THE WELCH COMPANY
440 Davis Court #1602
San Francisco, CA 94111-2496
415 781 5700
rodwelch@pacbell.net
S U M M A R Y
DIARY: August 14, 2003 07:22 AM Thursday;
Rod Welch
Virus protection using TCP/IP filtering failed, consider firewall.
1...Summary/Objective
2...Firewall Netgear DSL Router RP614 Acquisition
3...Package Contents
4...Warrenty
5...Features and Specifications
6...Product Specifications
........Firewall Virus Protection Router Stateful Packet Inspection SPI
........SPI Firewall Virus Protection Router Stateful Packet Inspection
........Stateful Packet Inspection SPI Firewall Virus Protection Router
7...Ease of Use Advantages
8...Security Advantages
9...Performance Advantages
10...System Requirements
11...Install Router Connect to Pac Bell DSL Modem, C13, C11 and C12
12...Installation overview....
13...Host and Login Names
14...Configure Router and Test Connection
15...NTS Enternet 300 Not Needed When Using Internet Network Router
..............
Click here to comment!
CONTACTS
0201 - Intel Corporation O-00000704 0201
020101 - Mr. Morris E. Jones;
0202 - Fry's Electronics #02 O-00000412 0201
020201 - Mr. David Brandon O-00000412 0201
020202 - Sales Department O-00000412 0201
020203 - Description O-00000412 0201
0203 - Netgear, Inc. O-00000828 0404
020301 - Mr. No1stName LastName O-00000828 0404
SUBJECTS
Filtering TCP/IP Network Connections Firewall Virus Protection Intern
Software Patch from Microsoft Download to Prevent Future Problems
Blaster Virus Reported by Reuters Patch Available from Microsoft
TCP/IP Filtering Firewall Virus Protection Internet Security
Filtering Failed Morris Suggested Buying a Hardware Firewall Virus Pr
TCP/IP Filtering Failed Morris Suggested Buying a Hardware Firewall V
Computer Problem Network TCP/IP Filtering Failed Morris Suggested Buy
Hardware Firewall Better than Software Virus Protection Internet Secu
Firewall Software and or Hardware Routter System to Prevent Future Ac
Router Netgear Purchased and Installed for Firewall to Protect C11 C1
3012 -
3012 - ..
3013 - Summary/Objective
3014 -
301401 - Follow up ref SDS 1 0000.
301402 -
301403 - The configuration change to provide TCP/IP filtering recommended by
301404 - Microsoft on 030812, ref SDS 1 UK71, has failed.
301406 - ..
301407 - When the configuration is set on either or both LAN 2 and LAN 3, where
301408 - LAN 3 is the NTS Enternet 300 software program for Pac Bell DSL, there
301409 - is no access to the Internet, as reported on 030812. ref SDS 1 5U6K
301410 - As a result, had to restore the original configurations on all three
301411 - computers. ref SDS 1 FH9I
301412 -
301413 - [On 030816 Microsoft recommends TCP/IP filtering. ref SDS 2 WQ39
301415 - ..
301416 - This means we need a "firewall" system using either a router or a
301417 - software system to prevent future access by other virus softwqare, and
301418 - as recommended by Microsoft on 030812. ref SDS 1 595N
301420 - ..
301421 - This morning talked to Morris.
301422 -
301423 - Morris said that a hardware router system provides a more secure
301424 - firewall for preventing access by a virus because engineers who
301425 - develop a virus spend time looking for vulnerabilities in
301426 - Microsoft code. The Microsoft code is so big that there are more
301427 - opportunities to exploit.
301429 - ..
301430 - A hardware firewall only permits access to a computer from the
301431 - Internet where a user has issued a specific request. Access that
301432 - has not been requested, is rejected. Software that controls the
301433 - firewall hardware cannot be accessed and modified by a virus
301434 - software program, as occurs with Microsoft code and with software
301435 - firewall programs, because a hardware router stores sofware in ROM
301436 - outside the computer, or something like that.
301437 -
301438 - [On 030816 research indicates that software firewall works
301439 - better than hardware router system. ref SDS 2 HL5O
301441 - ..
301442 - Hardware firewall -- Morris is using...
301443 -
301444 - Sohoware Broadguard
301445 -
301446 - $150 purchased about two years ago.
301448 - ..
301449 - DSL upload speed.... 380K
301451 - ..
301452 - Research on the Internet yielded information on...
