[Malvern] Network monitoring.

[Richard Forster]

Not sure I understand this. You may need pictures and crayon to help me.

Stuart's PC and router are different boxes and so don't trust each 
other, right?
He runs a software firewall on the PC that assumes the router offers no 
protection at all. He runs any available firewalling on the router as if 
it is the only thing protecting the PC, right?

OK, I'm paranoid. Doesn't mean they're not out to get me.

What was the vulnerability on the PC that allowed his box to be 
compromised? A vulnerability on the router, if exploited, only allows a 
more direct attack against the PC, ie it allows an attack against a 
NATted ip address. Also, the only conexant vulnerability I could find 
with a quick search only allowed DoS attacks by resetting the router 
config. The vulnerability won't touch the PC itself.

What am I missing from this? Zero day exploit, poorly configured services?

Don't get me wrong, what happened was horrible for Stuart, but a router 
vulnerability shouldn't take a PC down.

Puzzled.

Rick



Geoff Bagley wrote:
> Thanks to Chris for response.
> 
> I have installed both tcpdump and ethereal.
> All I need now is the know-how !
> 
> Poor Stuart  (sslaxx) has had his system compromised owing to a 
> vulnerability
> in his router chip-set.  (conexant). 
> I feel sore about this, because I gave him that router.
> At the time I tried to get it going, I was still using W98,  and in the 
> process of changing
> my BT openworld over to Linux.  The grotty modem BT supplied was no good 
> for Linux,
> so I tried,  and discarded, the "e-tec" (conexant) router.
> 
> I can now guess why I couldn't get any info at the time.
> When I lashed out and bought the Netgear DG834,  all was sweetness and 
> light.
> 
> Can anyone help Stuart ?
> 
> Geoff.
> 
> _______________________________________________
> Malvern mailing list
> Malvern at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/malvern
> 
>