Products Firewalla Gold Firewalla Purple Firewalla Blue Plus Firewalla Red Firewalla Blue

Question on external threats (Port Scans, DoS Syn/Ack, TCP/UDP Chargen, etc)

Follow
Avatar
JayWBee

I have a Netgear Orbi Router plus two satellites running in my mesh network (RBK23).

My question relates to my Firewalla Gold and how it may record/log external threats.

Historically, the Orbi Router would log external threats or attempts at communication, typically dozens or hundreds of them on a daily basis. These are the typical Port Scans, DoS Syn/Ack, TCP/UDP Chargen, ACK Scan, Land attacks, etc.

Now, I am aware there have been opinions in the community that Netgear does a poor job at actually identifying legitimate threats, often mischaracterizing non-threats incorrectly. I cannot say with authority if this is true or not, but what I was expecting to see in Firewalla were notices of similar protective efforts now that I have added it to the network. I do not see anything like this so far...

So with the Orbi router in AP / Bridge mode, a quick look at their log shows a sync with ntp for time synchronization.... and that's basically it.  Gone are the hundreds of daily external pokes and prods made from sources unknown.

I suppose if Firewalla performs this protection automatically, intercepts and terminates these attempts quietly and with no fanfare, and just doesn't log or alert me about it (as it's an oh-so-common-internet-thing, nothing to see here folks....)... well that's fine.

I'd just like to know for sure...  either way.   Thanks!

0

Comments

2 comments

Sort by Date Votes
  • Avatar
    Firewalla

    1. The Gold has an ingress firewall turned on by default ...  So that will lock out most of the attacks

    2. If you accidentally left a port open, firewalla will likely trigger alarms, and in some cases, silently block.   

    In your case, (1) is likely working hard.   You can also take a look at the open ports button, if you see things there, close it, then you will likely be more secure.

    0
    Comment actions Permalink
  • Avatar
    networker5

    I have a similar question. Because I see lots of alarms with very little details so it's hard to know if these are legitimate system functions or areas for further investigation. And if the latter there is no way to actually do anymore investigation because none of the packets are captured.
    A Windows device that has an alarm such as the one below... Should I be concerned? I would expect some indication from the app that I should not be or some way to see what is actually being uploaded... Otherwise what's the point of this device?

    Device DESKTOP-CN544 uploaded 1.03 MB data to android.clients.google.com at about 1:09 PM.

    Also, while I find it very useful to see different types of activity like video usage or gaming, it's all merged together an alarms so scrolling through and seeing random notifications of video or gaming is not very helpful. Is it just me? Is it just an early app design? Finally, from the above comment it looks like there are silent blocks, but I think it's important to know if I'm being attacked or hacked. Seeing those attempts somehow, even if it's just a summary, would be informative . Don't you agree?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post