Abstract

This Tolly Group evaluation compares the firewall security of the 2Wire HomePortal 100W wireless residential gateway against the Linksys BEFSR41 cable/DSL router and the SonicWALL SOHO/10 in a home broadband environment. The report focuses on two practical security issues for always-on cable and DSL users: how well each product blocks Denial of Service attacks, and how securely each handles hosted applications such as Microsoft NetMeeting.  

In default mode, the 2Wire HomePortal 100W and SonicWALL SOHO/10 both blocked 100% of the seven common DoS attacks launched during testing, while the Linksys BEFSR41 failed to block any of them. Logging performance also differed sharply. The 2Wire device logged 100% of the attacks, SonicWALL logged 29%, and Linksys logged 57%. The attack set included Bonk, Jolt, Land, Nestea, NewTear, Syndrop, and TearDrop. A LAN-side PC running BlackICE was used to confirm whether attacks penetrated the firewall, and Agilent Software Advisor was used to monitor unexpected traffic on the home network.    

The report also draws a clear distinction between application-layer gateways and DMZ-based hosting. To support Microsoft NetMeeting, the 2Wire and SonicWALL products used ALGs, while the Linksys unit relied on DMZ mode. According to the test, both ALG-based products continued to prevent firewall breaches during NetMeeting operation, while the Linksys router in DMZ mode exposed the hosted computer to additional attacks detected by BlackICE, including UDP Port Probe, TearDrop, NewTear, and Nestea. The report argues that ALG mode is safer because it opens only the ports needed for the application and validates incoming traffic, whereas DMZ mode removes firewall protection from the designated host.  

Tested in early 2001, the evaluation presents the 2Wire HomePortal 100W as the strongest overall result in this comparison, combining full DoS blocking, complete attack logging, and safer hosted-application support for home users sharing broadband Internet access.