Equipment Questions - Modem/Router

[MtnLadyinBlackHills1986]

I posted earlier about Internet security problems. Thank you, "Daave", for
all your assistance. My computer is "well" now. However, I have a different
concern now. I contacted my ISP about my DSL modem/router (which I rent) and
about open ports I found in the grc.com scan. They refuse to close these
ports for me. I can't access the software because my ISP has the password.

Last night my husband's laptop (with a wireless connection) was repeatedly
attacked by a Trojan Horse. (The Internet was turned on but he was not using
the Web - he was using a program that is not an online one.) His antivirus
stopped and deleted all of them. But I'm concerned that these open ports are
a major part of the problem.

We are considering buying our own equipment. Can you purchase a combination
modem/router or would we need to get the modem from the ISP and get our own
router? I know the routers have their own firewall software that we could
access and set up. Or are we opening up a big "can of worms"?

I'd appreciate any information you could provide. I promise I won't make
this a long-drawn out thread, like before. I did get a lot of very valuable
information from that post, which I greatly appreciate.

Thank you.

 

[Rick]

I posted earlier about Internet security problems. Thank you, "Daave", for
all your assistance. My computer is "well" now. However, I have a different
concern now. I contacted my ISP about my DSL modem/router (which I rent) and
about open ports I found in the grc.com scan. They refuse to close these
ports for me. I can't access the software because my ISP has the password.

Last night my husband's laptop (with a wireless connection) was repeatedly
attacked by a Trojan Horse. (The Internet was turned on but he was not using
the Web - he was using a program that is not an online one.) His antivirus
stopped and deleted all of them. But I'm concerned that these open ports are
a major part of the problem.

We are considering buying our own equipment. Can you purchase a combination
modem/router or would we need to get the modem from the ISP and get our own
router? I know the routers have their own firewall software that we could
access and set up. Or are we opening up a big "can of worms"?

I'd appreciate any information you could provide. I promise I won't make
this a long-drawn out thread, like before. I did get a lot of very valuable
information from that post, which I greatly appreciate.

Thank you.

I would buy my own router and get a wireless router too. Any ISP that
lock you out of control of your network is asking to to buy your own
equipment. I am guessing that you would repay you self in about two years.

 

[Roy Smith]

I posted earlier about Internet security problems. Thank you, "Daave", for
all your assistance. My computer is "well" now. However, I have a different
concern now. I contacted my ISP about my DSL modem/router (which I rent) and
about open ports I found in the grc.com scan. They refuse to close these
ports for me. I can't access the software because my ISP has the password.

Last night my husband's laptop (with a wireless connection) was repeatedly
attacked by a Trojan Horse. (The Internet was turned on but he was not using
the Web - he was using a program that is not an online one.) His antivirus
stopped and deleted all of them. But I'm concerned that these open ports are
a major part of the problem.

We are considering buying our own equipment. Can you purchase a combination
modem/router or would we need to get the modem from the ISP and get our own
router? I know the routers have their own firewall software that we could
access and set up. Or are we opening up a big "can of worms"?

I'd appreciate any information you could provide. I promise I won't make
this a long-drawn out thread, like before. I did get a lot of very valuable
information from that post, which I greatly appreciate.

One thing you might consider since you're renting the modem/router is
asking your ISP if they have a modem without a router. If they do then
I'd get it and then get my own router and set it up. That way I would
have full control over what ports are open or closed.

 

[John John - MVP]

Who is your ISP and what is the make and model number of the
modem/router that your they supplied you with? If you give us that
information readers with experience with this particular hardware or ISP
may be able to help in greater details.

Things differ from place to place but around here we only have 2 high
speed internet providers and neither of them allow us their customers to
purchase their own equipment. Or rather I should precise by saying
that they only allow us to buy equipment from them or from an approved
supplier and they only allow us to use certain makes and model numbers,
we have no choice over this, we can't plug any which modem that we want
on their line, it just won't work. I rather suspect that it might be
the same where you're at.

