+Elі Subscriber² Posted September 21, 2003 Subscriber² Share Posted September 21, 2003 I recently got a NETGEAR wired router so that I can use my DSL connection on two computers on the same room, I'm not too good at networking though and I'm having issues creating the network, my main computer is running Windows XP Pro while the other old one is using Windows ME, I used the XP 'Setup a home or small office network wizard' to link both computers, this is the way my computers are set up. Phone line connects to my DSL modem, then modem connects to Router, then both computers are connected to the router each one on its own port. While trying this setup XP warned me that this was not very secure and suggested me other ways to do it, however I find them all too complicated for me besides I would need to buy extra equipment to get this done as they suggest. The wizard prompted me to create a network setup file which it saved to a floppy then asked me to reboot computer to finish the network setup it then said I must run the set up wizard on the other computer too, Well I rebooted the XP machine and opened the Windows ME one and ran the netsetup.exe from the floppy it all went good but at the end it said it could not find my network hardware, Looks like ME sucks for this kind of thing, so probably tomorrow I ll be upgrading that PC to XP too, Hopefully then the setup will run good on it, However my concern is how secure would this kind of set up be? the NETGEAR router supposedly has a build in hardware firewall and XP has its own firewall and also Norton, I m planning to do the same on the other computer too. Has someone tried this and is it too risky since both computers will be linked literally over the internet linked by the router which connects to the ADSL Modem? Also I have not seen any new icons under network connections for this new network set up which I ran with the XP Wizard. Where am I supposed to login to the other computer once the set up has been successfully ran on both computers? Thanks in advance. Ely Link to comment Share on other sites More sharing options...
MxxCon Posted September 21, 2003 Share Posted September 21, 2003 the NETGEAR router supposedly has a build in hardware firewall and XP has its own firewall and also Norton, I m planning to do the same on the other computer too.complete and usless overkill. with this setup if you'll have some network connection problem(such as ftp connection), it'll be major pain in the ass to figure out if it's software, os, router, os's firewall or software firewall.if you have a router in NAT configuration, meaning your 2 computers will have their own private network, all you really need is just an IDS/simple firewall to see what's going past your router. Has someone tried this and is it too risky since both computers will be linked literally over the internet linked by the router which connects to the ADSL Modem?like i said above, they won't be "linked literally over the internet". they will have their own private network, unaccessable from outside. Link to comment Share on other sites More sharing options...
morganpugh84 Posted September 21, 2003 Share Posted September 21, 2003 The router makes it own private network, if you have a look at the IP addresses it gives to the 2 computers connected to it they will be something like 192.168.1.100 and 101. Nobody can see your computers because they are behind the router. The router will use NAT to forward data to the correct computer. You can use port forwarding to bind a port on the router to a computers port however you can only bind it to one computer which means you cant use P2P applications on more than one system :( As for it being secure, a NAT router is better than any software firewall. To be honest there is no real need for any software firewalls on your system. It wont add any extra protection as the firewall will never see the attacks as they will stop dead at the router. The only thing a software firewall would be good for is outbound connection tracking. At the end of the day your setup is pretty secure. If you make it so complex that you dont understand it then it is totally insecure as you do not know how it works. If you want to learn more about networking check out Sams Teach Yourself TCP/IP in 24 Hours. It is an excellent book for beginners and covers everything you will want to know (and more!) for a nice home network :) Link to comment Share on other sites More sharing options...
+Elі Subscriber² Posted September 21, 2003 Author Subscriber² Share Posted September 21, 2003 all you really need is just an IDS/simple firewall to see what's going past your router. Ok thanks to both of you, however I do have a question what is an IDS/simple firewall and where can I get one? Link to comment Share on other sites More sharing options...
morganpugh84 Posted September 21, 2003 Share Posted September 21, 2003 IDS = Intrusion Detection System This is basically an inbound only firewall such as BlackICE (or whatever it is called now). For a software firewall check out Kerio Personal Firewall (free for personal use), Zone Alarm Free (free for personal use), Zone Alarm Plus/Pro (same as Zone Alarm Free with more features), Tiny Software (free for personal use iirc), SyGate Personal Firewall (dont know about license), OutPost (dont know about license). Check out http://www.betanews.com search there and read the reviews, pretty good site :) (iirc didnt Neobond and some others start up NeoWin to be like BetaNews but with the things it didnt have?!) Link to comment Share on other sites More sharing options...
drummingislife Posted September 21, 2003 Share Posted September 21, 2003 actually, you can use p2p as long as your router supports port forewarding and you know which ports your p2p app needs Link to comment Share on other sites More sharing options...
