LISTSERV - HP3000-L Archives

HP3000-L Archives

January 2001, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L January 2001, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: My PC is on the Internet!
From:	"Emerson, Tom # El Monte" <[log in to unmask]>
Reply To:	Emerson, Tom # El Monte
Date:	Thu, 4 Jan 2001 17:25:35 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (116 lines)

Perhaps this topic should be renamed "TCP/IP 101" :)

Actually, what is happening is that yes, indeed, "your PC is on the
internet" -- in fact, when you DIAL UP your ISP, you are just as vulnerable
[if not more, since 99% of the people are unaware of this] as if you were on
a 24x7 cable/DSL connection!

Some "services", like "icmp echo reply" [tech/nerd speak for "what ping
does"] are pretty much "always on" [and, in general, you want to keep them
that way -- otherwise, you couldn't even "browse" outbound]  Other services,
like inbound TELNET and FTP, are services for which you have to "start a
deamon" [or, on an HP3000, stream JINETD/JFTPMON]

For the most part, a "standard windows" PC does not have these "daemons"
available

   HOWEVER...

You could download and install the "personal web server" (PWS), and voila --
you wouldn't give a "rodent's derrier" about being "limited" to 5mb of
"webhosting space"

<<aside: yes, you CAN try this from home fairly safely -- install the PWS on
your home PC, build a fairly standard web page, then tell your browser, from
work, to open that web page by explicitly putting in your [fixed] IP address
in the address window.  I said this is "fairly safe" since, presumably, your
particular IP address isn't being "advertised" as a web server [no DNS entry
for it], but some hackers doing "port scans" may find it, and seeing it is
the standard MS supplied software, will have dozens of scripts and programs
at his disposal to do anything from mildly annoying you to completely
trashing your system...>>

<<aside 2, only if you care about the "legal" ramifications: your
"agreement" with your ISP may be such that you are "legally" prevented from
running PWS -- I know Pacbell's current AUP only allows those with "static"
IP's provisioned before a certain date to be "allowed" to run "servers", but
more recent "dynamic" IP addresses assigned via PPPOE are not>>

The fact that attempting to connect with clients such as telnet, finger,
FTP, and a webbrowser and you come back with a QUICK response of "host
disconnected/refused" does tell the would-be intruder that you do have a
live system running at that IP address.  Firewalls, both hardware and
software, may prevent snoopers from finding even this information, but they
tend to be pricier [and not neccessarilly needed -- after all, just knowing
you have a "live" connection at the moment doesn't mean much -- you are "one
of millions", if a hacker can't get in within a few milliseconds, they are
likely to move on to the next address...]  (think of it like a car thief in
a Mary Kay parking lot -- which one do you think he'll steal? -- that's
right, the company janitor that drives something OTHER than a pink car...)

But getting back to services, exposure, and "drive D:".  One of the
"services" that windows computers DO "expose" is the SMB service -- this is
what makes the "network neighborhood" work in the first place.  In a
"perfect world", you could install the software that says "make files [and
printers] on this computer available to others" without fear, then "share"
your C: or D: drive.  The world ain't perfect, however, so people don't do
this [or, at least, they are told not to do so]  If you could be 100%
certain that any passwords you "set" are indeed secure, then you could
"expose" this service to the world and sure enough, your friend could
"browse" your (shared) drive and send those huge pictures whenever he
wanted.

One "hot new technology" that is springing up from this is called "virtual
private networking", or VPN.  If this is "properly" set up between you and
your friend, then both your PC and your friend's would "appear" to be on the
same network, thus allowing the aforementioned "sharing" [and in this case,
you could pull just as easily as he could push]

But, I see this is getting really deep into the inards of how "The Internet"
works, and perhaps more than a few eyes have glazed over reading this, so
I'll stop now...

Tom

> -----Original Message-----
> From: Sohrt, Jeff [mailto:[log in to unmask]]
> Sent: Thursday, January 04, 2001 1:57 PM
> To: [log in to unmask]
> Subject: OT: My PC is on the Internet!
>
>
> greg writes:
> <snip>...
>
> > I had expected
> > it not to be visible at all. In fact, I had visited the
> > Shields Up! page
> > <https://grc.com/x/ne.dll?bh0bkyd2> from this PC, and took
> > comfort in the
> > fact that it told me that my PC was well shielded from prying eyes.
> >
> > Imagine my surprise when I could ping my home IP address from my
> > workstation, and resolve the IP to the correct host name!
> > Tracert (I know,
> <rest chopped>
>
> Greg,
> You bring up an interesting OT.
> I have installed the "free" zone alarm which is supposed to
> make my PC well
> hidden from all the peeks, pokes, and pings of the internet.
> Running the
> test web site (which they refer to), provides a report describing the
> "stealthiness" of the attempted inquiries. And all the most
> potentially
> damaging of ports are reported as "stealth".
>
> But, I am curious nonetheless just how safe it is.
>
> Does anyone else use zone alarm or similar products that they
> may want to
> comment on as well as your experiences with them?
>
> jds
>

ATOM RSS1 RSS2

RAVEN.UTC.EDU