Re: Networking etiquette questions, please

Post #151,563 by pwhysall 4/18/04 3:00:45 AM Reply	Re: Networking etiquette questions, please 1. Usually driven through a web-based wizard of some description. I tend to disregard GRC's network pronouncements; he's a wiz at assembly language, but doesn't seem to understand security terribly well - cf. the "raw sockets" fiasco. Testing is simple. You get a friend to portscan you and you make that request IN EMAIL so that if either ISP goes loopy you have something to wave at them. 2. I've got a three-year old Netgear RT314 - it's got 4 10/100MB switch ports, a DHCP server, a packet-inspecting stateful firewall, port forwarding, can be controlled via web/telnet menu/telnet CLI, and can be obtained for less than the price of a couple of coffees in Starbucks from eBay. Lessee: [link\|http://search.ebay.com/search/search.dll?cgiurl=http%3A%2F%2Fcgi.ebay.com%2Fws%2F&krd=1&from=R8&MfcISAPICommand=GetResult&ht=1&SortProperty=MetaEndSort&query=RT314\|http://search.ebay.c...dSort&query=RT314] I'm not convinced that software firewalls are any use at all; after all, by the time the evil has been detected by, say, ZA, then the evil has already connected to your computer. And tools like ZA have their own exploits. It's true that there are also vulnerabilities in the firmware of things like the RT314, but when you consider that the RT314 is running a tiny embedded OS that's likely to have been considerably more thoroughly debugged than Windows, you may come to the conclusion that the RT314 is more useful in a security context than ZA. Overall, though, go for a name you trust and get something in a formfactor that you can squirrel away - my preference is for Netgear kit because (a) I've seen it working under very heavy loads 24x7 at work for 5 years with no failures and (b) (some of) it's square and blue. They're succumbing to the blobby shiny silver disease in places, specifically their wireless AP/DSL router things. 3. 3Com no longer produce the best network adapters. I'm all about Intel adapters now. They have some of the best driver support I've seen, and they're priced to fit all pockets, even those of W9x-running cheapskates :-). Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #151,569 by Ashton 4/18/04 5:26:47 AM Reply	Thanks, Peter re 1) Yes, recall the raw sockets crusade and agree that the style of his presentations is a bit Disneylandish. As I comprehend it - his little Shields Up thingie merely tries for access at a few over 1000 ports. If "they" cannot see you, or 2nd grade: can see you but not enter - isn't that Good Enough? Perhaps there are better attacks I might request (of the installer / congfigurator). No argument from moi re Gibson's net wiles being Wizard-grade, though he appeared at one point to have pretty well ID'd the source/child of a DDOS attack, etc. 2) Netgear longevity noted; pondering presenting locals with fait accompli - especially if it saves friend some $ while also working quite well. Unclear about ZA acting only after connection to computer succeeds - thought the point of its messages ~same as a rudimentary packet sniffer: acknowledging that such were aimed at any open port xxxx: had you left it open. You hadn't. [or.. is your box even visible on Net at all, if ZA is properly functioning?] I note the artfulness of their moving around, hiding - the guts of the True Vector engine, via changing directory name randomly, etc. I expect that many are at work attempting to beat that system; these methods are, of course - outta my league. I just wondered if ZA could /should remain a backup, or if KISS is better - delete one more running task in Doze, say. That seeems to be your recommendation. OK 3) Intel >> 3Com. Drivers point also noted. 3B) Cheapskates indeed! but cheap in terms of wasted fix-labour. I sorta Know this putrefying [9.x] piece of Billy-innovation (though hardly in the way that You Know intimately where it screws up in actual heavy service). Friend realizes by now: don't ask it to do more than 3 things, and maybe it will. And she 'knows' the layout of this POS. [RT-314] See what you mean re prices. If paranoid get two - one is bound to work, even from eBay. 5 years is proof of concept, and I believe I can count on you to have noticed any weirdness. ;-) Believe I'll snipe this new one w/ 5 yr warranty, today (3091329117)- seller's lengthy description fills in all the blanks, obv from Netgear specs. Heh, saves faux debate with local guru.. Maybe an el-cheapo one too, for at-home amidst the 9.x Loosers, who are Waiting for Godot Thanks much; I adore simple/perfect solutions. On to Intel; can't fight nasty Big monopolies in this yuga! Ashton, gratefully Drill hole; run CAT-5, PnP Hmmm may end up staying around and seeing if I can make the sucker sing, from just whatever Netgear's how-to describes. Must. Study. NAT.
Post #151,572 by Silverlock 4/18/04 8:13:40 AM Reply	If she's going to use a VPN Most companies will configure the VPN to disallow a connection to a home network while running. There are ways around this but it's a question to ask. As for the rest rest, try [link\|http://www.ddj.com/documents/s=2856/nam1012432334/\|this]. Dr. Dobb's guide to basic home networking security. ----------------------------------------- It is much harder to be a liberal than a conservative. Why? Because it is easier to give someone the finger than it is to give them a helping hand. Mike Royko
Post #151,576 by bepatient 4/18/04 8:39:40 AM Reply	Using Cisco VPN.. ..in my current position and have no issues with home networking. If you push something hard enough, it will fall over. _{Fudd's First Law of Opposition} [link\|mailto:bepatient@aol.com\|BePatient]
Post #151,628 by Silverlock 4/18/04 4:17:43 PM Reply	I'm glad for you. Your company must have weighed the benefits and costs of this measure and carefully... What am I saying? Who'd ya bribe? ----------------------------------------- It is much harder to be a liberal than a conservative. Why? Because it is easier to give someone the finger than it is to give them a helping hand. Mike Royko
Post #151,708 by bepatient 4/18/04 10:59:01 PM Reply	Small start-up Well, not so small anymore, but still VC based and progressive on the work from home rules. If you push something hard enough, it will fall over. _{Fudd's First Law of Opposition} [link\|mailto:bepatient@aol.com\|BePatient]

Welcome to IWETHEY!