Is TCP/IP safe for home networking?

[Oaf357]

I don't like a protocol that I never "really" know what it's doing. IP gives you more control and you're not dealing with two different protocols on one network.

 

[Nothinman]

I don't like a protocol that I never "really" know what it's doing. IP gives you more control and you're not dealing with two different protocols on one network.

You never "really" know what Windows is doing and you keep using that. If you want to know what NetBEUI's doing get a sniffer and look, it's a really simplistic protocol.

 

[Oaf357]

Originally posted by: Nothinman

I don't like a protocol that I never "really" know what it's doing. IP gives you more control and you're not dealing with two different protocols on one network.

You never "really" know what Windows is doing and you keep using that. If you want to know what NetBEUI's doing get a sniffer and look, it's a really simplistic protocol.

I know what Windows is doing.

I wouldn't use it if I didn't.

 

[JackMDS]

Originally posted by: Oaf357
I know what Windows is doing.

I wouldn't use it if I didn't.

LOL. You should contact MS. I am not sure that they know what WinXP is doing; otherwise you would not need so many security patches. (Just late night humor).

There is an address, if I am not mistaken NetBEUI Uses the computer name rather than the IP.

In any case any one who wants to know more about what WinXP is doing in the background should look at this page.

WinXP Services.

Just be careful if you are going to use the gentleman advices. He is not a Network guy, and he suggests disabling most of the Network services.

 

[spidey07]

LOL. You should contact MS

That is no lie. I was talking to the "top network engineer for XP" after escalating a problem with windows browsing. We went over several network traces and I to explain to him the suspect frames and why asking a DNS server for MS specific records is not a good thing.

 

[Lark888]

================
TCP/IP is obviously routable and can and will be broadcasted out of your local network, specifically LAN traffic which should not be routed out onto the Internet, and this is why NetBEUI is recommend.

================

Would this statement remain true if you are using a hardware router or router/firewall between your local netork and the ISP? If you have a home network set up with a private IP address range such as 192.168.0.x and subnet mask 255.255.255.0, the router should not route 'out onto the Internet' as the router would clearly know that it does not need to be routed to the Internet.

 

[JackMDS]

If you are talking Entry Level Cable/DSLRouters, it is not so clear.

Basic Protection for Broadband Internet Installation.

 

[Muse]

Originally posted by: JackMDS
If you are talking Entry Level Cable/DSLRouters, it is not so clear.

Basic Protection for Broadband Internet Installation.

I checked out this site yesterday and went to the Shield's Up! link and ran both tests. I did that maybe two years ago (probably same site), which was before I had a firewall running (or a network), and my machine came up pretty vulnerable. At the time I didn't know what to do about it and did nothing. Yesterday my system was in complete stealth mode except for one small vulnerability. My Port 113 IDENT returns "closed". Not uncommon, but I haven't figured out how to put even that into stealth mode with my Zonealarm.

 

[JackMDS]

Port 113 is usually used by mIRC if you have a chat program open try to close it and check again.

 

[Muse]

Originally posted by: JackMDS
Port 113 is usually used by mIRC if you have a chat program open try to close it and check again.

Hmmm. I NEVER use chat. What should/can I look for? Running Windows 2000 Pro SP3, installed just yesterday. Installed a few things so far:

Office 2000 Pro
Visual FoxPro 7
Zonealarm
Mailwasher
Forte Agent
Norton Systemworks 2001
Motherboard Monitor 5
UltimateZip
Nero 5

Edit: Oh, and just installed Visual Studio .NET. Worst, hairiest install I've ever done. At least it's working. That's the reason I reinstalled Win2000 - VS.NET wouldn't work before.

That's about it... Thanks.

 

[Nothinman]

The router probably just forwards port 113 by default since it's so common and necessary for IRC, since you don't have anything to answer the ident requests the port comes up as closed instead of stealth. Really the difference between closed and stealth is minimal.

 

[JackMDS]

Stealth means that if the ?Hacker? probes your ports, he get an indication that there is no computer on the specific IP address.

Closed means there is a computer but it is closed.

 

[Muse]

Originally posted by: JackMDS
Stealth means that if the ?Hacker? probes your ports, he get an indication that there is no computer on the specific IP address.

Closed means there is a computer but it is closed.

Right, that's what I thought. That's why I'd prefer that if someone tries to hit port 113 on my computer, he gets no response instead of the response that the port is closed. I can't seem to find a way to do it, though. Would it be in my router's configuration (D-Link DI-704p) or my Zonealarm? Or is it possible?

 

[spidey07]

I thought a lot of routers responded to ident frames?

 

[Nothinman]

Stealth means that if the ?Hacker? probes your ports, he get an indication that there is no computer on the specific IP address.

Closed means there is a computer but it is closed.

I understand the difference. But if you have nothing listening on any ports the 'risk' is the same, unless of course there's a bug in your TCP/IP implementation.

 

[JackMDS]

Originally posted by: spidey07
I thought a lot of routers responded to ident frames?

Yeah they do.

Stealth? ? Closed?

I agree, functionally Closed is good enough for me.

 

[chsh1ca]

Originally posted by: Muse
Right, that's what I thought. That's why I'd prefer that if someone tries to hit port 113 on my computer, he gets no response instead of the response that the port is closed. I can't seem to find a way to do it, though. Would it be in my router's configuration (D-Link DI-704p) or my Zonealarm? Or is it possible?

Actually, you probably don't want that, in fact, for a lot of things, using 'stealth' (packet dropped) over 'closed' (port closed return packet) is not a good idea.

1) It's only quasi-resource saving in the event of a Denial of Service attack.
2) From everything I've come across, 90% of all cable or DSL service providers use routers configured to responde with icmp-destination-unreachable packets when pinging an IP address where there REALLY isn't a machine, whereas if the machine is there, 'stealth' will respond with an icmp-destination-port-unreachable packet, from your source IP, effectively meaning 'stealth' only works on lamers who use portscanners without watching the return packets.
3) Dropping packets is bad network behaviour, and as far as I know, is against RFCs.
4) Possibly most importantly: It can slow down connections. A lot of IRC networks look for an IDENT server listening. If the IRC server in question tries to connect to TCP/113 and the packet is dropped by the client, it has to wait for the configured timeout before letting you connect. Since the default is usually anywhere from 1 to 3 minutes, depending on server, this can significantly add to your connection time. IRC is just one example, but there are several other similar services.

'Stealth' mode in and of itself is a bit of a misnomer, and really should be taken with a grain of salt. If your computer is hooked to the internet via any link, you'd be very hard pressed to prevent anyone from seeing you're online.

Just try to keep in mind that the internet is a public network, not a private one. Don't have any delusions of guaranteed privacy, take measures to protect your personal information, and you'll do fine. 🙂

 

[Mrburns2007]

NetBEUI is no longer supported by M$ although it is on the CD.

NetBEUI also doesn't have error correction which could be important when sending a important across the network.

 

[JOSEPHLB]

wow.. I cant believe this thread is still going on..

Its as plain as this.. If you access the internet at all.. then you NEED TCP/IP
plain and simple.. no discussion about the pro's and cons of TCP/IP vs Netbios/Netbeui.. so, why bother with two..
Like someone mentioned previously.. install TCP/IP.. get rid of NetBeui, and then secure it to your needs..
It doesn't take rocket science

 

[Johnbear007]

Originally posted by: JOSEPHLB
wow.. I cant believe this thread is still going on..

Its as plain as this.. If you access the internet at all.. then you NEED TCP/IP
plain and simple.. no discussion about the pro's and cons of TCP/IP vs Netbios/Netbeui.. so, why bother with two..
Like someone mentioned previously.. install TCP/IP.. get rid of NetBeui, and then secure it to your needs..
It doesn't take rocket science

ummm duh.

the point is, you can use TCP/IP for internet connection, but use netbeui for filesharing. That means you don't have file sharing enabled over tcp/ip

it makes perfect sense. If I werent doing a bunch of network gaming, I would use it. but netbeui isn't going to wokr for network gaming.