301453 -
301454 - SPI (Stateful Packet Inspection) - A critical feature that
301455 - analyzes data packets inbound and outbound based on a set of
301456 - criteria for abnormal content. As a result, SPI can detect an
301457 - advance made by a hacker, and can summarily reject the attack if
301458 - the packet fits a suspicious profile. SPI is a very powerful
301459 - addition to a NAT Firewall. It makes your total defensive system
301460 - proactive in analyzing various intrusion methods and then takes
301461 - action to prevent a break-in. Best of all, SPI works behind the
301462 - scenes - automatically - all the time. So you don't have to give
301463 - it a second thought.
301464 -
301465 -
301467 - ..
3015 -
3016 -
3017 - 1110
3018 -
301801 - Drove to Comp USA in Concord and investigated DSL and Cable routers
301802 - with a firewall.
301804 - ..
301805 - The salesman said that Comp USA does not carry Sohoware products, and
301806 - so they do not have the Broadguard firewall hardware router.
301808 - ..
301809 - He showed a shelf with network routers, and advised he is not familiar
301810 - with firewall protection issues. We saw a number of things, but at
301811 - this point, I had lost orientation on what is needed, since the plan
301812 - was to purchase a Broadguard firewall.
301814 - ..
301815 - We left the store.
301817 - ..
301818 - I called Morris on a cell phone. He reminded that the name of the
301819 - product is Broadguard, and further said that Linksys and others
301820 - manufacture comparable products. Morris said to be sure the hardware
301821 - supports State Packet Inspection (SPI).
301823 - ..
301824 - We drove back to the house, and I wrote down the name....
301825 -
301826 - Sohoware and Broadguard
301828 - ..
301829 - Checked the explanation in the research today, per above, and found a
301830 - explanation of...
301831 -
301832 - stateful packet inspection (SPI)
301833 -
301834 - ...per above. ref SDS 0 XE6R
301835 -
301836 -
301837 -
301838 -
301839 -
3019 -
SUBJECTS
Netgear Cable/DSL Router Gateway RP614 v2
Acquisition, Warrenty 3 Year
3204 -
3205 - 1200
320601 - ..
320602 - Firewall Netgear DSL Router RP614 Acquisition
320603 -
320604 - Drove to Fry's in Hayward, about a 35 mile trip.
320606 - ..
320607 - Purchased....
320608 -
320609 - Netgear RP614v2
320610 -
320611 - Serial Number: RP65236DB077815*
320612 -
320613 - Netgear Inc.
320614 - 4500 Great America Parkway
320615 - Santa Clara, CA 95043
320616 - 888 638 4327
320618 - ..
320619 - Cable/DSL Web Safe Router Gateway
320620 -
320621 -
320622 -
320623 - ...with 4-port 10/100 Mbps switch RP614
320624 -
320625 - Cost.................................. $59.99
320627 - ..
320628 - At the checkout the cashier said the price
320629 - has been reduced by $10 to.................... $49.99
320630 -
320631 - ...and there is an additional $10 rebate
320632 - which can be submitted that reduces the
320633 - cost to....................................... $39.99
320635 - ..
320636 - Invoice
320637 -
320638 -
320640 - ..
320641 - Package Contents
320642 -
320643 -
320644 - 1. Web Safe Router Gateway RP614 v2
320645 -
320646 - 2. Vertical stand
320648 - ..
320649 - 3. Power adapter
320651 - ..
320652 - 4. Etherned cable
320653 -
320654 - This cable is described as intended to connect from a port
320655 - on the router to a computer, rather than from the router to
320656 - the modem.
320657 -
320659 - ..
320660 - 5. User's Guide
320662 - ..
320663 - 6. GearBox CD for Web Safe Router
320664 -
320665 - This is software to replace NTS Enternet 300.
320667 - ..
320668 - Copied the CD to...
320669 -
320670 - g: 00 netgeare
320671 -
320673 - ..
320674 - 7. Warrenty card
320676 - ..
320677 - 8. Support information card
320678 -
320679 -
320680 -
320681 -
320683 - ..
320684 - Warrenty
320685 -
320686 -
320687 - Netgear 3 year warranty
320689 - ..
320690 - Subject to the provisions described below Netgear router is
320691 - protected for three (3) years against defects in material and
320692 - workmanship.
320694 - ..
320695 - Please register online.
320696 -
320697 - http://www.netgeare.com/register
320698 -
320699 - [On 040428 registered Netgear router to get support for
320700 - fixing a performance failure by Netgear. ref SDS 4 HS7L
320701 -
320702 -
320703 -
320704 -
320705 -
320706 -
320707 -
3208 -
SUBJECTS
Features and Specifications
3303 -
330401 - ..
330402 - Features and Specifications
330403 -
330404 -
330405 - 1. Share your single Cable/DSL Internet connection.
