Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Windows File Sharing

  1. #11
    ad_hock Guest

    Default Re: Windows File Sharing



    Hi qwaven

    You're welcome.

    Of course what you say about the possibily of a infected computer in the network it's a possibility,but when pointing out a eventual solution I was thinking at domestic or home networks not enterprise networks as you suggested in your post. With the solution I suggested you would only have a computer trusted, the one that you are sharing with.But if you may achieve the same purpose with expert rules and using only port 445 and you think that in that way you are not exposing the computer to a possible infection in that computer,that's OK. However if you allow, deal with precaution with port 445 https://www.grc.com/port_445.htm.

    Best regards and hope you may find the right solution

  2. #12
    qwaven Guest

    Default Re: Windows File Sharing

    Hello,

    Not to start an argument or anything but in regards to "I was thinking at domestic or home networks not enterprise networks as you suggested in your post". Whats stopping someone from plugging in a laptop at home? I wasnt trying to imply just in a enterprise network earlier. Enterprises are not the only ones being compromised, infact with high speed connections, home users make for great targets to form botnets...etc.

    Also with "expert rules and using only port 445 and you think that in that way you are not exposing the computer to a possible infection in that computer,that's OK" ... First of all with any port 139...445...etc they cannot just be "accessed" as you suggest. With proper authentication meaures in place you simply get a message from, as an example, psexec displaying "access denied" simply because I never gave it the authentication details, details not available to other people. I'm not saying its not possible to get through... but it certanly is far better to have one port allowed connection from a specific source, than allowing "trusting" all 65000+ ports. Think of all the lovely security vulnerbilities there

    Anyway my issue was never with getting port 445 or file transfers accessable... like I said earlier. I've always been able to. My issue is however that Zone Alarm seems to ignore rules when it sees fit. This seems like a terrible policy/concept to have and kind of defeats the purpose of having custom rules.

    Anyway thank you again for your comments, although clearly my problem is beyound the scope of this forum

  3. #13

    Default Re: Windows File Sharing

    "Anyway thank you again for your comments, although clearly my problem is beyound the scope of this forum "I think it is more a question of... the aspirations you possess for your network are beyond the scope of the software you are using.You run a Windows operating system. You want to share files between two computers and protect them by using a free (limited functionality) firewall. How does Windows allow you to share files? By setting up a network between your computers. How do you set up a network between your computer? You run the Windows Network Wizard. What is the first question you are asked in this Wizard? I beleive it is HOW DOES THIS COMPUTER CONNECT TO THE INTERNET?. So it seems to me that what Windows has to do to share files is to first set up a network that has to be defined by each computers relationship to it's internet connection. So although file sharing is not a function that needs you to be on the internet you need internet sharing relationships to set up a local network to share files. Now when you add the limited free firewall which is not actually meant for networked computers I think the reason it fails you is that it can't automatically identify the relationships between your computers. When you get the alert Rating..Date/Time..........................Type...Protocol..... ..Program....Source......IP Destination..IP Direction..Action
    Medium 2006/07/24 14:42:40-400 GMT Firewall TCP (flags: AP) 'blank' 192.168.1.3:445 192.168.1.2:4080 Incoming Blocked
    I think that basically because of your "Internet" setting Zonealarm is warning you that some other computer in the world on the internet is trying to get into your computer. It has no way to know that this is afriendly computer because everything is set for dealings on the internet. There has to be someway to discriminate between friend and foe and that is whewre the trusted setting comes in. I wonder if there is anyway you can solve this without having the firewall "trust" something.. ip address or host name etc.When you set a port setting such as...Action = Allow, Track = None, Source = My Computer, Destination = 192.168.1.3, port = 445, Time = any.You are using ip addresses which are internet protocol addresses which have to do with internet connection sharing because to set up your ip addresses you have to run the Network wizard which is dependent upon internet sharing relationships .. The firewall needs to know the relationship between your computer and this ip address. Is it friendly? ie trusted or a stranger? ie Internet.You could do a little experiment and use the 14 day free trial of zonealarm pro which supports ICSand see if your problem goes away.

    Message Edited by ledoc on 08-01-2006 06:50 PM

    Message Edited by ledoc on 08-01-2006 06:53 PM

  4. #14
    qwaven Guest

    Default Re: Windows File Sharing

    Hello Ledoc,

    I've been wondering whats this about free through out these forum posts and I realized I had selected the wrong one. So to correct this I am using the internet suite (one below free in the list).

