Firewall Wizards mailing list archives
RE: Network Traffic Violations
From: David Lang <dlang () diginsite com>
Date: Mon, 14 Sep 1998 10:05:00 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- I am getting a cable modem in the next few weeks, several of my friends already have them and they report theat there is NO security provided by the cable company. This is fine with me as I plan to setup a 485/25 that I have around as a firewall to protect myself. David Lang On Fri, 11 Sep 1998, Ted Doty wrote:
Date: Fri, 11 Sep 1998 18:04:49 -0400 From: Ted Doty <ted () iss net> To: Rick Smith <rick_smith () securecomputing com> Cc: firewall-wizards () nfr net Subject: RE: Network Traffic Violations At 12:01 PM 9/11/98 -0500, Rick Smith wrote: [snip]So, if Windows sharing uses LAN broadcast, then the LAN broadcast won't be relayed unless the cable modem is really bone headed (not impossible, of course). Since the local workstation can not find out its address on the Internet, it can't fashion packets to automatically talk to other cable modems in its "neighborhood" without some sort of broadcast. So, does anyone remember how the reported problem worked? How does this situation compare to it?I'm afraid I can't remember the details, either, however: 1. I wouldn't count on the cable companies to implement any security mechanisms correctly. A rather dated document at catv.org described Media One's "solution" - filter out the computer name, but not block access to the share. The report concluded: "Obviously, MediaOne officials have not spent enough quality time discussing this problem. Not only should cable operators forbid the use of file-sharing, but explore ways to permanently disable the option from Windows95 during cable modem installations. The issue with file-sharing is dangerous to the provider [liability], the subscriber and the industry." [6/9/97, www.catv.org/bbb-report/1997/arch-607.html] Sounds like they're just blocking NetBios Name Table queries with router access lists. If they bothered to turn it on. 2. If you have IP services enabled (duh - it's an ISP connection) then someone could connect to port 139. You would have to do more than just double click on Network Neighborhood, but not much: ping (your subnet - get the address from your DHCP) C:\> NET VIEW \\(IP address you found) I haven't checked this out personally, tho. Anyone have a cable modem at home? - Ted ----------------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 678 443-6000 6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax: +1 678 443-6479 Atlanta, GA 30328 USA | Web: http://www.iss.net ----------------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
-----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBNf1Mvj7msCGEppcbAQGBUggAn1/nK1lszcpbHAqcc6DjKKT9SRqf5+Qz aELhKNUIPO8dl2CgkBfeWmDhB2FCocIA+dh4qDbpYCXDLGDIiNRnCdRsBiIgx46H 1ReCov5qA8KvXjd8Ywhe+vU4+anTbzpp3Jhu4G86M07e1j9SqSaka7wiwLvJxBg+ R7s2ik/sy6zkRWzJioEeUj3xb/o/+3WEI6ersMdb15BPrRdWhTbCfAOGonEh6gBV z1aO0ccDYjQh2wPapZ3NQV5Y8GzeLfD2jFSoCWvC9dOD8XQHey9ALCBBdWCQpMVv gLc5esdNi8yDaQrwozeFotOHOhAIINcG/io4NDVfAYMLwcWDH/SS7A== =nrMl -----END PGP SIGNATURE-----
Current thread:
- Re: Network Traffic Violations, (continued)
- Message not available
- Re: Network Traffic Violations Marcus J. Ranum (Sep 07)
- Message not available
- Message not available
- Re: Network Traffic Violations Rick Smith (Sep 09)
- RE: Network Traffic Violations Rick Smith (Sep 11)
- RE: Network Traffic Violations Ted Doty (Sep 13)
- RE: Network Traffic Violations Rick Smith (Sep 13)
- RE: Network Traffic Violations David Lang (Sep 14)
- RE: Network Traffic Violations Dominique Brezinski (Sep 15)
- RE: Network Traffic Violations Woody Weaver (Sep 13)
- RE: Network Traffic Violations Paul D. Robertson (Sep 14)