330406 -
330407 - One of the best ways to take advantage of your cable or DSL
330408 - connection is to share it with your family. With your
330409 - computers networked, everyone has simultaneous access.
330411 - ..
330412 - This feature seems to allow connecting several computers to a
330413 - switch box so that several computers can be connected at once,
330414 - rather than disconnecting the cable from the modem and
330415 - connecting to another computer. This will allow the LAN to
330416 - connect the computers and also the DSL or Cable.
330418 - ..
330419 - Not sure on the Notebook, since a single card is used for both
330420 - telephone connections and transferring data between computers.
330422 - ..
330423 - 2. Easy set up with interactive install tutorial.
330425 - ..
330426 - 3. Control access to web sites and receive email alerts.
330428 - ..
330429 - 4. 10/100 Mbps WAN/LAN connection auto-sensing.
330430 -
330431 -
330433 - ..
330434 - Product Specifications
330435 -
330436 -
330437 - 1. Routing Protocols
330438 -
330439 - a. Static and dynamic routing with TCP/IP
330441 - ..
330442 - b. VPN pass-through (IPSec, L2TP)
330444 - ..
330445 - c. NAT, UDP, RIP-1, PPTP, PPPoE
330446 -
330447 - [On 040505 NAT identified as providing protection
330448 - against virus problems. ref SDS 5 XU7K
330450 - ..
330451 - d. DNS, DHCP (client & server)
330452 -
330454 - ..
330455 - 2. Application Support
330456 -
330457 - Works with most Internet gaming and instant messaging
330458 - applications
330460 - ..
330461 - 3. Functions
330462 -
330463 - a. Automatically detects and configures your ISP type
330464 -
330465 - b. Port range forwarding
330466 -
330467 - c. Exposed Host (DMZ)
330469 - ..
330470 - d. DNS Proxy
330472 - ..
330473 - e. MAC Address Authentication
330475 - ..
330476 - f. URL content filtering
330478 - ..
330479 - g. Email alerts of Internet activity logs
330480 -
330482 - ..
330483 - 4. Maintenance
330484 -
330485 - a. Save restore configuraiton
330486 -
330487 - b. Upgrades via web browser
330488 -
330489 - c. Logging
330491 - ..
330492 - 5. Interface specifications
330493 -
330494 - a. Internet WAN 10/100 Mbps (auto-sensing) Ethernet
330496 - ..
330497 - b. RJ-45 LAN 4 ports 10/100 Mbps (auto-sensing) Ethernet
330498 -
330499 -
330500 -
330501 -
330502 -
3306 -
SUBJECTS
Virus Protection Firewall Stateful Packet Inspection SPI
3403 -
340401 - ..
340402 - Firewall Virus Protection Router Stateful Packet Inspection SPI
340403 - SPI Firewall Virus Protection Router Stateful Packet Inspection
340404 - Stateful Packet Inspection SPI Firewall Virus Protection Router
340405 -
340406 -
340407 - 6. Firewall
340408 -
340409 - a. Stateful Packet Inspection (SPI),
340411 - ..
340412 - b. DoS Attack Detection/Logging.
340414 - ..
340415 - c. Dropped Packet Log,
340417 - ..
340418 - d. Security Event Log
340420 - ..
340421 - e. Email log
340422 -
340423 -
340424 -
3405 -
SUBJECTS
Features and Specifications
3503 -
350401 - ..
350402 - 7. Power Adapter
350403 -
350404 - 7.5 VDC 1A plug is localized to conutry of sale for North
350405 - America, Japan, UK, Europe, Austrailia, Korea
350407 - ..
350408 - 8. Dimensions
350409 -
350410 - Size 1.1 x 5.9 x 4.7 in.
350412 - ..
350413 - Weight 0.7 pounds
350415 - ..
350416 - 9. Operating temperatures 32 degrees to 104.
350417 -
350418 - Humidity 90%
350419 -
350420 -
3505 -
SUBJECTS
Ease of Use Advantages
3603 -
360401 - ..
360402 - Ease of Use Advantages
360403 -
360404 -
360405 - 1. Detects and configurfes most ISPs for simple setup
360406 -
360407 - 2. Integrated switch lets you directly connect 4 computers
360409 - ..
360410 - 3. Works with PCs, MacIntosh and virtually all Ethernet devices
360412 - ..
360413 - 4. Vertical stand saves desk space.
360414 -
360415 -
360416 -
360417 -
3605 -
SUBJECTS
Security Advantages
3703 -
370401 - ..
370402 - Security Advantages
370403 -
370404 -
370405 - 1. Provides protection from hackers with a true firewall (SPI &
370406 - NAT protection)
370407 -
370408 - 2. Gives secure access to your office or corporate network with
370409 - VPN pass-through
370411 - ..
