Re: just simple facts

From: V4 (dontmailme@overyonderblueyonder.co.uk)
Date: 05/06/02


From: "V4" <dontmailme@overyonderblueyonder.co.uk>
Date: Mon, 06 May 2002 21:11:12 GMT


"x y" <jamescagney90210@excite.com> wrote in message
news:uBd50RT9BHA.2512@tkmsftngp05...
> "V4" <dontmailme@overyonderblueyonder.co.uk> wrote in message
> news:_IxB8.23587$uj4.165665931@news-text.cableinet.net...
> >
> > I'm getting arguments that Client for MS Nets isn't dangerous, it needs
to
> > be coupled with Sharing and exposed ports, but my argument is this is
>
> It's true that if you have a firewall that is blocking Netbios ports, it's
> probably OK to enable client for MS networks. I'm not sure about the
> details as far as whether Client for MS networks is vulnerable without FP
> sharing enabled.

I've tested this and the firewall does block the netbios ports ok. Is there
any other way to communicate with a pc other than ports? i.e. are all ISP
users on the same subnet and can UNC names be used? Netbios is exposed
without F&P sharing but not sure how vulnerable this is on it's own.

> > afforded a great deal of protection. Is it not possible to use TCP/IP
> > filtering instead of a firewall or are there other implications where
> > dynamic ports are used?
>
> The port filtering in Sygate is just [to me] a nice feature in addition to
> the other features. Just a different way to be able to specify what you
do
> and don't want to cross your network. Sygate does not appear to support
> ICS/NAT, at least not the free version. If you're talking about using
> Windows 2000 port filtering, the lack of intrusion detection and logging
> when a packet is blocked is I think a big problem. The log is the first
> thing you want to check when your internet based app isnt' working is the
> log to see if something was blocked.

It's only ZAP that provides ICS/NAT support, the free one doesn't. Hmm,
intrusion detection and logging will be my next hurdles, just knowingly
blocking all known holes is my immediate goal, and with the conflicting
advice chucked in I'm making slow headway.

Thanks for your help on this, x y. I appreciate it.



Relevant Pages

  • Re: Question abut threads
    ... I dont have any particular reason for 8 ports except that I have 8 clients ... TcpClient client = listener.AcceptTcpClient; ... encodings it would be. ... StringBuilder to accumulate the string, ...
    (microsoft.public.dotnet.languages.csharp)
  • RE: Port Forwarding XP Client
    ... 59101 and 6320 from the XP client to the internet. ... First could you tell me what the three ports are in aid of? ... from client to the internet. ... SBS Server on the router. ...
    (microsoft.public.windows.server.sbs)
  • Re: OT:Tiscali
    ... year.However i know some of these isp's use throttling during peak ... pretty sure I got the best provider. ... Also for your P2P client, its a good idea to manually forward your ... Step by step walkthrough on how to forward your ports for P2P ...
    (uk.sport.football.clubs.celtic)
  • Re: Exchange ports through firewall?
    ... I take there are too many ports to open if we use the full client method? ... in this case if you want to provide clients RPC/MAPI access across a firewall, you can restrict clients and server to a narrower range of ports, or alternatively open a lot more ports on the firewall. ...
    (microsoft.public.exchange.admin)
  • Re: OT:Tiscali
    ... >> year.However i know some of these isp's use throttling during peak ... >> else with tiscali having the same problem?Also found that you cant ... > Also for your P2P client, its a good idea to manually forward your ... > Step by step walkthrough on how to forward your ports for P2P ...
    (uk.sport.football.clubs.celtic)