Hi Ekhart, Saturday, January 17, 2004, 11:19:30 AM, you wrote: EGlnl> I'm sure you're right, i don't have much experience. I was just really EGlnl> annoyed at the need to do an incredible amount of research to learn how EGlnl> to connect an XP to an existing 98+95 home network and at the need to EGlnl> install a protocol missing on a brand new M$ computer because the EGlnl> default protocol is dangerous for a home network. If you're using an XP system as an internet router, that's usually easy; jus use the networking wizard, and it creates a floppy for you to use on the other computers. EGlnl> If the default protocol, TCP/IP, is not safe for home networking, EGlnl> NetBEUI should be on every new laptop, not just the pro version. The EGlnl> very least would be to provide it on the Web. It didn't occur to me before, but I don't think there's a problem unless the computers in the network have public IP addresses. If you're using a NAT router, the router acts as a firewall, so that incoming packets must be a direct response to an outgoing packet, otherwise the router doesn't know which computer on the network to send the packet to. I think the only time you'd have a problem is when you have one computer acting as a bridge (which merges networks, basically like a hub/switch), and even then, unless the other computers on the network are using public addresses, the exposure is limited. ******************** How a NAT router handles outgoing packets: Lets assume that a computer with a local network address of 192:168.0.2 sends a packet from port 19253 (the outgoing port is apparently picked more or less at random) to http://www.google.com. http://www.google.com turns out to have a public IP address of 216.239.37.99, and the HTTP protocol uses port 80 by default. Let's also assume that the NAT router has a public IP of 1.2.3.4. The NAT router would receive a packet from the computer with this info: Origin: 192:168.0.2:19253 Destination: 216.239.37.99:80 Since 192.168.0.3 is a local address, and the destination system must have a way to respond using a public IP address, the NAT router picks one of its' own ports that isn't in use (let's say 23456), and modifies the packet header accordingly. The packet header now looks like this: Origin: 1.2.3.4:23456 Destination: 216.239.37.99:80 The router also remembers what it did: 192.168.0.2:19253 <--> 1.2.3.4:23456 for 216.239.37.99:80 Now that the header has been "corrected", the packet is sent on its' way on the public network. When the reply comes back, the router sees where it's from, and what port it's aimed at, and looks it up in the table. If the reply is from 216.239.37.99:80, and is aimed at 23456, the router does the translation, and puts the reply packet onto the local network. If the router cannot find a match in its' table, the packet is simply discarded. Most routers can be set to pass-through certain ports, so that you can have a web server visible to the outside. This would look like this in the router's table: 192.168.0.2:80 <--> 1.2.3.4:80 for *.*.*.*:* This means that messages from anywhere to port 80 are sent through, with only the IP address being translated. As you can see, only those from/to combinations that are in the table can get through the router from the outside. How does this apply to file sharing? Well, if you're on the outside (public), you can't simply connect to a system on the inside (local); the connection must be initiated from the inside, unless an entry has been added to the router's table to allow that. Do the systems on the inside send anything? Yes, there's a broadcast message that a file server sends to 192.168.0.0 when it starts up; this means that all systems on the local network receive the message (yes, computers watch *.*.*.0, in addition to their own IP address). Since 192.168.0.0 is a local address, the router simply discards it; the router only pays attention to addresses on the local network that are aimed directly at it or which have a public destination. If you really wish to share files with the outside world, you need to tell the router about it. ******************** EGlnl> I've got firewall software on all my computers, but i thought that an EGlnl> attack from outside could be made to look like it was coming from one of EGlnl> the other computers and make the firewall think it was just file sharing. Spoofing (faking the origin IP address) can be used to overload a system, but it won't (shouldn't) get through a firewall except by coincidence. >> A router converts from one network to another, so that, for example, a local >> (home) network with multiple IP addresses can connect to the outside >> world via a single IP address (which acts as an inbound firewall; many >> firewalls work in exactly this way). EGlnl> I finally found out that my computers get three different IP addresses. EGlnl> Does that mean the LAN is connected to the outside world with these or EGlnl> does my combination modem/router hide them behind another one? I'm sure EGlnl> you know an easy way to find out if there's only one address visible EGlnl> from outside. What three addresses? There should only be one visible to the outside, and on the inside, there should be one per network adapter (so if you have a computer acting as a router, it would have one IP address for each of the 2 network cards), plus the "localhost" (self) IP, which is 192.0.0.1 (on Macs, this is supposedly 0.0.0.0). --Scott. Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig> Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi List archives at //www.freelists.org/archives/pchelpers PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig Good advice is like good paint- it only works if applied.