370412 - 3. Content filtering provides controls to limit access to
370413 - inappropriate web sites
370415 - ..
370416 - 4. Logs browsing activities and provides optional email alerts so
370417 - you can monitor access.
370419 - ..
370420 - 5. DMZ support for unrestricted access from the Internet to one
370421 - computer for hosting web services.
370423 - ..
370424 - 6. Free 8-PC license of Zero-Knowledge Systems, a $240 value
370425 -
370426 - • Prevents applications from sending your personal
370427 - information over the Internet.
370428 -
370429 - • Blocks ads and manages your passwords.
370430 -
370431 -
370432 -
370433 -
370434 -
3705 -
SUBJECTS
Performance Advantages
3803 -
380401 - ..
380402 - Performance Advantages
380403 -
380404 -
380405 - 1. Technical support 24 7
380406 -
380407 - 2. Distribute MP3s, digital movies and photos with ultra-fast LAN
380408 - ports capable of speeds of 200 Mbps
380410 - ..
380411 - 3. Shares a single IP address with up to 253 users.
380413 - ..
380414 - 4. Auto-partitioning on each port protects each computer from
380415 - damaged network connections.
380417 - ..
380418 - 5. 3-year warrenty protects your investment.
380419 -
380420 -
380421 -
380422 -
380423 -
3805 -
SUBJECTS
System Requirements
3903 -
390401 - ..
390402 - System Requirements
390403 -
390404 -
390405 - 1. Broadband (cable, DSL) Internet service and modem
390406 - with Ethernet connection
390407 -
390408 - 2. Ethernet adapter and cable for each computer
390410 - ..
390411 - 3. Windows 95, 98 ME NT, 2000, XP, Mac OS, Netware, Unix or Linux
390413 - ..
390414 - 4. Internet Explorer 5.0 or Netscape 4.7 or higher.
390415 -
390416 - This worked out pretty well, because we are using Netscape
390417 - 4.73.
390418 -
390419 -
390420 -
390421 -
390422 -
3905 -
SUBJECTS
Installation
Netgear RP614 v2 DSL Router
Install Router Connect to Pac Bell DSL Modem, C13, C11 and C12
4105 -
410601 - ..
410602 - Install Router Connect to Pac Bell DSL Modem, C13, C11 and C12
410603 -
410604 - Installation of the Netgear router purchased today from Fry's, per
410605 - above, ref SDS 0 P25R, can be aided by instructions on a CD with a
410606 - title...
410607 -
410608 - Netgear
410609 -
410610 - ...copied this to...
410612 - ..
410613 - g: 00 netgeare
410614 -
410615 - ...per above. ref SDS 0 255T
410616 -
410617 - Turns out we did not need any of this software to configure the
410618 - router.
410619 -
410621 - ..
410622 - Installation overview....
410623 -
410624 - On the RP614 Resource CD there is a program for the RP614 Installation
410625 - Assistant which supplements the instructions in this installation
410626 - guide by animating teh step-by-step precedures given here. For more
410627 - detailed information about installation,troubleshooting and
410628 - configuration procedures see the Reference Manual CD.
410629 -
410630 -
410631 - 1. Install the router between the modem and one computer.
410632 -
410633 - This means connecting the power cable to the power outlet;
410634 - required moving some cables around, because with several
410635 - computers there a lot of cables, especially with adapters,
410636 - e.g., for the LAN, and two sets of speakers, plus another for
410637 - the DSL modem.
410639 - ..
410640 - 2. Configure the computer to work with the router and restart the
410641 - computer and the modem.
410643 - ..
410644 - This requires installing the software.
410646 - ..
410647 - 3. Configure the router and go online to test the connection.
410649 - ..
410650 - 4. Connect other computers, configure them and restart each.
410651 -
410652 - Configure for content filtering or port forwarding.
410653 -
410654 -
410655 -
410656 -
4107 -
SUBJECTS
Netgear Router User ID Password Configuration Host and Login Names C
Configure Netgear Router User ID Password Configuration Host and Log
Configure User ID Password for Access to Pacbell SBC Internet Server
4805 -
480601 - ..
480602 - Host and Login Names
480603 - Configure Router and Test Connection
480604 -
480605 - The Netgear router is configured using the Internet...
480606 -
480607 - Does this enable disconnecting NTS Enternet 300?
480608 -
480609 - [...below, experimenting shows that with the router configured,
480610 - the computers can use the Pac Bell DSL service without the NTS
480611 - Enternet 300 software program. ref SDS 0 EJ4F
480613 - ..