    Now, I'm not sure why you keep going on about ICS, as that really doesn t have anything to do with file sharing. ICS = Internet Connection Sharing, and means just that. It shares your internet connection as a supplement to having say a router/gateway.

    In reply:
    >>You run the Windows Network Wizard:
    I don t run that I use DHCP. As well that is only used for those who 'do not' understand networking so much. I however do and thus don t use "simple file sharing" and manually setup things.

    >>...you need internet sharing relationships to set up a local network to share files.
    I don t see why? I can share files without being connected to the internet at all. Putting shares on the internet sounds pretty scary to me.

    >>When you get the alert...
    That alert is zone alarm blocking my connection. I know this because a lot of the time when ZA does this and I'm in the middle of streaming audio/video the feed will freeze up and either pause or crash completely.

    >>I think that basically because of your "Internet" setting Zonealarm is warning you that some other computer in the world on the internet is trying to get into your computer
    Yes I'd agree that s kind of correct. ZA is alerting me that it blocked allowed traffic because ZA decided to IGNORE my custom rules. What if I did want to share something over the 'internet'? Is Zone Alarm just not going to let me do that even though I explicitly told it to? Seems like a bug or extremely bad design flaw to me.

    >>has no way to know that this is afriendly computer because everything is set for dealings on the internet
    This is not true. 1) the address is part of the RFC 1918 address space (private addresses). These addresses are not used on the internet and most likely wont make it past my ISP (routing wise) even if I tried to use one on the net. 2) As well the fact remains that I told ZA to allow IP 'X' on port 'Y'. This should have no consequences of where or what it is, I simply stated in ZA that I want to allow it.
    >>You are using ip addresses which are internet protocol addresses which have to do with internet connection sharing because to set up your ip addresses you have to run the Network wizard which is dependent upon internet sharing relationships
    As stated above, incorrect. As well IP has very little to do with the actual internet it self. An IP in itself is just a method of many different ways to distinguish one from another. As far as host names are concerned, well those are useless if you don t have like a DNS (or WINS) system (Domain Name Service) which also relies on such things as an IP in the end. All it does is convert said IP into a more humanly understandable form. Like zonelabs.org is actually 208.185.174.46 or the other computer is say "fileserver" which actually is 192.168.1.3.


    In the end regardless of what s what.. I have a rule, it says allow 'X' on port 'Y', to/from, 'Y' on 'Z'. This rule should not be ignored regardless of how safe or unsafe it maybe. That s my problem (my choice)if its not safe not ZA's if I explicitly said to do it. Which is why I posted this forum post to begin with, to see if I was doing something wrong with my rules. IF I'm being told that because I chose 'internet' zone over 'trusted' I simply cannot do this, than that s a flaw/bug. As I stated, my file shares work flawlessly. They are fast, and do not mess up/crash should I not have ZA running. So this is not an issue with 'Windows' as it is an issue with ZA itself.

    Thank you for helping

  5. #15

    Default Re: Windows File Sharing



    Ok, I can live with the fact that you just don't agree with me about the association between internet connections and file sharing. The argument reduces to a semanticists nightmare where we end up trying to define what the internet is. I won't go there:8}

    What frustrates me to the nth degree is that after all this time we now find out that because you erroneously stated something as basic as what version of the firewall youare using all our previous assumptions have to be chucked out the window. I am sure you can appreciate the importance of being given the properfirewall version in order to trouble shoot a firewall issue.The fact that you are using the suite instead of the free version makes a big difference as to how folks will see your problem and as to what suggestions they will offer you. At this point there really is nothing more to say except next time PLEASE try to get the important facts right.

    P.S. Now that I know the correct version of the firewall I can honestly state that I haven't the faintest idea of how to correct your problem. It is beyond my level of competency. Had I known the problem you describe was in the Suite version of the software I would not have venturedmy suggestions at all. I hope you find others in the forum up to the task of solving your problem but if this does not turn out to be the case then I trust you will e-mail tech support for assistance.

    Cheers

    Message Edited by ledoc on 08-02-2006 08:50 AM

  6. #16
    qwaven Guest

    Default Re: Windows File Sharing

    Okay well thank you for your efforts.

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •