Hey fafhrd,
Sound like you know what your doing and how to do it. I too don't use IE for the same reason or Outlook. Google becoming IMHO the next evil empire precludes me from using Chrome. Firefox and Tbird have been doing me just fine. I wish I had the knowledge or an expert to help me make sure my router is set up correctly. I never understood the NAT firewall concept, I don't broadcast the wireless name, use 802N with WPA2 with a very long password and mac filtering. Other than that I am beyond my depth. That is why I wish I had a trusty firewall as an extra layer of protection. Thanks for your help and experience!
Glenn
NAT is quite easy. It's automatically set up by default in most routers. The router has the incoming internet address assigned by the ISP, for me it's (I open a new tab, type: whats my ip, and Google sends me to
What's My IP Address? Networking Tools & More which tells me: ) 82.44.205.163. Publicly broadcast - that's how the website could tell me what my IP was. On my side of the router, which has an IP address of 192.168.0.1 (my internet gateway and DNS) I find that my address is 192.168.0.9 if I look it up with ipconfig.
Almost all private home networks operate within the range of 192.168.0.1 to 192.168.0.255. Nobody on the internet can reach me at address 192.168.0.9, because there are millions of us with that address, on private networks globally. Only my router knows how to. So when a website sends a page I have asked for, the site sends it to 82.44.205.163, since that is the address it believes the request has come from. When my router receives the page, it routes it to me, 'cos it knows I requested it.
Some downloaded programs might "phone home" from my computer, and that's where ZA has the advantage over, say, MS Windows Firewall, which never asks your permission for anything, although it can be configured to block outgoing requests like ZA does. Most programs that do call home, I am happy to let them, so that they can receive updates etc.
In occasion I have clicked an advert which has given me an unwelcome parasite. Usually these are manifested as BHOs (Browser Helper Objects), which might, for instance, install themselves as toolbars in Internet Explorer, and spawn unwelcome adverts, and worse. That's when I would load up Malwarebytes to remove all traces of the parasite, but as I mentioned before, I already have several defences against that happening.
After WPA2, the other password is that of the router setup, which you should change from the default if you can, the router default ssid name, since these all give clues to the hacker.
However, a scan from
Netalyzr shows that the router reports on the internal private network:
Code:
[COLOR=#606060][FONT=helvetica][COLOR=#0A0545][B]cpc2-haye8-0-0-cust1442.haye.cable.virginmedia.com / 82.44.205.163[/B][/COLOR]
NAT detection ([URL="http://www.eightforums.com/info_nat_detect.html"]?[/URL]): NAT Detected[URL="http://www.eightforums.com/"]–[/URL]
Your global IP address is 82.44.205.163 while your local one is 192.168.0.9. You are behind a NAT. Your local address is in unroutable address space.
Your machine numbers TCP source ports sequentially. The following graph shows connection attempts on the X-axis and their corresponding source ports used by your computer on the Y-axis.
[CENTER][IMG]http://chart.apis.google.com/chart?cht=s&chs=250x40&chf=bg,s,00000000&chm=o,000000,0,0,4,1&chxt=y&chxl=0:%7C45512%7C45521&chd=t:0,11,22,33,44,55,66,77,88,99%7C0,11,22,33,44,55,66,77,88,100[/IMG][/CENTER]
TCP ports are not renumbered by the network.
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]
Local Network Interfaces ([URL="http://www.eightforums.com/info_local_interface.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your computer reports the following network interfaces, with the following IP addresses for each one:
[LIST]
[*]lo: (a local loopback interface)
[LIST]
[*]::1 [localhost] (an IPv6 loopback address)
[*]127.0.0.1 [localhost] (an IPv4 loopback address)
[/LIST]
[*]wlan0:
[LIST]
[*]fe80::8a9f:faff:fe0f:9771 (a link-local IPv6 address)
[*]192.168.0.9 [[COLOR=#ff0000][B]MYNAME[/B]-netbook.local[/COLOR]] (a private IPv4 address)
[/LIST]
[/LIST]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]
DNS-based host information ([URL="http://www.eightforums.com/info_dns_hostinfo.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
You are not a [URL="http://www.torproject.org"]Tor[/URL] exit node for HTTP traffic.
You are listed on the [URL="http://www.spamhaus.org"]Spamhaus[/URL] [URL="http://www.spamhaus.org/pbl/"]Policy Based Blacklist[/URL], meaning that your provider has designated your address block as one that should only be sending authenticated email, email through the ISP's mail server, or using webmail.
The [URL="http://www.au.sorbs.net/faq/dul.shtml"]SORBS DUHL[/URL] believes you are using a statically assigned IP address.
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]
NAT support for Universal Plug and Play (UPnP) ([URL="http://www.eightforums.com/info_upnp.html"]?[/URL]): Yes[URL="http://www.eightforums.com/"]–[/URL]
We received UPnP responses from one device:
[LIST]
[*]192.168.0.1: this device provided a valid device description via its UPnP URL. This description, viewable [URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_descr"]here[/URL], contains the following information about this gateway:
[LIST]
[*][COLOR=#ff0000]Name: Netgear VMDG280[/COLOR]
[*]Manufacturer: Netgear
[*]Manufacturer URL: [URL="http://www.netgear.com/"]Computer Networking Products & Equipment From NETGEAR®[/URL]
[*]Model name: VMDG280
[*]Model number: VMDG280
[*]Model URL: [URL="http://www.netgear.com/"]Computer Networking Products & Equipment From NETGEAR®[/URL]
[*]Model Description: VMDG280
[/LIST]
[/LIST]
[/FONT][/COLOR]
So you know my ISP and approximate location, and my computer name (containing MYNAME) is being broadcast as well as my unrouteable private address, and the model of my router too - which will have default passwords and possibly SSID and other default values.
