Re: Incoming port accesses from China
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Thu, 12 Jan 2006 14:08:58 -0600
On Wed, 11 Jan 2006, in the Usenet newsgroup comp.security.firewalls, in article
<reCdnQHC17bE2ljeRVn-pg@xxxxxxxxxxxx>, Jeff B wrote:
>Windows users need to be paranoid on the use of 135-139,445 from the
>web. These ports are used heavily in a LAN environment for File/Print
>sharing amongst other things.
That may be, but WHY if you decide to share (or more correctly, if microsoft
decides you want to share) files or the printer, WHY OH WHY does anyone
think you want to share with the world? Do you really think that someone
half way around the world is going to need to use your printer? Do you
REALLY want to share your personal details, or that recipe for those
Neiman-Marcus cookies you paid US$250 for (www.bl.net/forwards/cookie.html)?
Get real!
Microsoft intentionally tries to scare people away from looking at
technical stuff, but the 'route print' command will show that windoze is
aware of three classes of computer, based on the IP address. It knows
about the loopback (meaning "this" computer), and the address range used
on the "local" LAN. It also knows about "everyone else". It doesn't have
to share BY DEFAULT with all three classes.
Is that to hard? OK, the mechanism they've added for Link Local (also
called ZeroConf - the 169.254.0.0 network the system defaults to when
it can't find a DHCP server because who ever set up the network screwed
up) has the TCP limitation of "time to live" set - packets using that
address are set to a TTL of "1" - meaning local network only.
Is your LAN so big that you have more than one sub-net? The 10.0.0.0
network with a 255.0.0.0 mask allows for 4.2 million computers on the
same wire, but only an idiot would have as many as a thousand. If you
have that many, you also have enough to engage the services of someone
who can spell 'TCP'. Even a drooler who has spent a thousand bucks to
memorize a few facts to pass the memory "test" to become an MCSE has
some idea of how it's done.
>The default freebe firewall and/or SP2 will automatically close these
>ports, but if you need sharing, then be sure to enable them ONLY on your
>private, non-routable lan addresses.
Why is that not the default configuration? If you don't HAVE a local
LAN, trying to share with a non-existent net won't matter. On the other
hand, the choice of "share with no-one" or "share with everyone" is about
as dumb as you can get. I don't know about you, but I don't know of anyone
who really needs to share their printer with the world, and the number of
those who need to share files with the world is quite limited.
>There are many trojans that use these ports to really mess with your life.
Isn't it interesting that other operating systems have had file and print
sharing as far back as the late 1970s and don't have this problem?
Old guy
.
- Follow-Ups:
- Re: Incoming port accesses from China
- From: Walter Roberson
- Re: Incoming port accesses from China
- References:
- Incoming port accesses from China
- From: Pils Barry
- Re: Incoming port accesses from China
- From: Frankster
- Re: Incoming port accesses from China
- From: Moe Trin
- Re: Incoming port accesses from China
- From: Pils Barry
- Re: Incoming port accesses from China
- From: Moe Trin
- Re: Incoming port accesses from China
- From: Pils Barry
- Re: Incoming port accesses from China
- From: Moe Trin
- Re: Incoming port accesses from China
- From: Jeff B
- Incoming port accesses from China
- Prev by Date: Re: host availability
- Next by Date: Re: Is There A Free Program That Logs Internet Transactions?
- Previous by thread: Re: Incoming port accesses from China
- Next by thread: Re: Incoming port accesses from China
- Index(es):
Relevant Pages
|