Ask your ISP if you can get a straight modem only from them, tell them
that you don't need any routing features. Or ask them if they can turn
off the wireless and routing feature on the equipment that you now have.
If you can get a modem only from them you will probably save a dollar
or two a month because most ISPs charge a bit more for a router or for a
wireless router than they do for a straight modem. Then you can get
yourself a good suitable wireless router of your choice and then put the
crappy equipment that the ISP supplied on the outside perimeter (on the
WAN port) and plug your computers to the LAN ports and configure things
to your liking. While you could put another router in the picture and
plug the ISPs router in the WAN port this type of setup greatly
complicates things for nothing so its best if you can use a modem only
from your ISP or have them disable the routing and wireless features on
their equipment.

John

 

[Elmo]

I posted earlier about Internet security problems. Thank you, "Daave", for
all your assistance. My computer is "well" now. However, I have a different
concern now. I contacted my ISP about my DSL modem/router (which I rent) and
about open ports I found in the grc.com scan. They refuse to close these
ports for me. I can't access the software because my ISP has the password.

Last night my husband's laptop (with a wireless connection) was repeatedly
attacked by a Trojan Horse. (The Internet was turned on but he was not using
the Web - he was using a program that is not an online one.) His antivirus
stopped and deleted all of them. But I'm concerned that these open ports are
a major part of the problem.

We are considering buying our own equipment. Can you purchase a combination
modem/router or would we need to get the modem from the ISP and get our own
router? I know the routers have their own firewall software that we could
access and set up. Or are we opening up a big "can of worms"?

I'd appreciate any information you could provide. I promise I won't make
this a long-drawn out thread, like before. I did get a lot of very valuable
information from that post, which I greatly appreciate.

Thank you.

If the company is Bellsouth, ATT, or one of their subsidiaries, some
routers aren't supported by them. You might get the information
necessary to set it up, if you pay them $30 per hour to talk to their
support engineers, but you might not want to do that..

Just turn on your Windows firewall and nothing can get in, without help
from within the laptop in question. Also turn off file and printer
sharing, if you don't currently use them. Do a Malwarebytes and
Superantispyware scan to assure nothing is already compromising the
machine in question.

Just my opinion..

 

[Brian A.]

"MtnLadyinBlackHills1986"

I posted earlier about Internet security problems. Thank you, "Daave", for
all your assistance. My computer is "well" now. However, I have a
different concern now. I contacted my ISP about my DSL modem/router
(which I rent) and about open ports I found in the grc.com scan. They
refuse to close these ports for me. I can't access the software because
my ISP has the password.

Last night my husband's laptop (with a wireless connection) was repeatedly
attacked by a Trojan Horse. (The Internet was turned on but he was not
using the Web - he was using a program that is not an online one.) His
antivirus stopped and deleted all of them. But I'm concerned that these
open ports are a major part of the problem.

We are considering buying our own equipment. Can you purchase a
combination modem/router or would we need to get the modem from the ISP
and get our own router? I know the routers have their own firewall
software that we could access and set up. Or are we opening up a big
"can of worms"?

I'd appreciate any information you could provide. I promise I won't make
this a long-drawn out thread, like before. I did get a lot of very
valuable information from that post, which I greatly appreciate.

Thank you.

If your ISP is Golden West Telecommunications then you can purchase your own
equipment according to their policy. You should contact them for information on
which manufacturers equipment is acceptable/compatible with their service.
Although you may purchase/own/use the equipment, your ISP may still require
access to the equipment in one form or another. Go the route John John
suggested if acceptable by the ISPs terms, use a modem of theirs and purchase a
router. They will still have control of the modem configuration and you will
have control of the router configuration.

Scroll down to "Section A- Specific Product Requirements." > (H) Equipment at:
http://www.goldenwest.net/policies/view_policy.php?pid=2

--

Brian A. Sesko
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://members.shaw.ca/dts-l/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[smlunatick]

I posted earlier about Internet security problems.  Thank you, "Daave",for
all your assistance.  My computer is "well" now.  However, I have a different
concern now.  I contacted my ISP about my DSL modem/router (which I rent) and
about open ports I found in the grc.com scan.  They refuse to close these
ports for me.  I can't access the software because my ISP has the password.