480614 - Configured c13....
480615 -
480616 - 1. Start a browser.
480617 -
480618 - Open the location...
480619 -
480620 - http://192.168.0.1
480622 - ..
480623 - The browser will initially show a dialog box for entering
480624 - access information. At this stage to gain access to the
480625 - router setup program, enter...
480626 -
480627 - User ID............... enter "admin"
480628 -
480629 - Password.............. enter "password"
480630 -
480631 - [On 040428 got into a loop that prevented access to the
480632 - router setup; solution is to use a paperclip and press
480633 - for about 30 seconds the reset button at the back of
480634 - the router next to the black power cable connection.
480635 - ref SDS 4 HS3K
480637 - ..
480638 - 2. This location will display a form that has a box for...
480639 -
480640 - a. Basic Settings
480642 - ..
480643 - Does your Internet require a connection?
480645 - ..
480646 - x Yes
480647 -
480648 - No
480650 - ..
480651 - b. Internet Service Provider
480652 -
480653 - This has a pull down menu with several choices, the
480654 - choice for PacBell or SBC is "Other"
480656 - ..
480657 - c. Login
480658 -
480663 -
480664 - [On 030908 changed login ID. ref SDS 3 OR37
480666 - ..
480667 - Service name (if required)..... not required leave blank
480669 - ..
480670 - Idle Timeout (in minutes....... 5 (already entered OK)
480672 - ..
480673 - d. Domain Name Server (DNS address)
480674 -
480675 - x Get automatically from ISP
480676 -
480677 - Use these DNS servers
480678 -
480679 - Primary DNS nnnn nnnn nnnn nnnn
480681 - ..
480682 - Secondary DNS nnnn nnnn nnnn nnnn
480684 - ..
480685 - If you get into a loop and the system will not provide access into
480686 - the router setup system, then call...
480688 - ..
480689 - Technical support.....
480690 -
480691 - 888 638 4327
480692 -
480693 - Mohit...
480695 - ..
480696 - Afshin
480698 - ..
480699 - After configuration using Netscape, IE and Wsftp both recognized the
480700 - modem, with no further configuration.
480702 - ..
480703 - We actually need another cable to connect c11 to the router. For the
480704 - time being, will use a single line, since if we put the other
480705 - computer away, we only need one more cable.
480707 - ..
480708 - Configure c12...
480709 -
480710 - Only difference from configuring c13, ref SDS 0 XK44, is that
480711 - poimss was used as the password. ref SDS 0 ZR6G
480713 - ..
480714 - We did not have to enter the account information, because it is
480715 - saved in the router's system. ref SDS 0 3V6Q
480717 - ..
480718 - Configure c11....
480719 -
480720 - This was successful using procedures for c13.
480721 -
480722 -
480723 -
480725 - ..
480726 - NTS Enternet 300 Not Needed When Using Internet Network Router
480727 -
480728 - After installation and testing.
480730 - ..
480731 - Tried disconnecting NTS Enternet 300.
480733 - ..
480734 - Tried using the same port 1, used to configure c12, by unplugging
480735 - 12 and connecting the cable to c11.
480737 - ..
480738 - Configuration was not successful.
480740 - ..
480741 - Tried shutting down the computer and the modem for 2 minutes.
480742 -
480743 - Not successful
480745 - ..
480746 - Tried switching the connection from c11 to port 2 on the router.
480747 -
480748 - Not successful
480750 - ..
480751 - Tried installing NTS Enternet 300 again from...
480752 -
480753 - h: 00 13
480755 - ..
480756 - Turned out the problem was that the change made to TCP/IP on the
480757 - recommendation of Microsoft reported on 030812, ref SDS 1 IQ6R, was
480758 - preventing access to the Internet. Once the change was reversed,
480759 - as noted, also, on 030812, ref SDS 1 5U6K, was successful getting
480760 - c12 to connect to the Internet without NTS Enternet 300, and so
480761 - removed the program from c11, c12, and c13.
480763 - ..
480764 - After removing NTS Enternet 300 from c12, the error message
480765 - that normally displays when c12 is powered up and the desktop
480766 - appears, no longer occurs.
480767 -
480768 - [On 030908 had to install NTS Enternet 300 on c13 to setup
480769 - a new DSL account to activate our email, and after this
480770 - was done, started getting same error message that has
480771 - previously displayed when c12 is booted up. ref SDS 3 6X4Q
480772 -
480773 -
480774 -
480775 -
480776 -
480777 -
480778 -
480779 -
480780 -
480781 -
4808 -
Distribution. . . . See "CONTACTS"