I am using a linuxMint 8 netbook at the moment, so uPNP is not really much use, except to my Windows systems
Code:
[COLOR=#0A0545][FONT=helvetica][B]Network Access Link Properties[/B][/FONT][/COLOR][COLOR=#0A0545][FONT=helvetica][B][RIGHT][URL="http://www.eightforums.com/"]+[/URL] [IMG]http://www.eightforums.com/yelred_off.gif[/IMG] [URL="http://www.eightforums.com/"]–[/URL][/RIGHT]
[/B][/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]
Network latency measurements ([URL="http://www.eightforums.com/info_latency.html"]?[/URL]): Latency: 95ms Loss: 0.0%[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]
TCP connection setup latency ([URL="http://www.eightforums.com/info_tcp_latency.html"]?[/URL]): 200ms[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]
Network background health measurement ([URL="http://www.eightforums.com/info_burst_loss.html"]?[/URL]): no transient outages[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]
Network bandwidth ([URL="http://www.eightforums.com/info_bandwidth.html"]?[/URL]): Upload 1.0 Mbit/sec, Download 7.2 Mbit/sec[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]
Network buffer measurements ([URL="http://www.eightforums.com/info_buffer.html"]?[/URL]): Uplink 520 ms, Downlink 130 ms[URL="http://www.eightforums.com/"]–[/URL]
We estimate your uplink as having 520 msec of buffering. This level can in some situations prove somewhat high, and you may experience degraded performance when performing interactive tasks such as web-surfing while simultaneously conducting large uploads. Real-time applications, such as games or audio chat, may also work poorly when conducting large uploads at the same time.
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]We estimate your downlink as having 130 msec of buffering. This level may serve well for
maximizing speed while minimizing the impact of large transfers on other traffic.[/FONT][/COLOR]
So you can tell how fast my up and downlinks are - and therefore if hacked in how long it might take to do certain tasks like uploading a file to me or downloading data from my disk. Like cookies for instance:
Code:
[COLOR=#606060][FONT=helvetica]
JavaScript-based tests ([URL="http://www.eightforums.com/info_javascript.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL][/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]The applet did not execute within a frame.
Your web browser reports the following cookies for our web page:
[LIST]
[*]netAlizEd = BaR (set by our server)
[*]netalyzrStatus = running (set by our server)
[/LIST]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]Your web browser was unable to fetch an image using IPv6.
[/FONT][/COLOR][COLOR=#606060][FONT=helvetica]
System clock accuracy ([URL="http://www.eightforums.com/info_system_clock.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your computer's clock agrees with our server's clock.
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]
Browser properties ([URL="http://www.eightforums.com/info_browser_properties.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your web browser sends the following parameters to all web sites you visit:
[LIST]
[*]User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2
[*]Accept: application/xml,application/xhtml+xml,text/html; q=0.9,text/plain; q=0.8,image/png,*/*; q=0.5
[*]Accept Language: en-GB,en-US;q=0.8,en;q=0.6
[*]Accept Encoding: gzip,deflate,sdch
[*]Accept Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
[/LIST]
Java identifies your operating system as Linux.
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]
Uploaded data ([URL="http://www.eightforums.com/info_upload.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
The applet uploaded the following additional content:
[LIST]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=apache_404"]apache_404[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=custom_404"]custom_404[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=nxpage"]nxpage[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=plain_404"]plain_404[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=raw_http_content"]raw_http_content[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_descr"]upnp_0_descr[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_details"]upnp_0_details[/URL]
[/LIST]
[/FONT][/COLOR]
So the clock sends a timestamp, and the browser identifies itself by spoofing several possible browsers, and that it is a Linux version.
If I had a wired network, that would be about it, but I have wireless, like you.
If you live in a city, and not out in the sticks, with no neighbours for miles, Windows tells you that there are other networks available, some secured, others not. But your wireless router and PC wireless adapter give out a lot more information than that. All you need is something portable that runs a program like:
InSSIDer by METAGEEK It shows the mac addresses, SSIDs Channels, signal strength etc etc. Walk or drive around with it and a GPS, and you could map the whole neighbourhood, checking names, addresses, ISPs, and people have already done that.
WiGLE - Wireless Geographic Logging Engine - Browsable Web Map
It's all based on the Windows commandline:
netsh wlan show networks mode=bssid
So perhaps I should be tightening up my act! You can of course find out how much your browser and router is giving away too.
I should say that Google is the weak link in the network, sorry weakest. If Android devices connect to your network, they are so insecure, that when the sort of information such as the above can be sniffed as it passes to and from a guy at an airport after a long flight, checking his corporate email server, as well as the passwords he needs to get into his mailbox or corporate account, then there's no security at all.
That is what Windows 8 corporate marketing is all about - a secure OS brand for portable devices - and businesses will go for it if the OEMs of portable devices are offered it at a good enough price (at first) like try it free for a year?