From: Gary Britt 

This is a multi-part message in MIME format.
--------------030704050400090706000009
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit


OK, thanks for the info.  I have a mix of winXP, win2K,  and sometimes
win98 machine, so I usually keep net bios turned on.  If I understood you
correctly you are saying that if I use static IP addresses for the machines
in the peer network and make entries in each machine's hosts file then I
wouldn't need net bios?

If a machine is named "glb_mx7340" for example would the host
entry look like this:  "192.168.0.102   glb_mx7340"   ??

And if I do this than to setup network shares and printer shares I would
just need port 445 open on each machine?  Both TCP and UDP or  just one or
the other?

Thanks,

Gary

John Beckett wrote:
> Gary Britt  wrote in message
> news::
>
>> OK, so if you have a software firewall, I thought one of the advantages
>> of having a software firewall was to keep virii and trojans from your
>> side of the router/hardware firewall from getting on your machine.
>>
>
> You (should) hear mostly about this in a corporate environment where a
> workstation probably does NOT have shares and so does not need to open
> holes to allow incoming connections. Therefore a worm on the local network
> wold be much less likely to be able to penetrate such a workstation.
>
> But, as you say, if you share a folder then you need to open access to at
> least some ports, and if a worm could exploit the service that you have
> exposed, then you could be owned.
>
> If you have disabled NBT (NetBIOS-over-TCP) you only need to open access
> to destination port 445/tcp (but then you would need working DNS or hosts
> files to resolve names).
>
> Your firewall would still block connections to other ports not related to
> sharing, so you would get some protection (although there shouldn't be
> many of those ports on a workstation).
>
> But your essential point is correct.
>
> John
>
>


--------------030704050400090706000009
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit




  



OK, thanks for the info.  I have a mix of winXP, win2K, 
and sometimes
win98 machine, so I usually keep net bios turned on.  If I
understood you correctly you are saying that if I use static IP addresses
for the machines in the peer network and make entries in each machine's
hosts file then I wouldn't need net bios?

If a machine is named "glb_mx7340" for example would the host
entry look like this:  "192.168.0.102  
glb_mx7340"   ??

And if I do this than to setup network shares and printer shares I would
just need port 445 open on each machine?  Both TCP and UDP
or  just one or the other?

Thanks,

Gary

John Beckett wrote:

  Gary Britt <glbNOSPAM{at}gencogDOTcom.com>">mailto:glbNOSPAM{at}gencogDOTcom.com"><glbNOSPAM{at}gencogDOTcom.com>
wrote in message
news:<4">mailto:4552a6a1$1{at}w3.nls.net"><4
552a6a1$1{at}w3.nls.net>:
  
  
    OK, so if you have a software firewall, I
thought one of the
advantages
of having a software firewall was to keep virii and trojans from your side
of the router/hardware firewall from getting on your machine.
    
  
  
You (should) hear mostly about this in a corporate environment where a
workstation probably does NOT have shares and so does not need to open
holes to allow incoming connections. Therefore a worm on the local network
wold be much less likely to be able to penetrate such a workstation.

But, as you say, if you share a folder then you need to open access to at
least some ports, and if a worm could exploit the service that you have
exposed, then you could be owned.

If you have disabled NBT (NetBIOS-over-TCP) you only need to open access to
destination port 445/tcp (but then you would need working DNS or hosts
files to resolve names).

Your firewall would still block connections to other ports not related to
sharing, so you would get some protection (although there shouldn't be many
of those ports on a workstation).

But your essential point is correct.

John

  





--------------030704050400090706000009--

--- BBBS/NT v4.01 Flag-5