[pchelpers] Re: Networking - Calling on all computer gurus for help
- From: Scott McNay <Wizard@xxxxxxxx>
- To: "Ekhart GEORGI (last name last)" <pchelpers@xxxxxxxxxxxxx>
- Date: Sat, 17 Jan 2004 22:23:20 -0600
Hi Ekhart,
Saturday, January 17, 2004, 11:19:30 AM, you wrote:
EGlnl> I'm sure you're right, i don't have much experience. I was just really
EGlnl> annoyed at the need to do an incredible amount of research to learn how
EGlnl> to connect an XP to an existing 98+95 home network and at the need to
EGlnl> install a protocol missing on a brand new M$ computer because the
EGlnl> default protocol is dangerous for a home network.
If you're using an XP system as an internet router, that's usually
easy; jus use the networking wizard, and it creates a floppy for you to
use on the other computers.
EGlnl> If the default protocol, TCP/IP, is not safe for home networking,
EGlnl> NetBEUI should be on every new laptop, not just the pro version. The
EGlnl> very least would be to provide it on the Web.
It didn't occur to me before, but I don't think there's a problem
unless the computers in the network have public IP addresses. If
you're using a NAT router, the router acts as a firewall, so that
incoming packets must be a direct response to an outgoing packet,
otherwise the router doesn't know which computer on the network to
send the packet to. I think the only time you'd have a problem is when
you have one computer acting as a bridge (which merges networks,
basically like a hub/switch), and even then, unless the other
computers on the network are using public addresses, the exposure is
limited.
********************
How a NAT router handles outgoing packets:
Lets assume that a computer with a local network address of
192:168.0.2 sends a packet from port 19253 (the outgoing port is
apparently picked more or less at random) to http://www.google.com.
http://www.google.com turns out to have a public IP address of
216.239.37.99, and the HTTP protocol uses port 80 by default. Let's
also assume that the NAT router has a public IP of 1.2.3.4. The NAT
router would receive a packet from the computer with this info:
Origin: 192:168.0.2:19253
Destination: 216.239.37.99:80
Since 192.168.0.3 is a local address, and the destination system must
have a way to respond using a public IP address, the NAT router
picks one of its' own ports that isn't in use (let's say 23456), and
modifies the packet header accordingly. The packet header now looks like
this:
Origin: 1.2.3.4:23456
Destination: 216.239.37.99:80
The router also remembers what it did:
192.168.0.2:19253 <--> 1.2.3.4:23456 for 216.239.37.99:80
Now that the header has been "corrected", the packet is sent on its'
way on the public network. When the reply comes back, the router sees
where it's from, and what port it's aimed at, and looks it up in the
table. If the reply is from 216.239.37.99:80, and is aimed at 23456,
the router does the translation, and puts the reply packet onto the
local network. If the router cannot find a match in its' table, the
packet is simply discarded.
Most routers can be set to pass-through certain ports, so that you can
have a web server visible to the outside. This would look like this
in the router's table:
192.168.0.2:80 <--> 1.2.3.4:80 for *.*.*.*:*
This means that messages from anywhere to port 80 are sent through,
with only the IP address being translated. As you can see, only those
from/to combinations that are in the table can get through the router
from the outside.
How does this apply to file sharing? Well, if you're on the outside
(public), you can't simply connect to a system on the inside (local);
the connection must be initiated from the inside, unless an entry has
been added to the router's table to allow that. Do the systems on the
inside send anything? Yes, there's a broadcast message that a file
server sends to 192.168.0.0 when it starts up; this means that all
systems on the local network receive the message (yes, computers watch
*.*.*.0, in addition to their own IP address). Since 192.168.0.0 is a
local address, the router simply discards it; the router only pays
attention to addresses on the local network that are aimed directly at
it or which have a public destination. If you really wish to share
files with the outside world, you need to tell the router about it.
********************
EGlnl> I've got firewall software on all my computers, but i thought that an
EGlnl> attack from outside could be made to look like it was coming from one of
EGlnl> the other computers and make the firewall think it was just file sharing.
Spoofing (faking the origin IP address) can be used to overload a
system, but it won't (shouldn't) get through a firewall except by
coincidence.
>> A router converts from one network to another, so that, for example, a local
>> (home) network with multiple IP addresses can connect to the outside
>> world via a single IP address (which acts as an inbound firewall; many
>> firewalls work in exactly this way).
EGlnl> I finally found out that my computers get three different IP addresses.
EGlnl> Does that mean the LAN is connected to the outside world with these or
EGlnl> does my combination modem/router hide them behind another one? I'm sure
EGlnl> you know an easy way to find out if there's only one address visible
EGlnl> from outside.
What three addresses?
There should only be one visible to the outside, and on the inside,
there should be one per network adapter (so if you have a computer
acting as a router, it would have one IP address for each of the 2
network cards), plus the "localhost" (self) IP, which is 192.0.0.1 (on
Macs, this is supposedly 0.0.0.0).
--Scott.
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi
List archives at //www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.
Other related posts:
