Firewall Wizards mailing list archives
RE: Network Traffic Violations
From: Ted Doty <ted () iss net>
Date: Fri, 11 Sep 1998 18:04:49 -0400
At 12:01 PM 9/11/98 -0500, Rick Smith wrote: [snip]
So, if Windows sharing uses LAN broadcast, then the LAN broadcast won't be relayed unless the cable modem is really bone headed (not impossible, of course). Since the local workstation can not find out its address on the Internet, it can't fashion packets to automatically talk to other cable modems in its "neighborhood" without some sort of broadcast. So, does anyone remember how the reported problem worked? How does this situation compare to it?
I'm afraid I can't remember the details, either, however: 1. I wouldn't count on the cable companies to implement any security mechanisms correctly. A rather dated document at catv.org described Media One's "solution" - filter out the computer name, but not block access to the share. The report concluded: "Obviously, MediaOne officials have not spent enough quality time discussing this problem. Not only should cable operators forbid the use of file-sharing, but explore ways to permanently disable the option from Windows95 during cable modem installations. The issue with file-sharing is dangerous to the provider [liability], the subscriber and the industry." [6/9/97, www.catv.org/bbb-report/1997/arch-607.html] Sounds like they're just blocking NetBios Name Table queries with router access lists. If they bothered to turn it on. 2. If you have IP services enabled (duh - it's an ISP connection) then someone could connect to port 139. You would have to do more than just double click on Network Neighborhood, but not much: ping (your subnet - get the address from your DHCP) C:\> NET VIEW \\(IP address you found) I haven't checked this out personally, tho. Anyone have a cable modem at home? - Ted ----------------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 678 443-6000 6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax: +1 678 443-6479 Atlanta, GA 30328 USA | Web: http://www.iss.net ----------------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
Current thread:
- Re: Network Traffic Violations, (continued)
- Re: Network Traffic Violations Colin Campbell (Sep 06)
- Re: Network Traffic Violations Ken Hardy (Sep 06)
- Message not available
- Re: Network Traffic Violations Marcus J. Ranum (Sep 07)
- Message not available
- Re: Network Traffic Violations Rick Smith (Sep 09)
- Re: Network Traffic Violations Antonomasia (Sep 06)
- Re[2]: Network Traffic Violations Mike Baxter (Sep 07)
- Re: Network Traffic Violations Bill_Royds (Sep 10)
- RE: Network Traffic Violations jrtietsort (Sep 10)
- RE: Network Traffic Violations Ted Doty (Sep 11)
- RE: Network Traffic Violations Rick Smith (Sep 11)
- RE: Network Traffic Violations Ted Doty (Sep 13)
- RE: Network Traffic Violations Rick Smith (Sep 13)
- RE: Network Traffic Violations David Lang (Sep 14)
- RE: Network Traffic Violations Dominique Brezinski (Sep 15)
- RE: Network Traffic Violations Rick Smith (Sep 11)
- RE: Network Traffic Violations Woody Weaver (Sep 13)
- RE: Network Traffic Violations Paul D. Robertson (Sep 14)