Miyagi Son Posted September 21, 2003 Share Posted September 21, 2003 you cant use the bot disk from xp to me, + make sure your workgroups are the same. Link to comment Share on other sites More sharing options...
+Elі Subscriber² Posted September 22, 2003 Author Subscriber² Share Posted September 22, 2003 Ok guys, thanks a lot for your help, I ended up upgrading my old computer to XP pro too, but I had to disable ALL firewalls, except for that built in one into the router, Im still concerned about security though, I have never been without a software firewall till now and honestly I feel a little bit insecure, Anyone could point me to a good reading about hardware firewalls? My two computers are networked now, however I have a little problem, I can connect to and see share folders and everything on the old computer ( that's really what I need) however when I try to connect from the old computer to the new one it wont let me, it always says: 'wrong operation' I ran the network setup wizard exactly the same way on both computers so I wonder what's wrong, and yes the workgroup is is the same, any ideas on this? again its not a big deal since what I really need is to be able to connect to the old computer from new one and that I can do with no problem, however Im still curious. Ely Link to comment Share on other sites More sharing options...
morganpugh84 Posted September 22, 2003 Share Posted September 22, 2003 check out http://www.grc.com and do the shields up test. chances are it will say you are just as secure as when you had the software firewall. Link to comment Share on other sites More sharing options...
+Elі Subscriber² Posted September 22, 2003 Author Subscriber² Share Posted September 22, 2003 Indeed I did that test and it all came out stealth except that it says that my computer is responding to PING requests, hmmm weird and I set up the hardware firewall not to respond to PING, is this too bad? for now Im re-enableing it the XP firewall just in case. :) Link to comment Share on other sites More sharing options...
Gary_Player Posted September 22, 2003 Share Posted September 22, 2003 You probably dont want the firewalls within your own network, you just want that on your gateway (probably your new router) What you might be able to do is switch the order of your DSL modem and your router and set your router to dial your modem (some have this option, some dont) Link to comment Share on other sites More sharing options...
+Elі Subscriber² Posted September 22, 2003 Author Subscriber² Share Posted September 22, 2003 Well the firewall is built into the router so yes its on my gateway, the manual specially tells you to connect modem to phone line then router to modem, So I think its already as you suggest. Ah this is the report I get from http://www.grc.com Results from scan of ports: 0, 21, 23, 25, 79, 80, 110, 113, 119, 135, 139, 143, 389, 443, 445, 1002, 1024-1030, 1720, 5000 0 Ports Open 0 Ports Closed 25 Ports Stealth --------------------- 25 Ports Tested ALL PORTS tested were found to be: STEALTH. TruStealth: FAILED - ALL tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED. That's the simple test, If I do the full scan one it turns out the same just with more ports ( all the ones tested ) that come stealth. Link to comment Share on other sites More sharing options...
Frank Posted September 22, 2003 Share Posted September 22, 2003 Ely: What router do you currently have? How did you tell it not to accept "ping" packets? Link to comment Share on other sites More sharing options...
+Elі Subscriber² Posted September 22, 2003 Author Subscriber² Share Posted September 22, 2003 I have a NETGEAR RP614v2 and I went into its settings, there's a section called WAN setup there's an option there that you can unckeck called " Respond To Ping On Internet WAN Port " it says that it must be disabled except for very special circunstances, and it was uncked by default. I dont see any other place on the menus to disable PINGS of any sort. Link to comment Share on other sites More sharing options...
SimplyPotatoes Posted September 22, 2003 Share Posted September 22, 2003 wow someone is insane about security arent we.... hackingthe cia lately? all of that is overkill all you need is a crappy software firewall, honestly though you cant be safe so dont try any INTELIGENT hax0r could hax0r u if they wanted byusing some windows flaw or something elsejust get zonealarm or use your router, ih ave an ant crawling on my foot and it almost bit me :( Link to comment Share on other sites More sharing options...
MxxCon Posted September 23, 2003 Share Posted September 23, 2003 Ely, ignore GRC's recommendations on security. ignore his hype that your computer is responding to ping. nothing bad will happen to you. all your ports are closed/stealth, your good to go. Link to comment Share on other sites More sharing options...
+Elі Subscriber² Posted September 28, 2003 Author Subscriber² Share Posted September 28, 2003 OMG , FINALLY I got this dam problem fixed!! Thank you so much to all of you who tried to help me, Some guy at the dslreports.com Westell forum gave me the definitely clue on what was wrong, I was also starting to suspect about my Westell DSL modem, Well it turned out to be that I didn't have the modem set up properly to work along with the NETGEAR router, I had to change the settings of the modem to Bridged Ethernet settings, I didn't know the Westell modem I use also has a NAT router built in so no matter what settings I would set up on the NETGEAR router the modem router settings would be enforced, So now after setting modem to Bridged Ethernet, it was a problem solved for me, no matter what security site I go to all ports appear stealth and computer no longer responds to PING. Thank you all for your help. Ely Link to comment Share on other sites More sharing options...
MxxCon Posted September 29, 2003 Share Posted September 29, 2003 wasted 7days just so that your ip is unpingable? :no: Link to comment Share on other sites More sharing options...
SimplyPotatoes Posted September 29, 2003 Share Posted September 29, 2003 wow 7days :no: ely post your ip? Link to comment Share on other sites More sharing options...
+Elі Subscriber² Posted September 29, 2003 Author Subscriber² Share Posted September 29, 2003 lol MxxCon, I know it might look silly, but I have been exposed to serious hacking stuff, I have suffered a defaced website which design was valued at over $1000 dollars, I have seen people's passwords, IRC Channels, Credit card info stolen and lots of other things like that during the time I have used internet, so things like this just made me paranoiac I guess? I don't know but I rather be like this than having a surprise one of these mornings when I try to login into my XP machine. :) Link to comment Share on other sites More sharing options...
+Elі Subscriber² Posted September 29, 2003 Author Subscriber² Share Posted September 29, 2003 (edited) hmmmm post my IP, maybe in private message? lol Ohh on other notes, It was just NOT only the PING thing, I checked my computer at another security scanning site and I found an open port, which was used for DSL Remote Management ( something apparently used by my modem) which there was no way in heaven to shut down, Only now I was able to close that port too. Edited September 29, 2003 by Ely Link to comment Share on other sites More sharing options...
MxxCon Posted September 29, 2003 Share Posted September 29, 2003 I found an open port, which was used for DSL Remote Management ( something apparently used by my modem) which there was no way in heaven to shut down something to keep in mind: some ISPs will cancel your account w/o warrning or charge you insane fees if they will try to do some maintance on your connection and won't be able to connect to your modem.. being security admin, i'm well aware of hacking on both sides, giving and recieving, and i can confidently tell you that having (all) unneeded ports closed is good enough. you don't have to go thru some insane procedure to make your posts stealth or make your ip unpingable. it's not like "hackers" can use some 'crowbar' to pry open your closed ports :rolleyes: Link to comment Share on other sites More sharing options...
SimplyPotatoes Posted September 29, 2003 Share Posted September 29, 2003 where u admin!!!!!!!! Link to comment Share on other sites More sharing options...
bangbang023 Veteran Posted September 29, 2003 Veteran Share Posted September 29, 2003 for those people talking about p2p apps. Kazza Lite works fine for mine and the 2 other systems in my hosue with no pport forwarding on or anything. Link to comment Share on other sites More sharing options...
Recommended Posts