Disabling router firewall to lower ping, safe to do?*

· PS FAQ · Search Forum · Any ET related problems? Post them here
Veteran
Posts: 712
Joined: Tue Mar 27, 2007 0:00

Disabling router firewall to lower ping, safe to do?*

Postby Ferocious » Thu Aug 02, 2007 16:28

What's the risk of an Denial of Service (DOS) attack to a computer?

I can lower my ping a little by disabling the router firewall, but i dont know if its safe to.

Spam Kid
User avatar
Posts: 25
Joined: Fri Jul 27, 2007 0:00
Location: Austria / Vienna

Postby mad_tda » Thu Aug 02, 2007 17:06

Hope i don't misunderstood your question. You would like to disable the DOS feature of your home router?

So what's your services behind that router? If you have a web server running behind, a mass attack of http-requests will cause the router to stop route these requests to your web server.

If you are a target of a DOS attack, turn your router off, don't think this feature will help you out.

just my 2 cent
MaD

Server Owner
Posts: 952
Joined: Sat Dec 23, 2006 1:00
Location: Germany-> Niedersachsen, -|PS|-#3

Postby stephan » Fri Aug 03, 2007 10:27

When you disable the router firewall every one who know your ip can do with your pc what he want!
Its not good to disable the router firewall!
Image

Veteran
Posts: 712
Joined: Tue Mar 27, 2007 0:00

Postby Ferocious » Fri Aug 03, 2007 10:40

stephan wrote:When you disable the router firewall every one who know your ip can do with your pc what he want!
Its not good to disable the router firewall!


Umm no they cant do what they want, my IP isnt static so it changes all the time, just because someone knows someone else's IP doesnt mean they can take controls of someones pc completely like remote acsess. people also have firewalls on the computers as well

Server Owner
Posts: 952
Joined: Sat Dec 23, 2006 1:00
Location: Germany-> Niedersachsen, -|PS|-#3

Postby stephan » Fri Aug 03, 2007 10:46

when you go on an webseite they have your ip and when they hack your system(if it dont ahs an own firewall) they can control it install it wat they wanta nd when they installed an trojan horseor something else that they configure to send every time when ip is changed an message to teh hacker then you have an problem!
Image

Veteran
Posts: 712
Joined: Tue Mar 27, 2007 0:00

Postby Ferocious » Fri Aug 03, 2007 15:21

Yeah Ok, my router firewall stays on even though it blocks almost everything.

Spam Kid
User avatar
Posts: 25
Joined: Fri Jul 27, 2007 0:00
Location: Austria / Vienna

Postby mad_tda » Fri Aug 03, 2007 15:24

hmm...ok i misunderstood your question,
I agree with stephan. Don't disable the firewall.

A standard firewall stops ip-attacks. It is a main part of security,
This firewall blocks all incoming traffic and allows all traffic out (simple statefull firewall). So nobody can hack your PC from outside (=internet).
But most of the attacks going the other way round. You start a program (got it per email, d/l, website (jpeg/pdf/xls/....) which is calling home. You only can prevent this if you don't allow all outgoing traffic. Problem of this approach: you have a lot of work to administrate your firewall and you have to have some proxies outside so you know which path your programs have to go.

.... sorry, security isn't that easy. Use Os/2, BeOS some other exotic OS and you will be most likely secure :wink:

Website Manager
User avatar
Posts: 6378
Joined: Tue May 09, 2006 0:00
Location: Netherlands

Postby warren-the-ape » Fri Aug 03, 2007 15:58

/Changed your topictitle into something more appropriate.


You can always try to portforward the ones used by ET and punkbuster.

punkbuster faq wrote:PunkBuster for Enemy Territory uses outgoing UDP Port 27960 to communicate with Master Servers. This is the same port used by default by Enemy Territory for gameplay.


See www.portforward.com for more info
"When the pin is pulled, Mr. Grenade is not our friend." Image

Veteran
Posts: 712
Joined: Tue Mar 27, 2007 0:00

Postby Ferocious » Fri Aug 03, 2007 17:31

Port 27960 is open on TCP/UDP no difference ive found :(

Veteran
Posts: 101
Joined: Sun May 07, 2006 0:00
Location: Poland

Postby hazamat » Sat Aug 04, 2007 10:47

forwarding ports is NOT needed in order to speed-up your et :)

you have to have your port opened only if you want to run an ET server visible from outside of your LAN network...

disabling firewall in your router doesnt mean that you will be attacked... DOS type attacks are directed mainly at the webservers AND you still will be 'protected' by NAT, so your computer wont be visible from the outside net (unless you forward a port)

but... i think disabling firewalls is pointless unless its an advanced firewall wich analizes and redirects incoming/outgoing traffic... most of the firewalls integrated with hardware routers are simple and doesnt slow down your et connection... :P
Image

Spam Kid
User avatar
Posts: 63
Joined: Mon May 21, 2007 0:00

Postby RAmpaGE » Sun Aug 05, 2007 14:38

a DOS attack is not that bad unless you run an ecommerce site web browser (i.e. eshop etc).
A denial of service attack is definad as some attaker is sendin a shlt load of traffic to your router (needs big fat connections, and many of them) so the router cannot handle all the traffic and fails to sevre your network, for example letting traffic going out.

I mean what do you have to fear, i dont think that your the CIA or something.

Generally firewall is a good idea, and doesnt slow down your traffic if it is embedded on a router. What is agood thing and nobod is using it is QOS (quality of service), i have set up a roule to my router so all traffic to 27960 has the highest priority. So even if my wife is browsing or downloading, i dont see a glitch while i play et.
When i say QOS i mean qos on the router not on windows pc, there no poin having it there anyway.
Image

Return to ET Help Desk

Who is online

Users browsing this forum: No registered users and 2 guests