Using TCP/IP for File sharing behind Netgear Router-Modem?
I have internet access using a Netgear DG834 Modem-Router with two
desktops connected.
I have 'File and printer sharing' enabled using the TCP/IP protocol.
But I once read that one should un-bind services such as 'File and
printer sharing' from TCP/IP as it can be a security risk...
So my question would be, Is this safe? I would assume that being
behind the Netgear DG834 router, using NAT would be safe.
Re: Using TCP/IP for File sharing behind Netgear Router-Modem?
"ZX" <anonanonan@google.com> wrote in message
news:Xns9939148353E9Canonanonan123mailcom@193.252. 117.183...
>I have internet access using a Netgear DG834 Modem-Router with two
> desktops connected.
> I have 'File and printer sharing' enabled using the TCP/IP protocol.
> But I once read that one should un-bind services such as 'File and
> printer sharing' from TCP/IP as it can be a security risk...
If you want to network the machines in a LAN situation, you need TCP.
> So my question would be, Is this safe? I would assume that being
> behind the Netgear DG834 router, using NAT would be safe.
>
Normally your network is safe behind a NAT router. It would be true if it
was an all wire router.
Wireless is attackable where someone can join your wireless network and be
all over the top of your machines wire or wireless.
You should try to harden the O/S to attack on the machines as much as
possible.
Re: Using TCP/IP for File sharing behind Netgear Router-Modem?
On May 22, 11:26 pm, "Mr. Arnold" <MR. Arn...@Arnold.com> wrote:
> "ZX" <anonano...@google.com> wrote in message
>
> news:Xns9939148353E9Canonanonan123mailcom@193.252. 117.183...
>
> >I have internet access using a Netgear DG834 Modem-Router with two
> > desktops connected.
> > I have 'File and printer sharing' enabled using the TCP/IP protocol.
> > But I once read that one should un-bind services such as 'File and
> > printer sharing' from TCP/IP as it can be a security risk...
>
> If you want to network the machines in a LAN situation, you need TCP.
Not really. For Windows boxes, there's IPX/SPX, which an IP router
will
not route. There's also, possibly, NETBEUI, which is NOT routable. So
any such machines on the same physical and logical subnet can "talk."
> > So my question would be, Is this safe? I would assume that being
> > behind the Netgear DG834 router, using NAT would be safe.
>
> Normally your network is safe behind a NAT router. It would be true if it
> was an all wire router.
Safe from _some_ stuff from the WAN port, that is. It's all relative,
and it
changes. For protection from wireless intruders, WAP and serious key,
period.
A good, readily configurable, 2-way "personal" firewall, like the
Comodo freebie
is a good option, so long as users don't permit questionable traffic
on notice
of attempt by process to access Internet. (User provides OJT for
firewall.)
Depending on the server OS version and filesystem (FAT32, NTFS) you
can
and should use password-protected access to shares and subtrees
within.
Else, expect bad things.
> Wireless is attackable where someone can join your wireless network and be
> all over the top of your machines wire or wireless.
>
> You should try to harden the O/S to attack on the machines as much as
> possible.
>
> http://labmice.techtarget.com/articl...ychecklist.htm
Re: Using TCP/IP for File sharing behind Netgear Router-Modem?
<barry@sme-online.com> wrote in message
news:1179931985.909883.59740@m36g2000hse.googlegro ups.com...
> On May 22, 11:26 pm, "Mr. Arnold" <MR. Arn...@Arnold.com> wrote:
>> "ZX" <anonano...@google.com> wrote in message
>>
>> news:Xns9939148353E9Canonanonan123mailcom@193.252. 117.183...
>>
>> >I have internet access using a Netgear DG834 Modem-Router with two
>> > desktops connected.
>> > I have 'File and printer sharing' enabled using the TCP/IP protocol.
>> > But I once read that one should un-bind services such as 'File and
>> > printer sharing' from TCP/IP as it can be a security risk...
>>
>> If you want to network the machines in a LAN situation, you need TCP.
>
> Not really. For Windows boxes, there's IPX/SPX, which an IP router
> will
> not route.
I have used MS NWlink IPX/SPX Netbios when wireless became a problem with
networking, but I prefer TCP. So, your right, but most don't know about it.
> There's also, possibly, NETBEUI, which is NOT routable. So
> any such machines on the same physical and logical subnet can "talk."
You're right there as well, but it became a problem on the wireless, because
it's not a routable protocol, well it was a problem for the old Linksys
11S4(s).
>
>
>> > So my question would be, Is this safe? I would assume that being
>> > behind the Netgear DG834 router, using NAT would be safe.
>>
>> Normally your network is safe behind a NAT router. It would be true if it
>> was an all wire router.
>
> Safe from _some_ stuff from the WAN port, that is. It's all relative,
> and it
> changes. For protection from wireless intruders, WAP and serious key,
> period.
But someone with any expertise that wanted to come after WAP and crack it,
then they can do it I hear. But I don't think they would be after with a
home user's network.
>
> A good, readily configurable, 2-way "personal" firewall, like the
> Comodo freebie
> is a good option, so long as users don't permit questionable traffic
> on notice
> of attempt by process to access Internet. (User provides OJT for
> firewall.)
>
> Depending on the server OS version and filesystem (FAT32, NTFS) you
> can
> and should use password-protected access to shares and subtrees
> within.
>
> Else, expect bad things.
>
>> Wireless is attackable where someone can join your wireless network and
>> be
>> all over the top of your machines wire or wireless.
>>
>> You should try to harden the O/S to attack on the machines as much as
>> possible.
>>
>> http://labmice.techtarget.com/articl...ychecklist.htm
>
> HTH,
> J
>
>> There's also, possibly, NETBEUI, which is NOT routable. So
>> any such machines on the same physical and logical subnet can "talk."
>
>You're right there as well, but it became a problem on the wireless, because
>it's not a routable protocol, well it was a problem for the old Linksys
>11S4(s).
Ummmm... you're both correct, but I don't think anyone else would
understand the issue. Maybe I can explain.
802.11 wireless is bridging, not routing. That means that an access
point could care less what networking protocol is being used as long
as it's built on top of using Layer 2 MAC addresses. More crudely,
anything with a MAC address can be bridged through a common wireless
access point.
Build on top of Layer 2 bridging is Layer 3 routeing. Most cheap
wireless routers will only route IP. There are many other protocols
that can slither their way through a bridge, but only IP will go
through the typical wireless bridge. Features such as firewalls and
NAT are totally dependent on IP and will not work with an IP only
bridge.
If you setup just an access point, it will have no problem running
NETBEUI, IPX/SPX, DECNET, AppleTalk, DLC, ad nausium. The only thing
an access point has to do with TCP/IP is that it's used for
administration and setup.
Now it gets messy. Windoze networking was at one time totally NETBIOS
based. NETBIOS would work over any supported protocol (TCP/IP,
NETBEUI, IPX/SPX) for Windoze 95, 98, and ME. However, in Windoze
2000 and XP, NETBIOS was removed and replaced with SMB direct.
However, MS did a lousy job of removing NETBIOS, so I leave it
enabled:
<http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Network/NETBIOSLeaveOnorTurnOff.html>
I've also run into networking weirdness that could only be fixed by
enabling NETBIOS over TCP (NBT).
The Linksys BEFW11S4 is a wireless IP router and will not work with
NETBEUI or NWLink (IPX/SPX). It's IP only.
Re: Using TCP/IP for File sharing behind Netgear Router-Modem?
>
> The Linksys BEFW11S4 is a wireless IP router and will not work with
> NETBEUI or NWLink (IPX/SPX). It's IP only.
I don't know about now with the newer 11S4's, because my 11S4 was of the
2001 vintage
But MS NWLink IPX/SPX was the what I used to get Win 2K machines one wired
the other one wireless to network with each other. That was after NETBEUI
was removed, because with NETBEUI there when installing MS NWlink IPX/SPX,
things hosed the TCP Stack and the Stack had to be reset.
>>
>> The Linksys BEFW11S4 is a wireless IP router and will not work with
>> NETBEUI or NWLink (IPX/SPX). It's IP only.
>
>I don't know about now with the newer 11S4's, because my 11S4 was of the
>2001 vintage
Yours was probably a BEFW11S4 v2. Mine are BEFW11S4 v4 (I now have 3
of them and awaiting a 4th for a firmware test).
>But MS NWLink IPX/SPX was the what I used to get Win 2K machines one wired
>the other one wireless to network with each other. That was after NETBEUI
>was removed, because with NETBEUI there when installing MS NWlink IPX/SPX,
>things hosed the TCP Stack and the Stack had to be reset.
Yeah, that happens. As I recall (not sure), W2K only allows 3
transport protocols. It's possible to add a 4th but I read that
things sometimes break. However, with 3 protocols, it should have
worked. I don't think it was NETBEUI that broke. I've used it many
times when I have to connect from DOS workstations (mostly cash
registers).
NWLink is another story. I think the XP version is busted. Instead,
I download the Novell Client, which has the added bonus of adding
IPX/SPX support to Windoze XP Home, which MS removed.
<http://www.novell.com/products/clients/>
Configuring the Novell Client is another horror stories as there are a
huge number of options and settings. It still have some ancient
servers running Novell 3.11 which requires considerable tweaking to
get the client to connect.
IPX/SPX works just fine as long as you're on the LAN side of the
wireless router. That's probably what you were doing. If all the LAN
side boxes supported IPX/SPX, you wouldn't need TCP/IP for anything
besides access to the internet. Actually, you could get away with no
TCP/IP on the clients if you use a gateway machine that converts
IPX/SPX to TCP/IP.
Re: Using TCP/IP for File sharing behind Netgear Router-Modem?
On 22 May 2007 23:59:16 GMT, in alt.internet.wireless , ZX
<anonanonan@google.com> wrote:
>I have internet access using a Netgear DG834 Modem-Router with two
>desktops connected.
>I have 'File and printer sharing' enabled using the TCP/IP protocol.
>But I once read that one should un-bind services such as 'File and
>printer sharing' from TCP/IP as it can be a security risk...
you've heard misinformation. Its perfectly safe and indeed perfectly
normal.
>So my question would be, Is this safe?
Yes. Just don't open the netbios ports on your router (135-139 and
445)
--
Mark McIntyre
Re: Using TCP/IP for File sharing behind Netgear Router-Modem?
Mark McIntyre <markmcintyre@spamcop.net> wrote in
news:n4k9531bv82mbd3vv0q6vi8666i6t78ral@4ax.com:
> On 22 May 2007 23:59:16 GMT, in alt.internet.wireless , ZX
> <anonanonan@google.com> wrote:
>
>>I have internet access using a Netgear DG834 Modem-Router with
>>two desktops connected.
>>I have 'File and printer sharing' enabled using the TCP/IP
>>protocol. But I once read that one should un-bind services
>>such as 'File and printer sharing' from TCP/IP as it can be a
>>security risk...
>
> you've heard misinformation. Its perfectly safe and indeed
> perfectly normal.
>
>>So my question would be, Is this safe?
>
> Yes. Just don't open the netbios ports on your router (135-139
> and 445)
Thanks, that's what I wanted to hear...
Anyway it's for a retired couple - friends of mine - I gave them my
old win98 machine and they also bought a new Vista machine and I
wired them using the netgear router ( wi-fi not used)
Nobody is going to try anything serious, as it's just a home network
with no interest for anyone else...
Re: Using TCP/IP for File sharing behind Netgear Router-Modem?
"ZX" <anonanonan@google.com> wrote in message
news:Xns993A19895E13anonanonan123mailcom@193.252.1 17.183...
> Mark McIntyre <markmcintyre@spamcop.net> wrote in
> news:n4k9531bv82mbd3vv0q6vi8666i6t78ral@4ax.com:
>
>> On 22 May 2007 23:59:16 GMT, in alt.internet.wireless , ZX
>> <anonanonan@google.com> wrote:
>>
>>>I have internet access using a Netgear DG834 Modem-Router with
>>>two desktops connected.
