RE: upgrade from 98 to XP

Subject: RE: upgrade from 98 to XP
From: "Steve Hudson" <cruddy -at- optushome -dot- com -dot- au>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Thu, 7 Feb 2002 10:50:28 +1100

> Would you like your harddrive formatted or just some random files deleted?

When I used to white-hat I would just put a simple notify message that
appeared after loadup and include a new test file in every sensitive
directory to prove I had been there. Mobs like the ABC were sceptical until
we used their internal email system to send them the notifies :-) Mind you,
back then it was a simple case of password hacking, look up the employees
list, formulate the logons and test every one with a 'sure-fire' password.
Beeing journo's most of them were accounted for with three words: pencil,
writing and article :-)

So there's no need to be nasty and trash like a 10 yr old hacker in bhis
first telco backend node :-) But I am still interested, I have used every
web check I can find to probe it and it appears locked.

Now the sub-human network or whatever it is :-) So, if I am using my machine
as a router, don't I have to use two separate sub-nets so that my computer
correctly identifies and addresses packets destined to the outside world
from my second machine(s)? As well as masking my internal network from them?
This bit just made me more confused.

Finally, the port thingo. So are you saying that potential 'commands' could
be issued through my open ports and a service listening on this end will
execute them without authentication? I thought this 'will react to' command
set is fairly limited. BTW: What is the proper term for these commands?
Network Control packets or something?

Now, my network tech who knows Win XP inside and out (MSCE + his accomplice
is the man they modeled Neo on and based Morpheus' ship on his house, no
kidding), managed to spare me a few sludgey morning thoughts on this, and
will elaborate in detail later. I am quite happy to pass questions through
to him, he owes me a few flavours by now :-)

WinXp does have a 'fake NAT'. It can use spoofing through the Personal
Firewall (which I am NOT using) and
it does do address translation (dynamic routing), but none of the other bits
in the full package like port mappings.

I have repackaged the group concerns as a series of targetted questions
aimed specifically at XP, let alone with Trinder (Neo) doing the White Hat
role we should get some definitive answers from the real end of the stick.

I've worked with the these guys for years... they are the tech part of The
Digital Foundry Australia, or tdfa.com...

What is the difference between what WinXP does and full NAT?
What extra functionality does personal firewall (PF) enable?
How does one enable PF? Is there much configuring to do?
If you are on cable ISP, does the PF really give you any benefits?
Why else aren't I running it?
Which of my 'have to be open' ports will accept external network commands
and how does XP limit this?
XP defaults to all ports closed unless open specifically.. True or False?
If I hand out my IP to a white-hat, other than remote connection, what else
can they do to get into MY system (not ANY system, my implementation
specifically)?
Can XP natively block outbound, unauthorised traffic?
Does ZoneAlarm or any other firewall package have significant benefits for
the SOHO XP user? What are the key features they add that XP lacks, how
important are these features and how realistic is it that these features
will ever do anything active?
How much of an issue is the remote connectivity? Can it be disabled and
enabled on demand, if so how?

Have I missed anything?

Steve Hudson, Word Heretic
HDK List MVP
Word help and tools: heretic -at- tdfa -dot- com


-----Original Message-----
From: Andrew Plato

Sort of. The whole idea behind subnets is to break down large networks
into smaller peices. Routers then use the subnet mask to determine if an
address is "local" to the subnet or "remote" to another subnet. If the
address is local, then your PC would send the packets directly to the
host. If it is remote then your PC sends the packets to the default
gateway (router) for routing.

A router also can perform NAT (network address translation). Behind the
router is one group of IP addresses. On the other side is another set
(such as the entire Internet). As packets are recieved by the router from
one network, it "repackages them" and sends them to the other network. In
a sense, it "translates" addresses such that the outside world can't see
in, and internal clients are not directly exposed to the Internet.

...

The WinXP firewall is extremely pathetic. Its just a port/IP blocker. You
still have to leave ports open to do things like share files, surf the web
etc. The real problem is not just merely blocking ports (that's easy), its
who is coming into the machine and what are they doing....for that you
need an IDS, like BlackICE.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Collect Royalties, Not Rejection Letters! Tell us your rejection story when you
submit your manuscript to iUniverse Nov. 6 -Dec. 15 and get five free copies of
your book. What are you waiting for? http://www.iuniverse.com/media/techwr

Have you looked at the new content on TECHWR-L lately?
See http://www.raycomm.com/techwhirl/ and check it out.

---
You are currently subscribed to techwr-l as: archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.


References:
Re: upgrade from 98 to XP: From: Andrew Plato

Previous by Author: RE: Terminology
Next by Author: RE: at a loss for words?
Previous by Thread: Re: upgrade from 98 to XP
Next by Thread: FW: upgrade from 98 to XP


What this post helpful? Share it with friends and colleagues:

Sponsored Ads


Sponsored Ads