When we bought a router to set up our home network the guy said that hackers could only see the router (as a computer) and our computers could not be hacked. Its almost impossible NOT to put information on it that you don't want anyone to steal, especially if you do most of your X-mas shopping online. The xp firewall is disabled because it was interfering with something when it was new. I got xp like the minute it came out and had some problems with compatibility but those are taken care of now. I suppose I could enable the firewall again if need be. Is this true about the router? Thank you.

Wayne Van

nothing is safe wayne ... people can overload your routers with dos attacks and leave you vulnerable.
Doesn't matter how much security you have there is always a way to defeat it. Look at the microsoft attacks that will show you how vulnerable routers are.
I would never at any point use the net to purchase stuff ... just make your order and send a draft ... i wouldn't advise you to use credit cards online. Unless you have no option thats my advice .. hope it helps

yeah, i agree with hylian about the credit card thing. i bought a cell phone online, and the connection was encrypted. several days later, someone started using my credit card all over the region and charged over $1200 in a matter of days. The connection might have been encrypted, but once it reaches the merchant's computer, it's decrypted and stored in plain text. thus if someone hacks their site, or if someone there is not trustworthy, then you're in trouble.

they have virtual credit card numbers now...you can generate a number that'll be assigned to your CC, and it can only be used once and only at one merchant (you can even set max limits, expiration dates, etc).

a router might have a built-in firewall/nat. this prevents them from contacting your computer directly. when they have your ip address and try to hack it...they only see the router (but they can't tell that it's a router)

I make online credit card purchases often, in fact a lot of my Christmas shopping this year is online. I've been doing online shopping for several years with no problem. There are certainly precautions you should take. Here's an article I wrote for my website:

http://www.netrn.net/safe_shopping.htm

Your credit card info is just as vulnerable when you use it to order on the phone or in a store.

In addition to your router, you should have a good firewall. The XP firewall is not so good. There are lots of discussions on this board about the best firewall and everyone has their favorites. XP does offer some protection from income attacks, but nothing to protect your computer from outgoing communication. That's why you need a good firewall. There are good free ones - Sygate is a favorite here. I like Zone Alarm Pro, but a lot of people don't like it.

Hope this helps.

Informative and interesting responses all, thank you. We buy tons of stuff online and will continue to. My browser has an automatic pop up window informing me when I am going to a secure site and if it doesn't pop up I will not order. That has happened a couple of times. 99% of my orders are from companies I know and the others I feel that I can generally make an accurate assessment of the company by the website and other methods.

Suzi, thats a pretty good article thanks for the link. I didn't realize that the xp firewall was not exactly top of the line, thats too bad. I've heard Zone Alarm recommended before, maybe I'll have to get that one. Thankfully I've never had a problem, but I think I've had some close calls. I often read the xp forum, and sometimes post, but this is my first time at the security forum. Very interesting. Thank you for your help.

Wayne Van
you try not to listen to everything everyone says; yes routers can be defeted but not by does attacks . if you have your router configured right and your able to add more subnets . this will confuse any one trying to tackle your network. seeing that most routers on the market have something Called NAT. this hides the internal address from the outside. drop me an email . i can tel you a lot more about this subject seeing that security networks is what i do all day long.

peace out

Wayne Van
you try not to listen to everything everyone says; yes routers can be defeted but not by does attacks . if you have your router configured right and your able to add more subnets . this will confuse any one trying to tackle your network. seeing that most routers on the market have something Called NAT. this hides the internal address from the outside. drop me an email . i can tel you a lot more about this subject seeing that security networks is what i do all day long.

peace out
email. pinkyandthebrian@earthlink.net

want me to show you how to defeat a router with dos attacks ... wanna try it ... let me know i'll show you !!!

Everything has bugs ... hardest thing is finding just ONE

Popular Linksys Router Vulnerable to Attack
By Dennis Fisher

A denial-of-service vulnerability in one of the most popular cable and DSL routers allows an attacker to crash the router from a remote location.

The Linksys Group Inc.'s BEFSR41 EtherFast Cable/DSL Router with 4-Port Switch is vulnerable to a remote DoS attack that requires the attacker to do nothing more than access a specific script on the router's remote management interface. The vulnerability affects all of the routers with firmware versions earlier than 1.42.7.

ADVERTISEMENT

There is no patch available for the problem at this point, but firmaware version 1.43 fixes the problem.

In order to exploit the vulnerability, an attacker would simply need to access the Gozilla.cgi script using the router's IP address with no arguments. As long as the router's remote management interface is enabled, the attacker simply needs to craft a URL that looks like this—http://192.168.1.1/ Gozilla.cgi?—and send it to the router, which would then crash, according to an advisory published Friday by iDefense Inc., a security firm based in Chantilly, Va.

"Exploitation may be particularly dangerous, especially if the router's remote management capability is enabled," the advisory said. "An attacker can trivially crash the router by directing the URL…to its external interface."

In many cases, there is no reason for the remote management interface to be enabled and disabling it serves as an easy defense against this problem.

Linksys officials on Wednesday responded to the vulnerability report, saying that they were aware of the problem and recommend that all users leave the remote management interface disabled, which is the default setting.

Linksys routers are used by many home workers to split broadband connections among several computers.

A message on a security mailing list Friday from Mark Litchfield of Next Generation Security Software Ltd. suggested that routers and wireless access points from D-Link Systems Inc., and Linksys access points are also vulnerable to a DoS condition.

Indeed some routers are vulnerable to these attacks. But let's keep in mind that no firewall is going to keep you safe from people stealing your credit card. The two have hardly anything to do with each other. As stated above, you have to use companies you trust because once the credit card number arrives at their company, it's in the hands of employees who may be untrustworthy.

About defeated routers... the most you can do is crashing with a DOS. But computers behind still safe and cannot be compromised. This is what wayne was trying to know with his posting.

Concerning online purchasing... credit card over the web will always still more secure than the one given to the restaurant's cashier... I do buy stuff online every month.. but not at any store!!! I only pay with paypal except some trusted store.