I connect to the internet via a Netgear wifi modem/router. My own PC (Win98SE) is connected to this by wire, my wife's laptop(WinXPSP2) is connected by wifi. This works OK - both machines can access the internet fine. But,I would like to be able to send files from the PC to the laptop.
How do I congifure things to enable files to be sent from the PC to the laptop without have the laptop or PC vulnerable on the internet?
snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in news:1hin1zs.1fjyqge1shwvywN% snipped-for-privacy@hotmail.com:
Yes, the router has NAT - I have set 192.168.0.2 and 192.168.0.3 as IP for my PC and the laptop.
If I now enable 'file and printer sharing' on both machines, will this be safe regarding unwanted access via the internet? Is it possible/necessary to limit access to just the two machines?
On Thu, 20 Jul 2006 14:14:56 +0200, snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in :
There are ways to get through NAT (PAT) from the outside (and before you ask, I'm not going to detail that here). Marketing claims notwithstanding, NAT alone is not as effective as a real SPI firewall.
You answered "no" to being "safe regarding unwanted access via the internet" when file and printer sharing are enabled. Now you vaguely refer to something you call "ways to get through NAT". And then you try to duck out by pretending that you could somehow be able "to detail that here".
Are you not really a wannabee, Mr Navas?
formatting link
Again, the difference between network address translation and statefull packet inspection has nothing to do with the question you answered "no" to.
snipped-for-privacy@hotmail.com (Axel Hammerschmidt) wrote in news:1hisn7b.zy2oit14k1juqN% snipped-for-privacy@hotmail.com:
The router I'm using (Netgear DG834G) uses SPI according to the spec.
As there's no reason anyone would want to target my PC, am I safe from a random or casual attack, as regards having 'file and printer sharing' enabled?
And, just out of interest, is it really possible for someone to get past NAT and access to files?
Good. Properly implemented, it *should* be considerably more robust than NAT alone. (To have real confidence in the firewall, you need independent certification; e.g., by ICSA Labs.)
Just because you don't think anyone is after you personally, a big problem is the opportunity to make serious dirty money from zombie networks. There are lots of such nasty folk out there -- my firewall (an ICSA-certified SonicWALL) has typically logged multiple attacks per day, and while many of them are just probes for security vulnerabilities, some of them are pretty sophisticated. And of course I have no way of knowing what might not have been logged.
Here's what Cisco says (in "Anatomy: A Look Inside Network Address Translators", September 2004):
Learning from NATs At this stage we can observe a few relevant lessons about NATs: ... Secondly, a little bit of security is often far worse than no security. NATs are very poor security devices, and in terms of their ---------------------------------------------------------- behavior with UDP, NATs afford only minor levels of protection. The --------------------------------------------------------------- task of securing a site from various forms of attack and disruption remains one of a careful exercise of assessment of acceptable risk coupled with detailed consideration of site-management functions. NATs are not a quick way out of this effort.
For more context, see Section 9.0 (Security Considerations) of RFC 2663 (NAT Terminology and Considerations), a 7-year old document (ancient in Internet terms). See also tcptraceroute, which can traverse NAT.
I could go on, but as I said before, I'm not going to go into real detail here. Take that however you wish.
The three laws of prediction:
When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.
The only way of discovering the limits of the possible is to venture a little way past them into the impossible.
Any sufficiently advanced technology is indistinguishable from magic.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.