Firewall Wizards mailing list archives

RE: Network Traffic Violations

From: Ted Doty <ted () iss net>
Date: Fri, 11 Sep 1998 18:04:49 -0400

At 12:01 PM 9/11/98 -0500, Rick Smith wrote:

[snip]

So, if Windows sharing uses LAN broadcast, then the LAN broadcast won't be
relayed unless the cable modem is really bone headed (not impossible, of
course). Since the local workstation can not find out its address on the
Internet, it can't fashion packets to automatically talk to other cable
modems in its "neighborhood" without some sort of broadcast.

So, does anyone remember how the reported problem worked? How does this
situation compare to it?


I'm afraid I can't remember the details, either, however:

1. I wouldn't count on the cable companies to implement any security
mechanisms correctly.  A rather dated document at catv.org described Media
One's "solution" - filter out the computer name, but not block access to
the share.  The report concluded:

        "Obviously, MediaOne officials have not spent enough quality time
         discussing this problem. Not only should cable operators forbid
         the use of file-sharing, but explore ways to permanently disable
         the option from Windows95 during cable modem installations. The
         issue with file-sharing is dangerous to the provider [liability],
         the subscriber and the industry."

        [6/9/97, www.catv.org/bbb-report/1997/arch-607.html]

Sounds like they're just blocking NetBios Name Table queries with router
access lists. If they bothered to turn it on.

2. If you have IP services enabled (duh - it's an ISP connection) then
someone could connect to port 139.  You would have to do more than just
double click on Network Neighborhood, but not much:

        ping (your subnet - get the address from your DHCP)
        C:\> NET VIEW \\(IP address you found)

I haven't checked this out personally, tho.  Anyone have a cable modem at home?

- Ted

-----------------------------------------------------------------------
Ted Doty, Internet Security Systems          | Phone: +1 678 443-6000
6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax:   +1 678 443-6479
Atlanta, GA 30328  USA                       | Web: http://www.iss.net
-----------------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689  FD0F E625 D525 E1BE

Current thread:

Re: Network Traffic Violations, (continued)
- Re: Network Traffic Violations Colin Campbell (Sep 06)
- Re: Network Traffic Violations Ken Hardy (Sep 06)
- Message not available
  - Re: Network Traffic Violations Marcus J. Ranum (Sep 07)
- Message not available
  - Re: Network Traffic Violations Rick Smith (Sep 09)
- Re: Network Traffic Violations Antonomasia (Sep 06)
- Re[2]: Network Traffic Violations Mike Baxter (Sep 07)
- Re: Network Traffic Violations Bill_Royds (Sep 10)
- RE: Network Traffic Violations jrtietsort (Sep 10)
- RE: Network Traffic Violations Ted Doty (Sep 11)
  - RE: Network Traffic Violations Rick Smith (Sep 11)
    - RE: Network Traffic Violations Ted Doty (Sep 13)
    - RE: Network Traffic Violations Rick Smith (Sep 13)
    - RE: Network Traffic Violations David Lang (Sep 14)
    - RE: Network Traffic Violations Dominique Brezinski (Sep 15)
- RE: Network Traffic Violations Matthew Gast (Sep 11)
  - RE: Network Traffic Violations Woody Weaver (Sep 13)
    - RE: Network Traffic Violations Paul D. Robertson (Sep 14)