Page 1 of 3 123 LastLast
Results 1 to 15 of 34
  1. #1


    Member Since
    Jan 08, 2017
    Posts
    11
    Do I need a router with Mac and these firewall settings?
    I am single home user in one apartment with no other users, living in apartment block house with over hundred apartments. I have cable internet and one modem.

    Mac firewall has "block all incoming connections" and "enable stealth mode" enabled. All sharing services are disabled.

    Do I need a router? All ports are disabled with these settings (I assume at least) so is router needed?

  2. #2

    ferrarr's Avatar
    Member Since
    May 21, 2012
    Location
    Rhode Island
    Posts
    2,217
    Specs:
    L2014 Macmini7,1 macOS 10.12, iPhone 6 iOS 10, iPad Pro 1 12.9" iOS 10,  Pencil 1
    Are you using a desktop Mac or a portable Mac? Do you want to use it in any room in the apartment or just the one room?
    -- Bob --
    Please backup. Everything has a life cycle, unexpected and warning free. Nothing will last as long as you want it to. Just do it!

  3. #3

    RadDave's Avatar
    Member Since
    Jan 20, 2012
    Location
    North Carolina
    Posts
    3,729
    Specs:
    MBP 13" (2013); 8 GB RAM; SSD 256 GB; OS 10.12
    Quote Originally Posted by Gramek View Post
    I am single home user in one apartment with no other users, living in apartment block house with over hundred apartments. I have cable internet and one modem.

    Mac firewall has "block all incoming connections" and "enable stealth mode" enabled. All sharing services are disabled.

    Do I need a router? All ports are disabled with these settings (I assume at least) so is router needed?
    First, I would suggest that you go to Steve Gibson's website HERE and run 'Shield's UP' - see first image below - run 'Test All Ports' (arrow); the second image is the results on my MBPro - my assigned IP address from my cable modem ISP is detected; BUT, I'm behind an Apple AirPort Extreme router, the 'internal personal' address of that machine is 10.0.1.19, which would NOT be seen by the internet world trying to probe my home network.

    Second, my feeling is that even if you owned one computer, that a router is still important - before Wi-Fi, I used routers on my single computers - some advice HERE, if interested. More importantly, do you need a home Wi-Fi network, do you want NAS, do you need to exchange information (data, music, etc.) between devices other than desktop/laptop computer(s), e.g. iDevices, smartphone, and electronic gear (my iPads, iPhone, HDTV, Blu-ray player, and Roku devices are all Wi-Fi compatible). Dave

    .
    Screen Shot 2017-01-08 at 12.45.32 PM.pngScreen Shot 2017-01-08 at 12.48.19 PM.png
    If you are helped, increase the reputation of the poster -

  4. #4

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,852
    Specs:
    Early 2015 13" rMBP
    Routers are cheap and make a network infinitely more expandable should you need it (ie. it makes it possible to use more than one device using the one internet connection). At a very minimum, it adds another layer between you and your public IP or, if you have an IP allocated by the building's hardware, between you and everyone else behind the switch/router in the building. Given that a decent router can be had for very little, I'd recommend it especially since you can then get a hardware based router in your living space that is controlled entirely by you and no one else.

    EDIT: For command line junkies, there is an interesting discussion here about using built in tools to quickly get a sense of what ports are open and listening.
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  5. #5


    Member Since
    Jan 08, 2017
    Posts
    11
    Quote Originally Posted by ferrarr View Post
    Are you using a desktop Mac or a portable Mac? Do you want to use it in any room in the apartment or just the one room?
    Mac Mini, using it only in one room.



    Quote Originally Posted by RadDave View Post
    First, I would suggest that you go to Steve Gibson's website HERE and run 'Shield's UP' - see first image below - run 'Test All Ports' (arrow); the second image is the results on my MBPro - my assigned IP address from my cable modem ISP is detected; BUT, I'm behind an Apple AirPort Extreme router, the 'internal personal' address of that machine is 10.0.1.19, which would NOT be seen by the internet world trying to probe my home network.

    Second, my feeling is that even if you owned one computer, that a router is still important - before Wi-Fi, I used routers on my single computers - some advice HERE, if interested. More importantly, do you need a home Wi-Fi network, do you want NAS, do you need to exchange information (data, music, etc.) between devices other than desktop/laptop computer(s), e.g. iDevices, smartphone, and electronic gear (my iPads, iPhone, HDTV, Blu-ray player, and Roku devices are all Wi-Fi compatible). Dave

    .
    Screen Shot 2017-01-08 at 12.45.32 PM.pngScreen Shot 2017-01-08 at 12.48.19 PM.png
    Nice site!
    Hm, mine is ALL green expect one blue. Is that bad?

