Does a router prevent malware?

[aimeeandbeatles]

You think this would be simple to google... But I kept getting conflicted results. I dont mean all malwares, but can a router prevent certain sorts from getting in?

I told this to my mom last week (before I stopped speaking) because she wanted to connect our virus-prone neighbor to our router because she couldn't afford to pay the internet... I told her that if she tried that I would boot the neighbor because if she got a malware that "breached the router" (my words) that it could spread to our computers. I know worms can spread over LANs but how true is the router part?

 

[kiwitt]

I have my router set to not accept new connections from the outside.

So a bit like Knock Knock game. "Knock Knock" ... says the virus/malware. My router does not respond ... it does not even say "who's there ?"

However, When I communicate to other places, I go "Knock Knock" and I get a response and go to the site.

The moral of the story is to set your router to ignore all incoming connections and only let connections out.

However, once you have made a connection to the outside world, the router (Note: some routers like sonicwalls will) will pass it through and not filter the content you receive. For this you need AV/Malware/Firewall protection.

 

[MobBoss]

If I understand correctly, I think the concern is a malware infected machine might spread that malware to others connected to the router.

I typically have 2 to 3 laptops and a desktop connected to my home network via my router. I havent had any instances of 'router-wide' malware affecting the network. I think it would still require some type of infected file to be transferred and opened between machines on the same network. Given that, I dont think a router inheritly prevents malware, but afaik its not an automatic vehicle for it to spread either.

 

[innonimatu]

No. Most malware installations happen as a result of PEBKAC... users deliberately run in.

And routers should always respond to ICMP echo requests, at the very least, the Internet was meant to be a peer-to-peer network. Security paranoia has unfortunately led people to configure their computers not to answer anything - security-through-obscurity, I guess. Well, it's up to the owners of the equipment, ultimately.

 

[aimeeandbeatles]

Well in networking class I heard about malicious people sending huge amounts of large pings to clog up the network.

 

[Genocidicbunny]

Well in networking class I heard about malicious people sending huge amounts of large pings to clog up the network.

Yes, ping-flood DDoS are what these are called. They're the more brute-force successor to the ping-of-death attacks. There are of course ways to mitigate it, but most of them are burn-the-bridge solutions.