>>>I have 'File and printer sharing' enabled using the TCP/IP
>>>protocol. But I once read that one should un-bind services
>>>such as 'File and printer sharing' from TCP/IP as it can be a
>>>security risk...
>>
>> you've heard misinformation. Its perfectly safe and indeed
>> perfectly normal.
>>
>>>So my question would be, Is this safe?
>>
>> Yes. Just don't open the netbios ports on your router (135-139
>> and 445)
>
> Thanks, that's what I wanted to hear...
> Anyway it's for a retired couple - friends of mine - I gave them my
> old win98 machine and they also bought a new Vista machine and I
> wired them using the netgear router ( wi-fi not used)
> Nobody is going to try anything serious, as it's just a home network
> with no interest for anyone else...
Really? It sounds to me they are the ones that will click on everything
under the Sun that can lead to a compromise on the computer. Just don't have
them doing their stock portfolio, retirement plan or banking over the
Internet, because they could have them all wiped out. :)
>Really? It sounds to me they are the ones that will click on everything
>under the Sun that can lead to a compromise on the computer.
Yep. The clueless are everywhere:
Hundreds Click on 'Click Here to Get Infected' Ad
<http://www.eweek.com/article2/0,1895,2132447,00.asp>
The real problem is that many users (if not most users) do not seem to
understand that even if they have a firewall, encryption, web filter,
anti-virus, anti-spyware, and anti-trojan horse band-aids installed,
they all run on the assumption that the user has a clue what they are
doing. If the user clicks on something stupid, there's always a
chance that the band-aids will save the users posterior. However,
that's about it. It's only a chance.
Maybe the next release should be called
"Microsoft XP Training Wheel Edition".
>> Maybe the next release should be called
>> "Microsoft XP Training Wheel Edition".
>Well, they need that on Vista, because with Vista, the home user thinks he
>or she is relative safe. :)
Perception is everything. The same problem happens on the Mac. It's
all part of marketing and social engineering. Incidentally, speaking
of social engineering, I'm reading "The Art of Deception" by Kevin
Mitnick and William L. Simon. It's very much a text book on the art
of fooling computer users. The best time to do social engineering is
when the victim thinks they are safe.
>I had one person in the MS.PublicVista NG ask me this.
>
>Is not Vista with all its new security features suppose to prevent malware
>attacks?
>
>Of course, I gave my favorite return reply. Nothing can protect *you* from
>*you*. <g>
It's an interesting distinction based on some very bad design by
Microsoft. In Unix systems, from the very beginning, the idea behind
user accounts and passwords was something like "trash your own stuff
but stay out of everyone else's stuff". Mostly, user accounts were to
keep users from destroying the entire system. It worked fairly well
unless the user elevated their account privileges. Finally, Microsoft
discovers in Vista what Unix admins have known for over 20 years, that
users should NOT be running as root when doing ordinary mundane tasks.
One small step for Vista. One feeble step for securing the user,
instead of securing the system. Now, if "run as Administrator" worked
and didn't break some installs, it might be a giant step. Of course,
the "Run as Admin" feature has to be used so often, that like Chicken
Little and "the sky is falling", it will become habit, thus destroying
its value as a security feature. The right way to have done this
would be, when running as Admin, to have the desktop background turn
bright red, huge warning signs appear all over the desktop, the sound
system blare "Warning.... You are about to...", and display a very
intimidating looking "Are you sure?" box for just about everything
deemed dangerous. However, that would diminish the user experience
somewhat, might imply that the system isn't perfectly safe, and
probably would panic the average user.
MS should do what Apple did. Dump their home grown operating system
and buy into a Unix OS base. Build their GUI and applications on a
secure base. Cease doing their support, embrace, extend butchery to
established standards. Probably not in my lifetime.
Using TCP/IP for File sharing behind Netgear Router-Modem? 
Linear Mode