    Also: THE EQUIPMENT AT THE TARGET IP ADDRESS
    DID NOT RESPOND TO OUR UPnP PROBES!


    I don't really need Wi-Fi (and would disable it in router is possible), don't need to exchange information between devices.





    Quote Originally Posted by vansmith View Post
    Routers are cheap and make a network infinitely more expandable should you need it (ie. it makes it possible to use more than one device using the one internet connection). At a very minimum, it adds another layer between you and your public IP or, if you have an IP allocated by the building's hardware, between you and everyone else behind the switch/router in the building. Given that a decent router can be had for very little, I'd recommend it especially since you can then get a hardware based router in your living space that is controlled entirely by you and no one else.

    EDIT: For command line junkies, there is an interesting discussion here about using built in tools to quickly get a sense of what ports are open and listening.
    So any router would suit? There are no issues if I go to shop and pick up the cheapest? They all have firewall capability?

  6. #6


    Member Since
    Jan 08, 2017
    Posts
    11
    Quote Originally Posted by ferrarr View Post
    Are you using a desktop Mac or a portable Mac? Do you want to use it in any room in the apartment or just the one room?
    Mac Mini, in one room only.


    Quote Originally Posted by RadDave View Post
    First, I would suggest that you go to Steve Gibson's website HERE and run 'Shield's UP' - see first image below - run 'Test All Ports' (arrow); the second image is the results on my MBPro - my assigned IP address from my cable modem ISP is detected; BUT, I'm behind an Apple AirPort Extreme router, the 'internal personal' address of that machine is 10.0.1.19, which would NOT be seen by the internet world trying to probe my home network.

    That's a nice site! Hm, one is blue, everything else is green. Is this good or bad?

    Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
    Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
    Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.


    NO PORTS were found to be OPEN.
    The port found to be CLOSED was:
    Other than what is listed above, all ports are STEALTH.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.



    Quote Originally Posted by RadDave View Post
    Second, my feeling is that even if you owned one computer, that a router is still important - before Wi-Fi, I used routers on my single computers - some advice HERE, if interested. More importantly, do you need a home Wi-Fi network, do you want NAS, do you need to exchange information (data, music, etc.) between devices other than desktop/laptop computer(s), e.g. iDevices, smartphone, and electronic gear (my iPads, iPhone, HDTV, Blu-ray player, and Roku devices are all Wi-Fi compatible). Dave


    Well, I have no need for Wi-Fi. If I'd have Wi-Fi router, I'd try to disable it.


    Quote Originally Posted by vansmith View Post
    Routers are cheap and make a network infinitely more expandable should you need it (ie. it makes it possible to use more than one device using the one internet connection). At a very minimum, it adds another layer between you and your public IP or, if you have an IP allocated by the building's hardware, between you and everyone else behind the switch/router in the building. Given that a decent router can be had for very little, I'd recommend it especially since you can then get a hardware based router in your living space that is controlled entirely by you and no one else.

    EDIT: For command line junkies, there is an interesting discussion here about using built in tools to quickly get a sense of what ports are open and listening.

    So any cheap router would do? There won't be issues if router is too cheap and will do more harm than good?
    What about these brands: D-Link, Trendnet, Linksys, TP-Link?
    Last edited by Gramek; 01-09-2017 at 08:02 AM.

  7. #7

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,852
    Specs:
    Early 2015 13" rMBP
    Quote Originally Posted by Gramek View Post
    So any router would suit? There are no issues if I go to shop and pick up the cheapest? They all have firewall capability?
    I suppose any will do although dlink seems to be having some bad luck lately. A quality Linksys will do the job. Ultimately, I suppose that my advice is to get the bets router that you can for the price that you're comfortable with.

    My only recommendation would be to stay away from Apple's routers. While they are fine routers, they're old and Apple doesn't seem to be updating/refreshing them anymore so they're a little long in the tooth.
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  8. #8

    RadDave's Avatar
    Member Since
    Jan 20, 2012
    Location
    North Carolina
    Posts
    3,729
    Specs:
    MBP 13" (2013); 8 GB RAM; SSD 256 GB; OS 10.12
    Quote Originally Posted by Gramek View Post
    Mac Mini, using it only in one room.

