DMZ and stuff

not worked with BT routers very much

just had a friend asking for me to help him out

he had his PC hooked up to his BT voyager router by USB

just told him to assign a static IP address

192.168.1.10

gateway: 192.168.1.1 (router)

and i told him to do an ipconfig /all and get the two DNS Server addresses
and enter them too into the windows TCP/IP area.

told him to rip out the usb hook up the router via ethernet enable ethernet

told him to type in the router address in a browser and follow the nicely
designed BT UI

and set the DMZ host as 192.168.1.10

this would work yeah/

i mean he wouldnt have any trouble connecting with a setup like this
(statically assigned IP addresses)

"Christo" <lessthanchris666no (E-Mail Removed)> wrote in message
news:d43r8u$41s$(E-Mail Removed)...
> not worked with BT routers very much
>
> just had a friend asking for me to help him out
>
> he had his PC hooked up to his BT voyager router by USB
>
> just told him to assign a static IP address
>
> 192.168.1.10
>
> gateway: 192.168.1.1 (router)
>
> and i told him to do an ipconfig /all and get the two DNS Server addresses
> and enter them too into the windows TCP/IP area.
>
> told him to rip out the usb hook up the router via ethernet enable
> ethernet
>
> told him to type in the router address in a browser and follow the nicely
> designed BT UI
>
> and set the DMZ host as 192.168.1.10
>
> this would work yeah/
>
> i mean he wouldnt have any trouble connecting with a setup like this
> (statically assigned IP addresses)

For gods sake make sure the man has a software firewall on his
machine........... coz you have just posted a big sign on his ip address
saying 'fuck me'.

Gaz

> For gods sake make sure the man has a software firewall on his
> machine........... coz you have just posted a big sign on his ip address
> saying 'fuck me'.
>
> Gaz
>

No he didn't. The addresses he posted were the internal addresses behind
his NAT. What he might have done (and I don't have time to think more) is
effectively made his friends PC "open" to the Internet, and thus vulnerable
attack providing someone figures out, or simply scans to, he _external_ IP
address.

Normally, a NAT/firewall/router would stop any attempts to reach a "server"
port (i.e. someone outside tries to start a connection into your home
network) by simply ignoring them. By creating a DMZ, you're saying "oh let
any old crap through and my specially hardened PC will take care of it.

Unless you really need a DMZ, don't create one. Open up only such inbound
services as you need (for example a Web server on port 80) and make damned
sure that the PC you aim it at is well protected and cannot be compromised.
You might start be deleting anything having the word "Microsoft" on it ;-).

Paul DS.

In article <d43r8u$41s$(E-Mail Removed)>,
""Christo" <lessthanchris666no (E-Mail Removed)>" "Christo"
<lessthanchris666no (E-Mail Removed)> says...
> not worked with BT routers very much
>
> just had a friend asking for me to help him out
>
> he had his PC hooked up to his BT voyager router by USB
>
> just told him to assign a static IP address
>
> 192.168.1.10
>
> gateway: 192.168.1.1 (router)
>
> and i told him to do an ipconfig /all and get the two DNS Server addresses
> and enter them too into the windows TCP/IP area.
>
> told him to rip out the usb hook up the router via ethernet enable ethernet
>
> told him to type in the router address in a browser and follow the nicely
> designed BT UI
>
> and set the DMZ host as 192.168.1.10
>
> this would work yeah/
>
Why have you put his machine outside the NAT "firewall"?

In article <d43r8u$41s$(E-Mail Removed)>,
says...

> told him to type in the router address in a browser and follow the nicely
> designed BT UI
>
> and set the DMZ host as 192.168.1.10
>
> this would work yeah/
>
Fucking Jesus...hope you never install a network anywhere. IP addresses
placed in the DMZ zone are wide open to the net and do not benefit from
the protection of NAT or the routers built in firewall.

If its an XP box, pre XP2 and not running a firewall on the LAN
connection, it will be owned in under 2 minutes and full of all kinds
of shit.



--
Conor

"Of all the things I've lost, I miss my mind the most." O.Osbourne.

"Paul D.Smith" <(E-Mail Removed)> wrote in message
news:42660be0$0$302$(E-Mail Removed) t...
>> For gods sake make sure the man has a software firewall on his
>> machine........... coz you have just posted a big sign on his ip address
>> saying 'fuck me'.
>>
>> Gaz
>>
>
> No he didn't. The addresses he posted were the internal addresses behind
> his NAT. What he might have done (and I don't have time to think more) is
> effectively made his friends PC "open" to the Internet, and thus
> vulnerable
> attack providing someone figures out, or simply scans to, he _external_ IP
> address.
>
> Normally, a NAT/firewall/router would stop any attempts to reach a
> "server"
> port (i.e. someone outside tries to start a connection into your home
> network) by simply ignoring them. By creating a DMZ, you're saying "oh
> let
> any old crap through and my specially hardened PC will take care of it.
>
> Unless you really need a DMZ, don't create one. Open up only such inbound
> services as you need (for example a Web server on port 80) and make damned
> sure that the PC you aim it at is well protected and cannot be
> compromised.
> You might start be deleting anything having the word "Microsoft" on it
> ;-).
>
> Paul DS.
>
>

yes, i told him to get rid of it and found a website that informs me of
telnet commands that can be issued to the router, i gave him a crash course
in telnet and he has now setup his own rules to deny certrain
services/ports.

