Router is a Hacker?

[Zhanate]

I would like to know if I am misunderstanding something or if my software firewall is being a bit overactive. I don't know much about networking, so while this looks like silliness to me (I know for a fact that the "remote host" below is my router, I set it up.) I thought I should seek advice from someone more knowledgeable.

The router is a D-Link DIR-655 wireless gigabite draft-N router. The computer in question is connected through a wire. I have changed the default password on the router and have used PINs for the computers connected wirelessly. I've verified through the router that 192.168.0.197 is my computer, by name.

My software firewall, NetDefense from the SystemSuite 8 Pro package, keeps logging the these "attacks", port scans with the following characteristics:
Direction: Inbound
Protocol: UDP
Local IP: 192.168.0.197
Remote Host: 192.168.0.1
Application Involved: System

NetDefense offers these "details": "NetDefense has detected that the Remote Host "192.168.0.1" was attempting to scan active TCP and UDP ports on your computer. Port scanning is a gateway process used by Hackers to determine essential information about your computer before attempting more severe attacks. All incoming and outgoing traffic from this Hacker will be blocked."
​

Would external attacks look like they are coming from my router? The messages wouldn't bother me by themselves, or even with the silly flashing red icon, but sometimes the firewall apparently does start blocking the router and I have to turn the firewall off to access anything on the Internet. The router has a firewall, so I'm still protected, at least some.

Am I being silly even using a software firewall?

If the software firewall does have a use, can I safely insert a rule that allows all traffic from IPs 192.168.0.1 through 192.168.0.255, so it won't block my router or the other computers on my local network?

 

[Rich-M]

You know firewalls are the biggest pain and yes the firewall is pointing to the router as creating issues. You do not mention your OS but why not reinstall that Trend Micro without the firewall and use the Windows firewall or this will never end.
If you have a router with a hardware firewall, a good security suite which trend is adequate for antivirus and antispyware, don't let the paranoids scare you into thinking you need a 3rd party firewall. Vista has a 2 way firewall and XP has a partial 2 way after Sp2 but what is going to get in to dial out if you are careful and have good paid protection anyway?

 

[lunarlander]

I have had port scans that penetrate my NAT router.

I would not add that rule that you mentioned. That rule would practically render your firewall useless.

A software firewall is still useful even when you have a hardware firewall. It will prevent trojan horses from calling home. A lot of free downloads nowadays comes with spyware and installs without you knowing along with the main application. A software firewall's job is to prevent them from calling home.

 

[Zhanate]

Thanks for your responses.

I'm using Windows XP and occasionally Vista (dual boot). I use the SystemSuite/NetDefense firewall because the Windows one annoyed me. I don't question its effectiveness. This one annoys me less ... except when it blocks my Internet access.

So external port scans can look like they're coming from my router. And the hardware firewall won't prevent unwanted outgoing traffic.

Maybe I'll try the Windows firewall again.

Again, thank you for the help.

 

[RootbeaR]

Thanks for your responses.

I'm using Windows XP and occasionally Vista (dual boot). I use the SystemSuite/NetDefense firewall because the Windows one annoyed me. I don't question its effectiveness. This one annoys me less ... except when it blocks my Internet access.

So external port scans can look like they're coming from my router. And the hardware firewall won't prevent unwanted outgoing traffic.

Maybe I'll try the Windows firewall again.

Again, thank you for the help.

"The One-Way Firewall

Windows' built-in firewall has always suffered from the same flaw: Though it blocks suspicious stuff that comes in, it does nothing about what your PC sends out. Since an infected PC can mass-mail spam and forward your credit card numbers to someone without your better interest in mind, that's an important shortcoming.

Vista supposedly fixed this problem with the addition of a firewall capable of watching and blocking outbound traffic. But that capability is turned off by default. And Vista's designers forgot to put the controls that turn it on in a place where you're likely to look for it: the Windows Firewall Settings dialog box.

Here are two solutions.

1. Go to the secret place where you can turn on outgoing protection: Click Start, type firewall, and select Windows Firewall with Advanced Security. Click Windows Firewall Properties. The first three of the resulting dialog box's four tabs contain an Outbound Connections drop-down menu. In all three, select Block.

2. Get another, better firewall: Even with two-way protection enabled, Windows' firewall is a feeble guardian. On the other hand, the free Comodo Firewall Pro came out tops in independent testing, even compared with well-known commercial products such as Norton Internet Security (according to Matousec's Firewall Challenge)."
http://www.pcworld.com/article/150735-2/10_fixes_for_vistas_worst_features.html