    Nice site!
    Hm, mine is ALL green expect one blue. Is that bad?

    Also: THE EQUIPMENT AT THE TARGET IP ADDRESS
    DID NOT RESPOND TO OUR UPnP PROBES!

    I don't really need Wi-Fi (and would disable it in router is possible), don't need to exchange information between devices.

    So any router would suit? There are no issues if I go to shop and pick up the cheapest? They all have firewall capability?
    Quote Originally Posted by Gramek View Post

    Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
    Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
    Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.


    NO PORTS were found to be OPEN.
    The port found to be CLOSED was:
    Other than what is listed above, all ports are STEALTH.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.


    So any cheap router would do? There won't be issues if router is too cheap and will do more harm than good?
    What about these brands: D-Link, Trendnet, Linksys, TP-Link?
    Hello - appears your posts have appeared - I tried to eliminate some of the duplication above - let me address a few of your questions just as starters:

    1 - Glad that you enjoyed Steve Gibson's site (I've been using 'Shields Up' since my PC days) - you're pretty much in 'Stealth Mode' meaning that your ports tested are not being seen on the public internet - that is GOOD! Plus, your IP address (i.e. one assigned by your ISP) seems to also be hidden - true? Or did it show up as in my example? Your results are better than mine, i.e. I'm ALL closed or stealthed - you seem to be HIDDEN except for some of this discussion above - for that, you need to spend more time on Gibson's site.

    2 - NOW, do you still want a router w/ the Gibson results? For me, despite my public IP address being seen, the internally assigned addresses by my home network's router are completely hidden - SO, I would probably still suggest that you obtain a router for the best security and a more robust firewall - what to buy? You can google for many suggestions, such as this PC Mag Review - pick the one in your price range based on the reviews - I've owned Linksys and Cisco routers in the past and am now using an Apple AirPort Extreme - I like using Apple products together, so for a less expensive option, you might consider the Apple AirPort Express (again go to the Apple website or do some googling). Let me stop there for you to respond. Dave

    ADDENDUM: Vansmith left a post as I was composing about the Apple routers and his concerns are an important consideration, i.e. Apple has not upgraded this equipment in a number of years and is about to abort this line - but might be still worth reviewing for your particular needs.
    Last edited by RadDave; 01-09-2017 at 08:04 PM.
    If you are helped, increase the reputation of the poster -

  9. #9


    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    5,129
    Gramek, I did not see or notice what modem you're using and presumably supplied by your ISP, but I have no ides why all the suggestions that you need a router when you're probably all set to go connecting via Ethernet cable and using the Firewall settings you already mentioned.

    Why create more possible problems, and expenses???






    - Patrick
    ==========

  10. #10

    RadDave's Avatar
    Member Since
    Jan 20, 2012
    Location
    North Carolina
    Posts
    3,729
    Specs:
    MBP 13" (2013); 8 GB RAM; SSD 256 GB; OS 10.12
    Quote Originally Posted by pm-r View Post
    Gramek, I did not see or notice what modem you're using and presumably supplied by your ISP, but I have no ides why all the suggestions that you need a router when you're probably all set to go connecting via Ethernet cable and using the Firewall settings you already mentioned.

    Why create more possible problems, and expenses???
    Hi Patrick - I don't disagree at all and implied in my response after his/her Gibson testing that the current setup was well protected - but for me, I would still get a router - Dave
    If you are helped, increase the reputation of the poster -

  11. #11

    ferrarr's Avatar
    Member Since
    May 21, 2012
    Location
    Rhode Island
    Posts
    2,217
    Specs:
    L2014 Macmini7,1 macOS 10.12, iPhone 6 iOS 10, iPad Pro 1 12.9" iOS 10,  Pencil 1
    If you only have one device (Mac mini), there is no need for a router, the modem will be all you need. If you have a phone, or tablet, then a wifi router will let those devices connect to the internet.
    -- Bob --
    Please backup. Everything has a life cycle, unexpected and warning free. Nothing will last as long as you want it to. Just do it!

  12. #12

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,852
    Specs:
    Early 2015 13" rMBP
    I'd disagree. Routers add a layer of security and make the nextwork more expandable for the future. Even if network expansion isn't needed, the extra layer of security, particularly the security that comes with a hardware level firewall is worth it.
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  13. #13


    Member Since
    Jan 08, 2017
    Posts
    11
    Quote Originally Posted by vansmith View Post
    I suppose any will do although dlink seems to be having some bad luck lately. A quality Linksys will do the job. Ultimately, I suppose that my advice is to get the bets router that you can for the price that you're comfortable with.

