Westell F90-610015-06),

According to this your modem is a 6100F. So maybe you can find a manual here. 

Mijzelf,

You know, as I looked for info on my modem last night I did see that exact DSLR forum thread that you linked to, but in the process of visually scanning I did not see the sequence of characters that my eyes were looking for (F90-610015-06), so I ended up skipping it. The key, of course, was in knowing that a "6100F" is the same as an F90-610015. My Web search didn't turn up the other link you provided, and which puts the two sets of numbers together.

I continue to be amazed by the level of expertise shown by the folks who participate in the MSFN Forums, and most of all by their (your) willingess to help.

Many thanks!

--JorgeA

P.S. Now that it's daytime, I can see clearly that my modem says, in little white letters on the front, "Model 6100F." Duh!! And here I thought I was being so sophisticated by going straight to the product label on the bottom...

[JorgeA]

wsxedcrfv, on 05 June 2010 - 08:15 AM, said:

If your PC is infected with a trojan or back-door that is trying to send data out of the PC, it's highly likely that the trojan will try to disable your firewall software before it makes the attempt. Or it will use another method to send data out of the PC that the firewall will not block. See here for an example:

http://www.symantec....-local-firewall

wsxedcrfv,

Thanks for the link. Pretty nasty technique, there.

Would you say that there's generally just too much focus on (or trust in) software firewalls?

wsxedcrfv, on 05 June 2010 - 08:15 AM, said:

It's my general impression that there are very few malware agents in current circulation that are able to operate on Windows 9x/me in any way that is useful for organized botnet operators or information thieves. Just look at your own experience with running a firewall on your windows 98 system(s) and ask yourself how many times the firewall alerted you to a genuine instance of malware trying to communicate with the outside world.

I've never had a case where the Norton firewall alerted me to an unknown program trying to go out on the 'Net. But there have been times where it's told me that it blocked an outside attempt to invade my Win98 PC. However, that was when the PC was on dial-up. I don't remember it happening again since I got DSL.

wsxedcrfv, on 05 June 2010 - 08:15 AM, said:

I think it's useful, or absolutely necessary, for NT-based PC's to be running an in-bound firewall, especially if it's a portable laptop, but that need goes away when it's a stationary desktop PC behind a NAT-router.

Let me make sure I have this right. So I can actually set up a LAN behind this Westell device, enabling file sharing and the like, while dispensing with the various PCs' individual software firewalls, and they will still have as much protection from intruders as before?

BTW, there's no chance of me going into the Internet underworld, so I should be O.K. on that score.

Thanks again!

--JorgeA

[rilef]

Some DSL and cable modems are actually combo devices, combining a router and modem in the same enclosure. But your DSL modem appears to be only a simple DSL modem, designed for use only with Verizon (see http://www.westell.c...10015-06-2.html ). Google "F90-610015-06" for lots of other information on this modem.

Apparently, your dsl modem configuration can be viewed, but not adjusted, using Internet Explorer or other browser (for a "how to" see http://text.broadban...1001506-Success . Note that the Linksys router's default WEB address (http://192.168.1.1/) is the same as your Westell DSL modem's WEB address and will have to be changed prior to use. Similarly, other routers may also use http://192.168.1.1/ as their default WEB addresses, and thus their WEB addresses also would have to be changed).

I currently use an old Linksys router, which I purchased used for less than $10, then modernized or updated the firmware from the Linksys website. Linksys routers are well documented and supported on the Linksys website and easily configurable (e.g. pings and port 113 were disabled by opening the router configuration menus in my browser and checking the appropriate checkbox). But other leading brand browsers may also do the job. Also, the router does not have to be the newest or high-speed (1000 mb}, unless all other devices on the network are high-speed.

The GRC Shields Up "Ping Test" is important because, although your firewall may or may not block "all unsolicited in-bound packets", the better security is to remain invisible on the Internet to all unsolicited and potentially malicious probes. If your computer responds to an unsolicited probe with a ping, the prober now knows you're there and your IP address.

Some software firewalls use more resources than other software firewalls, so resource use may have to be considered on older computers. But, for example, I've used Sygate firewall software on an old 286 Mhz computer, with no observable degradation in performance. And, if you're running a peer-to-peer or home network, the software firewall can be configured to allow certain traffic on the home network (such as printer or file sharing), while restricting traffic, on the same physical network, to/from the Internet. Also, software firewalls are important to prevent unwanted outgoing traffic from your computer, particularly from newly installed software, whose initial behavior after installation may or may not be welcome (such as, calling home or opening up a WEB page after installation, or attempting to update the software to a newer version, or downloading and installing additional software). Some software attempt to open a WEB page in Internet Explorer, even though IE is not my default browser. A software firewall can block IE from being used by such software.

[JorgeA]

rilef,

Thanks for jumping in.

I sense a flame war erupting here, or maybe my question has rekindled an old argument. Hopefully what I report below will help to stop things from getting to that point.

Prompted by your post, I went into my Westell's configuration. Had to set a new password and all. I'm too new at the networking game to dare to actually change any settings in there, but it sure does look like I can change them. I even clicked a few settings on and off, but left everything unchanged in the end. (I didn't hit the "Apply" button.) Every button that I tried seemed to respond as one would expect. Maybe this will help to settle the question of whether this box is a simple modem, or a router (maybe a modem with extra features? or a combo device as you think might be possible).

If you go to page 70 of the 6100's guide, you'll find a screenshot of the general firewall settings. It matches exactly the screen that I got when I clicked on the Westell menu to access the firewall settings. I was surprised to see that the default (and current) value is "No Security," because all of my PC's did well on the Gibson tests (except for the ping test). Could that be the computers' software firewalls in action?

Thanks again!

--JorgeA

[JorgeA]

wsxedcrfv,

See my reply to rilef.

It looks like the Westell 6100F that I have may be in fact some kind of combo device, as I can go into the settings and (apparently) change them, including firewall and port rules. (Please excuse my noobness if I'm getting the terminology wrong.)

Check out page 70 of the PDF to the manual. The general firewall settings menu is just like the one I saw when I went into my box's configuration application. Now, you'll see that the default setting is "No Security." Yet, as I said before, my PC's did pretty well on the Gibson tests. Two questions: Could that be thanks to the software firewalls -- and, if I were to uninstall them, then which of those security settings would I choose to emulate the level of protection that the current firewalls are providing?

On the other hand, since the software firewalls are already in place, one could say that there's very little additional time and effort involved in keeping them running. So isn't it possible that the question boils down to whether you want to dedicate resources on a Win98 machine to a firewall?

One last thing (for now, anyway). I assume that none of this affects the wisdom of running antivirus/antimalware applications, as opposed to a firewall?

I appreciate all the information you've been passing along -- thank you!

--JorgeA