Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Resolved Question

How does firewall in Belkin router support security ?

Aug 6, 2016 1:20AM PDT

hello experts,
does the fire wall in the Belkin router protect against hacking from outside (WAN) ? Can someone from the WAN login to the router ? Could he install MALware/Spy-software in the router ?

Discussion is locked

Niedermo2 has chosen the best answer to their question. View answer

Best Answer

- Collapse -
It doesn't
Aug 6, 2016 9:19AM PDT

Surprise! Routers for years (decade+) used NAT. That meant even without a firewall NAT already provided a natural firewall since unsolicited connections were simply dropped.
NAT, and more is on the web so I'll stop here.

As to the WAN login, you can configure it to allow that so YOUR CHOICE!

As to malware/spy software it's complicated. Some routers offer plugins, some don't. So you have to ask about not only your router but it's installed router firmware or OS.

There's little to be gained by installing antispyware in the router in most countries as here in the USA/NSA, the internet is monitored. Read https://en.wikipedia.org/wiki/Lavabit to learn why it went out of business as they refused to install our government mandated spy gear.

- Collapse -
Thanks for helpful reply
Aug 7, 2016 9:25AM PDT

As I know quite little about networking, I am grateful for all hints and responses. Ok, regarding NAT mecansism, if I send some messages out from my PC in the LAN, then the receiver will see that NATed IP address instead of my internal IP address, right ? If I send an email to someone, that "someone" could find out the sender IP-address , which is the IP address of the router in the public WAN network ? Theoretically, could he then login to that router, or connect to it, because he has the IP address ? Disabling of remote login feature in the router would it prevent that ?

- Collapse -
In reverse order.
Aug 7, 2016 9:41AM PDT

You asked if disabling the remote login would prevent remote logins. If that doesn't work, this is one bad router. I'm unsure what more I can add to that.

As to the email, very few folk have an email server and if you dive into email headers these do not include your PC's IP or your internet connection's IP. The sender IP is, and you can look it up, the IP of the mail server.

- Collapse -
Further questions, thanks so far
Aug 8, 2016 6:19AM PDT

Hi, thanks again for explaining me some fundamentals in networking !
As far as I understand, someone who knows my email address or receives an email from me can't easily retrieve my (my routers) IP address, and he can't log in remotely to my router. (Maybe there is a way to retrieve it from the mail server of my ISP for "advanced" attackers...?)
My next question would be : Can a hacker install a kind of monitoring SW on the router or my PC in order to spy on me .... and how would he achieve this ?

- Collapse -
You left out details.
Aug 8, 2016 8:20AM PDT

Why are you running an email SERVER? That's very advanced and you claim you are a beginner.

As to the hacker, sure. If you have the right router, didn't secure it etc.
But here, our government is monitoring it all. Why not just lock up your router, turn off the remote login/management and carry on?

You are trending toward paranoia and when I see that, I refer folk to the clinic.

- Collapse -
reason for asking
Aug 8, 2016 12:31PM PDT

Hi,
just let me give you the back ground for the questions I am raising. My daughter is (thinks, feels) that she is persecuted the internet by a guy (or ex-friend). In different ways. That's why I want to try to understand as much as possible what is possible, what is real...... for example that the hacker gets to spy into her emails, knowing what she is doing and where she is.......
No, I have no mail server,
I am not in the US, but in Europe
Thank you for your help so far

- Collapse -
I sincerely doubt the router has been hacked.
Aug 8, 2016 3:19PM PDT

It's much too easy to track folk if they ever let me access their PC or phone.

The questions you ask are fine, but I've yet to find a hacked router. If I ever did suspect that, I could update the firmware of the router, factory reset it and setup it up as best I know how.

The IP of your internet connection is not very useful. While I could mount a DOS (denial of service) attack, 99.99% of the routers drop unsolicited connections, when folk think they are exposed, it's not that.

And the email headers lead me only to my email server, not my PC or internet IP.