    My only recommendation would be to stay away from Apple's routers. While they are fine routers, they're old and Apple doesn't seem to be updating/refreshing them anymore so they're a little long in the tooth.
    Thank you for the Apple advice!
    But what is going on with D-link routers?



    Quote Originally Posted by RadDave View Post
    Hello - appears your posts have appeared - I tried to eliminate some of the duplication above - let me address a few of your questions just as starters:

    1 - Glad that you enjoyed Steve Gibson's site (I've been using 'Shields Up' since my PC days) - you're pretty much in 'Stealth Mode' meaning that your ports tested are not being seen on the public internet - that is GOOD! Plus, your IP address (i.e. one assigned by your ISP) seems to also be hidden - true? Or did it show up as in my example? Your results are better than mine, i.e. I'm ALL closed or stealthed - you seem to be HIDDEN except for some of this discussion above - for that, you need to spend more time on Gibson's site.

    2 - NOW, do you still want a router w/ the Gibson results? For me, despite my public IP address being seen, the internally assigned addresses by my home network's router are completely hidden - SO, I would probably still suggest that you obtain a router for the best security and a more robust firewall - what to buy? You can google for many suggestions, such as this PC Mag Review - pick the one in your price range based on the reviews - I've owned Linksys and Cisco routers in the past and am now using an Apple AirPort Extreme - I like using Apple products together, so for a less expensive option, you might consider the Apple AirPort Express (again go to the Apple website or do some googling). Let me stop there for you to respond. Dave

    ADDENDUM: Vansmith left a post as I was composing about the Apple routers and his concerns are an important consideration, i.e. Apple has not upgraded this equipment in a number of years and is about to abort this line - but might be still worth reviewing for your particular needs.
    My IP did show up, I just removed it in post.
    I only heard about router being essential for security few days ago so I'm still making up my mind. But if it does give more security I should consider it.



    Quote Originally Posted by pm-r View Post
    Gramek, I did not see or notice what modem you're using and presumably supplied by your ISP, but I have no ides why all the suggestions that you need a router when you're probably all set to go connecting via Ethernet cable and using the Firewall settings you already mentioned.

    Why create more possible problems, and expenses???






    - Patrick
    ==========
    My modem is rented from my ISP, Scientific Atlanta EPC 2203.
    [SPOILER]NGViNzAyMDY5YTU1ZTAxMmUwYTQyMmJjMTFjOWYzNjLChSe22-hmSZfjCoV_qGomaHR0cDovL21lZGlhLmFkc2ltZy5jb20v.jpg[/SPOILER]

    I heard few days ago that just using modem is not secure at all... so I'm trying to get as much information as possible to make my mind up. I only have this old modem and don't know how dangerous it is.


    I have one extra question: are there any ways to check if my modem is at its best and not insecure/compromised? If I'm already looking for all this info, I'd like to be know everything there is.
    Some time ago, in my Windows, AVAST gave some false alert about compromised network. I remember panicking and trying to upgrade modem's firmware - now I have no idea what I did or how I did it. Vague memory says it was through PC, I clicked something, something updated... but checking now, I find no such place.

    Modem is working nice, speed seems to be okay - is there any chance I compromised modem somehow and made it a security risk? Can someone use modem to hack into my computer/Mac if there is any weakness? And can it be checked?

  14. #14

    RadDave's Avatar
    Member Since
    Jan 20, 2012
    Location
    North Carolina
    Posts
    3,729
    Specs:
    MBP 13" (2013); 8 GB RAM; SSD 256 GB; OS 10.12
    Quote Originally Posted by Gramek View Post
    I only heard about router being essential for security few days ago so I'm still making up my mind. But if it does give more security I should consider it.

    My modem is rented from my ISP, Scientific Atlanta EPC 2203.

    I heard few days ago that just using modem is not secure at all... so I'm trying to get as much information as possible to make my mind up. I only have this old modem and don't know how dangerous it is.

    I have one extra question: are there any ways to check if my modem is at its best and not insecure/compromised? If I'm already looking for all this info, I'd like to be know everything there is.

    Modem is working nice, speed seems to be okay - is there any chance I compromised modem somehow and made it a security risk? Can someone use modem to hack into my computer/Mac if there is any weakness? And can it be checked?
    Hi again Gramek - a LOT of questions above. First, a modem uses Data Over Cable Service Interface Specification (DOCSIS), a telecommunications standard that provides Internet access. The DOCSIS standard is now v. 3 and offers the 'security' described in the quote below (Source) - my ISP is Time Warner and I rent their modem which was replaced last year w/ the Arris model shown below; my plan is 100 Mbps DL speed ideally - just check my speeds at Speedtest and got nearly 80 Mbps DL which serves my streaming needs (see pics below) - go to the link and check your speeds; also make sure that your modem is the newest model offered by your ISP, and hopefully up to current DOCSIS standards.

    NOW, the modem does not have a robust firewall, thus the router recommendation by several of us for added security; plus, the router offers many other features (some outlined previously), including a wireless Wi-Fi network, if you do decide to setup one. Let us know if you are still interested in obtaining a router and further comments can be offered. P.S. most ISPs (or you can purchased one) offer a combo device that includes a modem and a router, so just another option. Dave

    The DOCSIS system architecture includes security components that will ensure user data privacy across the shared cable network and will prevent unauthorized access to DOCSIS-based data transport services across the cable network. The DOCSIS architecture also supports policing (i.e., filtering) functions which can be used to reduce the risk of attacks targeted at attached CPE devices (Customer Premises Equipment, or personal computer). These policing capabilities match those available within dedicated line network access systems (e.g., telephone, ISDN, DSL) and cable data enterprises are as secure as DSL or other traditional phone architectures.
    .
    Screen Shot 2017-01-10 at 10.16.33 AM.png
    .
    Screen Shot 2017-01-10 at 10.06.46 AM.png
    If you are helped, increase the reputation of the poster -

  15. #15


    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    5,129
    Well, the OP can always do some googling:
    https://www.google.ca/search?client=...CcPM8gev_pbIDw

    And come up with some reports and tests like this:
    Security Issue: SL subscriber's using Cisco Residential Gateways

    Products Confirmed Not Vulnerable
    -Cisco Model DCP2100 DOCSIS 2.0 Cable Modem
    -Cisco Model DPC3008 DOCSIS 3.0 8x4 Cable Modem
    -Cisco Model DPC3208 8x4 DOCSIS 3.0 Cable Modem
    -Cisco Model DPC3828 DOCSIS 3.0 8x4 Residential Wireless Gateway
    -Cisco Model DPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway
    -Cisco Model EPC2425 EuroDOCSIS 2.0 Cable Modem
    -Cisco Model EPC3008 EuroDOCSIS 3.0 8x4 VoIP Cable Modem
    -Cisco Model EPC3208 8x4 DOCSIS 3.0 Cable Modem
    -Cisco Model EPC3828 EuroDOCSIS 3.0 8x4 Residential Wireless Gateway
    -Cisco Model EPC3928 EuroDOCSIS 3.0 8x4 Wireless Residential Gateway
    -Scientific Atlanta DPR2320 Cable Modem
    -Scientific Atlanta DPX 2000 Cable Modem
    -Scientific Atlanta EPC2203 VoIP Cable Modem
    -WebSTAR DPX2100 Cable Modem
    -WebSTAR DPX2203C VoIP Cable Modem
    -WebSTAR EPC2100R2 Cable Modem
    -WebSTAR EPR2325 EuroDOCSIS Residential Gateway with Wireless Access Point


    [bold mine]

    http://www.dslreports.com/forum/r294...ntial-Gateways

    See also:
    https://tools.cisco.com/security/cen...sa-20140716-cm








    - Patrick
    ==========

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Firewall Settings
    By Japple1 in forum Security Awareness
    Replies: 4
    Last Post: 12-18-2015, 08:19 PM
  2. How do you change firewall settings?
    By Noels in forum Switcher Hangout
    Replies: 6
    Last Post: 04-09-2008, 11:50 AM
  3. Limewire and Firewall settings...
    By A_Alire in forum Internet, Networking, and Wireless
    Replies: 2
    Last Post: 10-09-2007, 09:03 AM
  4. Firewall settings
    By gemigene in forum Switcher Hangout
    Replies: 8
    Last Post: 12-12-2006, 10:54 AM
  5. firewall settings with airport
    By IChing in forum Internet, Networking, and Wireless
    Replies: 0
    Last Post: 01-03-2005, 03:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •