site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Equipment Support > Hardware By Brand > Netgear > Guidelines for Securing your Router

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
AuthorAll Replies


SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA
Host:
Networking
Virtual Private Ne..
Netgear
ZyXEL

reply to head_spaz

Re: Guidelines for Securing your Router

said by deewm:
Very good job SYNACK. Are you a ZyXel employee?
...
Question:
There are a lot of sites suggesting that TCP/IP should NOT be bound (WAN or LAN) for file and print sharing and that NetBEUI should be used on the LAN instead since it is reported to be a non-routable protocol
Thanks ... Nah. I have I fun day job and it's NOT in networking

There is nothing wrong with NetBIOS over TCP/IP (NBT) behind a NAT router. My networks at home and at work are exclusively TCP/IP. I even have pinholes in the firewall and map port 139/TCP so I can access my shares remotely.
(I DO use rules with a very restricted range of allowed source ports, logging of all connections in the firewall, and still strong passwords on all shares. I have never logged anything suspicious, ever).

If you just share within your private LAN, its perfectly safe. You need TCP/IP anyway, why not use it for everything?

A computer should be as "clean&mean" as possible. No unnecessary protocols, not tons of stuff that I never use in the systray. It increases stability to keep everything simple. The computer will start faster, run faster and crash less.

(I agree that running NetBIOS over TCP/IP on a fully exposed computer without router/firewall is risky, just because the entire implementation has security holes, see e.g.:
»www.insecure.org/stf/cifs.txt.
There is no logging whatsoever, and once a connection is established one could try passwords day and night at a high rate until success. There is no delay after a failed attempt and no disconnect after a certain number of unsuccessful tries. WRITE access to the base (C) or windows directory would allow the planting of all kinds of nasty programs that would automatically run next time you reboot.)
MediaONE/RR/AT&T block all NetBIOS ports in the cablemodem, so even people buying multiple IPs and hooking everything to a hub are safe with NBT. (My ISP filters are out so I can share, see above)
[text was edited by author 2001-03-18 18:22:53]
to forum · permalink · 2001-03-17 04:55:17 ·
Forums > Equipment Support > Hardware By Brand > Netgear

Sunday, 03-Jun 10:08:22 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics