I use a Linksys router which I assumed to have
"Incoming" firewall protection.
I recently installed a firewall software to give
me "Outgoing" protection as well. (Like yesterday)
Through the nite a probe got through my router but
was blocked by the new software, because I was not up
to "Permit" access. As yet I had not done any
configuring of the new software.
It recorded the time and URL of the probe, and the PORT
it tried to access. (Must have default settings)
It was not some fly by nite website. I traced it down.
It appeared to be an e-mail server URL, and somehow got
past my mail server. I have in the past received e-mails
that were for someone else, that somehow slipped through.
My question is "how did it get past the router"?

Well...Email servers don't send email without being asked first.Your computer's email client program must first connect and request emails from your mailbox,then the server will send you your emails.


"how did it get past the router"?

This depends on how your router/firewall is setup. I would suggest that you take a look at any router/firewall setup documentation. Don't assume it's setup to do anything correctly. Find out what your defaults are http://www.PCGuide.com/ubb/smile.gif If you already know what your setup is and the intrusion should not have gotten thru ,then your next step would be to post more info. on what your router/firewall is setup for and the "attack" or intrusion you detected. (Your computer's firewall program should have log files that can help with that.)Otherwise we would just be guessing.


Good luck http://www.PCGuide.com/ubb/smile.gif




[This message has been edited by Ghost_Hacker (edited 02-01-2002).]

The Linksys router came with the firewall built in.
It is only just lately they posted an update, by
which you can set one PC on the network in bypass.
I have not done that.
I was not connected to the net.
The firewall software I downloaded yesterday is independent
from my router. (I Think)
I am always connected to my server by virtue of my cable modem.
All vulnerability tests I applied through Speedguide showed me
to be blind to anyone but my ISP server, but only on incoming.
I failed the leaktest from Gibson research for outgoing.
My ISP server showed totally stealth protected.
I agree with you on the e-mail issue, but the probe was definitely
an e-mail server address.
Thanks for the info tho. I will get to the bottom of it.

If you want post back the IP address of the email server and the "to and from" port numbers of the intrusion. (just don't post your IP address.)

The port information will tell us if it was probing for authentication information, which some unix based email servers do.( normal stuff for them and nothing to be worried about) or if someone was probing for mail relays.(which some ISPs will do. They sometimes probe for mail and news servers.)

Most probes directed at "email" ports are only dangerous if your running an email service.