Last night my husband's laptop (with a wireless connection) was repeatedly
attacked by a Trojan Horse.  (The Internet was turned on but he was notusing
the Web - he was using a program that is not an online one.)  His antivirus
stopped and deleted all of them.  But I'm concerned that these open ports are
a major part of the problem.

We are considering buying our own equipment.  Can you purchase a combination
modem/router or would we need to get the modem from the ISP and get our own
router?  I know the routers have their own firewall software that we could
access and set up.  Or are we opening up a big "can of worms"?

I'd appreciate any information you could provide.  I promise I won't make
this a long-drawn out thread, like before.  I did get a lot of very valuable
information from that post, which I greatly appreciate.

Thank you.

You must first not that most "home office" grade routers DO NOT have
firewall software. These are NAT (Network Address Translation) style
which is hiding your "home" PCs addresses (192.168.xxx.xxx) with your
ISP's Internet address assigned to the router.

AS for replacing the modem router, please consult your service
agreement before spending the money. Some contracts may clearly state
that the Internet service must use the included modem/router or no
service support will be offered.

If your ISP can offer a modem "device" only, switch to this device and
purchase your own router. You will then "control" the router settings

Also, until the time you change the hardware, look at installing
software firewalls or use the Windows XP SP2 built-in one.

 

[Bruce Chambers]

I posted earlier about Internet security problems. Thank you, "Daave", for
all your assistance. My computer is "well" now. However, I have a different
concern now. I contacted my ISP about my DSL modem/router (which I rent) and
about open ports I found in the grc.com scan. They refuse to close these
ports for me. I can't access the software because my ISP has the password.

Last night my husband's laptop (with a wireless connection) was repeatedly
attacked by a Trojan Horse. (The Internet was turned on but he was not using
the Web - he was using a program that is not an online one.) His antivirus
stopped and deleted all of them. But I'm concerned that these open ports are
a major part of the problem.

This is why it's important to use a software firewall on each the the
computers connected to the Internet, even by a router with NAT. Then,
should there be a weakness or malfunction in the hardware, the computers
still have some protection.

If you use a router with NAT, it's still a very good idea to use a
3rd party software firewall. Like WinXP's built-in firewall,
NAT-capable routers do nothing to protect the user from him/herself (or
any "curious," over-confident teenagers in the home). Again -- and I
cannot emphasize this enough -- almost all spyware and many Trojans and
worms are downloaded and installed deliberately (albeit unknowingly) by
the user. So a software firewall, such as Comodo, Sygate or ZoneAlarm,
that can detect and warn the user of unauthorized out-going traffic is
an important element of protecting one's privacy and security, alerting
you to an unwanted malware application's activity. (Remember: Most
antivirus applications do not even scan for or protect you from
adware/spyware, because, after all, you've installed them yourself, so
you must want them there, right?)

When I ran WinXP, I used both a router with NAT and Sygate Personal
Firewall, even though I generally know better than to install scumware.
When it comes to computer security and protecting my privacy, I prefer
the old "belt and suspenders" approach. In the professional IT
community, this is also known as a "layered defense." Basically, it
comes down to never, ever "putting all of your eggs in one basket."

We are considering buying our own equipment. Can you purchase a combination
modem/router or would we need to get the modem from the ISP and get our own
router? I know the routers have their own firewall software that we could
access and set up. Or are we opening up a big "can of worms"?

You would have to contact the ISP and ask them what specific
makes/models of routers and modems they're will to support, and go with
one of those. Most likely, you'd need to use their modem and be free to
choose your own router. If the ISP refuses to support any user-owned
equipment, I'd strongly suggest that you seek out another, more
reasonable, ISP. (Cable, if available; it's much faster than DSL) Of
course, that may not be an option in your locale, which makes having a
good software firewall even more important, if the ISP proves inflexible
regarding the hardware.




--

Bruce Chambers

Help us help you:


http://support.microsoft.com/default.aspx/kb/555375

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

 

[MtnLadyinBlackHills1986]

Thank you, everyone, for replying. On Monday, I will be contacting my ISP
about returning my modem/router combo and getting just the modem. Brian A.,
I'm impressed - you identified my ISP! I am able to obtain my own router.
I'll talk to GWTC about the exchange and any router specifications I need to
know. BTW, in my remote area, they are the only ISP provider.

