Best way to filter out IP addresses with hardware..?

[KingNeil]

I am looking to filter out IP addresses using hardware external to the computer itself.

I have decided that using Windows' system for filtering IPs/hosts is no good, because if someone hacked the computer itself, then they could just alter all of that anyway.

So it needs to be some external device, that can't be hacked.

The thing is, I am in a place where other people use the same router as me. So, using any built-in IP address filtering on the router is no good.

It needs to be some kind of hardware device that is placed between my computer, and the router.

It would have the ability to

1. Filter out all IP addresses except certain ones
2. Or, just filter out certain IP addresses

What is your recommendation for this...?

 

[beers]

Any reason you can't get your own connection? In a shared upstream router environment all of your upstream traffic can be captured anyway.

Any sort of firewall or router could do this (DD-WRT probably preferred). Then you can just manage ACLs for what kind of traffic you want to block. If you want to filter from internal users too you are probably looking for a PAT configuration (but be aware that may give you a double-nat scenario which sometimes causes problems with certain applications).

What are you trying to avoid, anyway?

 

[Agent Smith]

Untangle would be my suggestion. But a server appliance will cost a lot so it would be best to use a small dedicated computer like a Nettop or I even read on a blog someone using a netbook. So long as Linux can identify the hardware. https://www.untangle.com/

http://community.spiceworks.com/how_to/39840-creating-country-block-lists-for-untangle

 

[KingNeil]

Hi, it's the original poster here.

So, how would you access this router...? Would it have a touch screen or something on it, or would I have to access it through another computer..?

Because remember, the original issue is that if the Windows computer itself is hacked, then obviously that creates issues.

The goal is to have a hardware device that is totally independent from any other computer on the network, other than, of course, routing data to it.

Also, does anyone have any reports of routers themselves being hacked, or are they generally considered to be secure..?

 

[beers]

What are you trying to defend against? Other computers on your network that you don't own, or are you wanting to segregate each single host from each other?

 

[Agent Smith]

Also, does anyone have any reports of routers themselves being hacked, or are they generally considered to be secure..?

Yes, some routers have been hacked. Mostly firmware related and that is why you need to stay abreast of and security vulnerabilities with router firmware or use a router with DD-WRT, Tomato, etc. In my blog I made a post about a hacked router.

 

[C4C]

Yes, some routers have been hacked. Mostly firmware related and that is why you need to stay abreast of and security vulnerabilities with router firmware or use a router with DD-WRT, Tomato, etc. In my blog I made a post about a hacked router.

Not all that common unless your make yourself a target. Running a server from home without DDoS protection, could do it.

 

[Agent Smith]

What? I get access attempts to my forum and blog from hacked routers all the time.

DDoS protection? A home user couldn't possibility mitigate it. I could get a stresser account and send terabytes of data at your router and shut it down. Don't really see what DDoS has anything to do with hacked routers though.