I'll respond to each of your posts on Monday when I find out information.
Both my and my husband's computers do have the Windows XP Firewall up and
running. I can't say how his computer got infected. (He has run the
antivirus and Malwarebytes software and his computer is clean now.) He is
very careful about not going to questionable sites and links. So am I.

But I found out I may have gotten a Trojan Horse from a site I trusted. A
friend of mine is the Administrator but not the owner. She reported that
there was a Trojan Horse on the site and that she had notified the owner. I
don't know if I could have gotten it just coming on the site. I might have
clicked on a link others provided (it's a forum). I haven't gone there since.

Thank you for your help, everyone!

 

[Roy Smith]

Thank you, everyone, for replying. On Monday, I will be contacting my ISP
about returning my modem/router combo and getting just the modem. Brian A.,
I'm impressed - you identified my ISP! I am able to obtain my own router.
I'll talk to GWTC about the exchange and any router specifications I need to
know. BTW, in my remote area, they are the only ISP provider.

I'll respond to each of your posts on Monday when I find out information.
Both my and my husband's computers do have the Windows XP Firewall up and
running. I can't say how his computer got infected. (He has run the
antivirus and Malwarebytes software and his computer is clean now.) He is
very careful about not going to questionable sites and links. So am I.

But I found out I may have gotten a Trojan Horse from a site I trusted. A
friend of mine is the Administrator but not the owner. She reported that
there was a Trojan Horse on the site and that she had notified the owner. I
don't know if I could have gotten it just coming on the site. I might have
clicked on a link others provided (it's a forum). I haven't gone there since.

Thank you for your help, everyone!

If I may suggest a program that will help prevent you from becoming a
victim of a Trojan and other malware. It's called WinPatrol and it's
available at www.winpatrol.com. What it does is it monitors your system
and notifies you of any program that tries to install itself so that it
will start when Windows starts (which most malware does). That feature
alone makes it worth getting, but there is a lot more to it than just
that. So go check it out, it could save you from any future headaches...

 

[MtnLadyinBlackHills1986]

I would buy my own router and get a wireless router too. Any ISP that

lock you out of control of your network is asking to to buy your own
equipment. I am guessing that you would repay you self in about two years.

Sorry for the delay in replying. I did purchase my own router and have set
it up. The security level was higher on my new one than on the modem/router
combo I had been renting from my ISP. I didn't like to be locked out of
control of my own system either. Thank you for replying to my post.

 

[MtnLadyinBlackHills1986]

One thing you might consider since you're renting the modem/router is

asking your ISP if they have a modem without a router. If they do then
I'd get it and then get my own router and set it up. That way I would
have full control over what ports are open or closed.

Roy, I followed your advice. My ISP allows me to purchase my own equipment
(although they provide no support). My ISP took out the modem/router combo I
was renting and put in a modem only. I purchased my own router and got it
set up for my needs. The security rating on this router is a higher level
than was available on the modem/router ("SPI" instead of "NAT"). This is
working well. Thank you for replying to my post.

 

[MtnLadyinBlackHills1986]

Who is your ISP and what is the make and model number of the

modem/router that your they supplied you with? If you give us that
information readers with experience with this particular hardware or ISP
may be able to help in greater details.

John, I did have a Zhone modem/router combination. I now have a Cisco
Linksys router.

Things differ from place to place but around here we only have 2 high
speed internet providers and neither of them allow us their customers to
purchase their own equipment. Or rather I should precise by saying
that they only allow us to buy equipment from them or from an approved
supplier and they only allow us to use certain makes and model numbers,
we have no choice over this, we can't plug any which modem that we want
on their line, it just won't work. I rather suspect that it might be
the same where you're at.

You're one ISP ahead of me - LOL. I have the big choice of one. My
provider is better, though, as they allowed me to purchase my choice of
equipment from anywhere I wanted to buy it. They didn't guarantee it would
work but I had no problems at all setting up my own router.

Ask your ISP if you can get a straight modem only from them, tell them
that you don't need any routing features. Or ask them if they can turn
off the wireless and routing feature on the equipment that you now have.
If you can get a modem only from them you will probably save a dollar
or two a month because most ISPs charge a bit more for a router or for a
wireless router than they do for a straight modem. Then you can get
yourself a good suitable wireless router of your choice and then put the
crappy equipment that the ISP supplied on the outside perimeter (on the
WAN port) and plug your computers to the LAN ports and configure things
to your liking. While you could put another router in the picture and
plug the ISPs router in the WAN port this type of setup greatly
complicates things for nothing so its best if you can use a modem only
from your ISP or have them disable the routing and wireless features on
their equipment.

My ISP did come recently and changed out their modem/router with a straight
modem. I purchased and set up my own router. The security level on my
router (a Cisco Linksys) is higher than was on the unit I rented ("SPI"
instead of "NAT"). I agreed with what you said. It seemed like a bad idea
to add a second router into the system. It took a little while to get the
equipment changed out, but I'm happy I was able to do it. I feel much safer
and in control with my own router.

Thank you for replying to my post, John.

 

[MtnLadyinBlackHills1986]

If the company is Bellsouth, ATT, or one of their subsidiaries, some
routers aren't supported by them. You might get the information
necessary to set it up, if you pay them $30 per hour to talk to their
support engineers, but you might not want to do that..

Joe, my ISP is a smaller, regional company - none of the ones you listed
above.

Just turn on your Windows firewall and nothing can get in, without help
from within the laptop in question. Also turn off file and printer
sharing, if you don't currently use them. Do a Malwarebytes and
Superantispyware scan to assure nothing is already compromising the
machine in question.

My husband and I both have our Windows firewalls up and running. We have
also both turned off the file and printer sharing. When I was struggling
through my Trojan Horse earlier, I installed the Malwarebytes software and so
did my husband. Between MBAM, my antivirus software and running diagnostics
with Hijack This and help from The Spywarekiller website, I now have a clean
machine. My husband checked his out also.

I feel more secure too with now being able to configure my own router, when
my ISP didn't want to change the settings on my rented modem/router combo.

Just my opinion..

Thanks for replying to my post, Joe. It's good advice. Sorry to be so slow
to reply.

 

[MtnLadyinBlackHills1986]

If your ISP is Golden West Telecommunications then you can purchase your
own

equipment according to their policy. You should contact them for information on
which manufacturers equipment is acceptable/compatible with their service.
Although you may purchase/own/use the equipment, your ISP may still require
access to the equipment in one form or another. Go the route John John
suggested if acceptable by the ISPs terms, use a modem of theirs and purchase a
router. They will still have control of the modem configuration and you will
have control of the router configuration.

Scroll down to "Section A- Specific Product Requirements." > (H) Equipment at:
http://www.goldenwest.net/policies/view_policy.php?pid=2

Brian, they are my ISP! Thank you for doing the research and finding the
pertinent part of their policy about buying your own personal equipment.

I did contact GWTC and they changed their modem/router to a straight modem.
I've purchased and set up my own router with no problems at all. I'm pleased
with the new router (a Cisco Linksys). Besides having control of it myself,
it has a higher security rating than the modem/router combo I rented ("SPI"
instead of "NAT"). Thanks so much for replying to my post and your extra
work in researching my ISP's policy.

 

[MtnLadyinBlackHills1986]

You must first not that most "home office" grade routers DO NOT have

firewall software. These are NAT (Network Address Translation) style
which is hiding your "home" PCs addresses (192.168.xxx.xxx) with your
ISP's Internet address assigned to the router.

The router I purchased (a Cisco Linksys) claims to have "SPI" software, a
grade above the "NAT". I have set up the router. My IP address is not the
same as my ISP's address. There are advanced settings available for the
firewall software.

AS for replacing the modem router, please consult your service
agreement before spending the money. Some contracts may clearly state
that the Internet service must use the included modem/router or no
service support will be offered.

My ISP allowed me to purchase my own equipment but did state they would not
offer service support. The router manufacturer does offer support.

If your ISP can offer a modem "device" only, switch to this device and
purchase your own router. You will then "control" the router settings

Also, until the time you change the hardware, look at installing
software firewalls or use the Windows XP SP2 built-in one.

My ISP has changed out my modem/router comb for a straight modem. I have
purchased my own router and had no problems getting it set up. I am using
the Windows Firewall. I feel much better now having control of my own
router. Thank you for replying to my post.

 

[MtnLadyinBlackHills1986]

This is why it's important to use a software firewall on each the the

computers connected to the Internet, even by a router with NAT. Then,
should there be a weakness or malfunction in the hardware, the computers
still have some protection.

That's sound advice. I agree.

If you use a router with NAT, it's still a very good idea to use a
3rd party software firewall. Like WinXP's built-in firewall,
NAT-capable routers do nothing to protect the user from him/herself (or
any "curious," over-confident teenagers in the home). Again -- and I
cannot emphasize this enough -- almost all spyware and many Trojans and
worms are downloaded and installed deliberately (albeit unknowingly) by
the user. So a software firewall, such as Comodo, Sygate or ZoneAlarm,
that can detect and warn the user of unauthorized out-going traffic is
an important element of protecting one's privacy and security, alerting
you to an unwanted malware application's activity. (Remember: Most
antivirus applications do not even scan for or protect you from
adware/spyware, because, after all, you've installed them yourself, so
you must want them there, right?)

My husband and I are both using the Windows Firewall software. We both try
to be very careful not to click on or download anything questionable (no
teenagers here!). However, I was horrified to learn that a site I trusted
had a Trojan Horse. A friend of mine is Administrator (but not the site
owner), discovered it and reported it to the owner. That may well be where I
got my infection. I haven't been back.

When I ran WinXP, I used both a router with NAT and Sygate Personal
Firewall, even though I generally know better than to install scumware.
When it comes to computer security and protecting my privacy, I prefer
the old "belt and suspenders" approach. In the professional IT
community, this is also known as a "layered defense." Basically, it
comes down to never, ever "putting all of your eggs in one basket."

I have had my ISP change out my rented modem/router for a straight modem. I
purchased and set up my own router. The manufacturer (Cisco Linksys) stated
that the security is a level higher than "NAT" ("SPI"). I like being in
control of my own router settings. Thank you for replying to my post, Bruce.

 

[MtnLadyinBlackHills1986]

If I may suggest a program that will help prevent you from becoming a

victim of a Trojan and other malware. It's called WinPatrol and it's
available at www.winpatrol.com. What it does is it monitors your system
and notifies you of any program that tries to install itself so that it
will start when Windows starts (which most malware does). That feature
alone makes it worth getting, but there is a lot more to it than just
that. So go check it out, it could save you from any future headaches...

Thank you so much, Roy, for telling me about this software. I really like
it! It's now installed on both my husband's and my computer. I would never
have known about it if you hadn't posted. I would suggest it to everyone who
goes on the Internet.

 

[Brian A.]

You're quite welcome, glad to see you have it sorted out.

--

Brian A. Sesko
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://members.shaw.ca/dts-l/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375


"MtnLadyinBlackHills1986"

 

[smlunatick]

The router I purchased (a Cisco Linksys) claims to have "SPI" software, a
grade above the "NAT".  I have set up the router.  My IP address is not the
same as my ISP's address.  There are advanced settings available for the
firewall software.  


My ISP allowed me to purchase my own equipment but did state they would not
offer service support.  The router manufacturer does offer support.



My ISP has changed out my modem/router comb for a straight modem.  I have
purchased my own router and had no problems getting it set up.  I am using
the Windows Firewall.  I feel much better now having control of my own
router.  Thank you for replying to my post.

SPI is still not considered a true firewall. It is:

SPI ("stateful packet inspection" also known as "dynamic packet
filtering") helps to prevent cyberattacks by tracking more state per
session. It validates that the traffic passing through that session
conforms to the protocol. When the protocol is TCP, SPI checks that
packet sequence numbers are within the valid range for the session,
discarding those packets that do not have valid sequence numbers.