"Conor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) t...
> In article <d43r8u$41s$(E-Mail Removed)>,
> says...
>
>> told him to type in the router address in a browser and follow the nicely
>> designed BT UI
>>
>> and set the DMZ host as 192.168.1.10
>>
>> this would work yeah/
>>
> Fucking Jesus...hope you never install a network anywhere. IP addresses
> placed in the DMZ zone are wide open to the net and do not benefit from
> the protection of NAT or the routers built in firewall.
>
> If its an XP box, pre XP2 and not running a firewall on the LAN
> connection, it will be owned in under 2 minutes and full of all kinds
> of shit.
>

yeah I gave him a copy zone alarm 4.5 before hand, please give me a bit more
credit than that i am not that fucking stupid

"Gaz" <(E-Mail Removed)> wrote in message
news:42657280$0$94552$(E-Mail Removed)...
>
> "Christo" <lessthanchris666no (E-Mail Removed)> wrote in message
> news:d43r8u$41s$(E-Mail Removed)...
>> not worked with BT routers very much
>>
>> just had a friend asking for me to help him out
>>
>> he had his PC hooked up to his BT voyager router by USB
>>
>> just told him to assign a static IP address
>>
>> 192.168.1.10
>>
>> gateway: 192.168.1.1 (router)
>>
>> and i told him to do an ipconfig /all and get the two DNS Server
>> addresses and enter them too into the windows TCP/IP area.
>>
>> told him to rip out the usb hook up the router via ethernet enable
>> ethernet
>>
>> told him to type in the router address in a browser and follow the nicely
>> designed BT UI
>>
>> and set the DMZ host as 192.168.1.10
>>
>> this would work yeah/
>>
>> i mean he wouldnt have any trouble connecting with a setup like this
>> (statically assigned IP addresses)
>
> For gods sake make sure the man has a software firewall on his
> machine........... coz you have just posted a big sign on his ip address
> saying 'fuck me'.
>
> Gaz
>

i didnt post a big sign on his IP "saying fuck me" he is using ZA 4.5 for
gods sake man dont jump to conclusions

Christo wrote:
> "Gaz" <(E-Mail Removed)> wrote in message
> news:42657280$0$94552$(E-Mail Removed)...
>
>>"Christo" <lessthanchris666no (E-Mail Removed)> wrote in message
>>news:d43r8u$41s$(E-Mail Removed)...
>>
>>>not worked with BT routers very much
>>>
>>>just had a friend asking for me to help him out
>>>
>>>he had his PC hooked up to his BT voyager router by USB
>>>
>>>just told him to assign a static IP address
>>>
>>>192.168.1.10
>>>
>>>gateway: 192.168.1.1 (router)
>>>
>>>and i told him to do an ipconfig /all and get the two DNS Server
>>>addresses and enter them too into the windows TCP/IP area.
>>>
>>>told him to rip out the usb hook up the router via ethernet enable
>>>ethernet
>>>
>>>told him to type in the router address in a browser and follow the nicely
>>>designed BT UI
>>>
>>>and set the DMZ host as 192.168.1.10
>>>
>>>this would work yeah/
>>>
>>>i mean he wouldnt have any trouble connecting with a setup like this
>>>(statically assigned IP addresses)
>>
>>For gods sake make sure the man has a software firewall on his
>>machine........... coz you have just posted a big sign on his ip address
>>saying 'fuck me'.
>>
>>Gaz
>>
>
> i didnt post a big sign on his IP "saying fuck me" he is using ZA 4.5 for
> gods sake man dont jump to conclusions
>

So that'll be the software firewall he recommended you make sure was in
place then?

--
[ste]
Rpoints, money for nothing: http://tinyurl.com/3on76

In article <d48bfr$j3b$(E-Mail Removed)>,
""Christo" <chris@ no spamming juststuff.co.uk>" "Christo" <chris@ no
spamming juststuff.co.uk> says...
>
> "Paul D.Smith" <(E-Mail Removed)> wrote in message
> news:42660be0$0$302$(E-Mail Removed) t...
> >> For gods sake make sure the man has a software firewall on his
> >> machine........... coz you have just posted a big sign on his ip address
> >> saying 'fuck me'.
> >>
> >> Gaz
> >>
> >
> > No he didn't. The addresses he posted were the internal addresses behind
> > his NAT. What he might have done (and I don't have time to think more) is
> > effectively made his friends PC "open" to the Internet, and thus
> > vulnerable
> > attack providing someone figures out, or simply scans to, he _external_ IP
> > address.
> >
> > Normally, a NAT/firewall/router would stop any attempts to reach a
> > "server"
> > port (i.e. someone outside tries to start a connection into your home
> > network) by simply ignoring them. By creating a DMZ, you're saying "oh
> > let
> > any old crap through and my specially hardened PC will take care of it.
> >
> > Unless you really need a DMZ, don't create one. Open up only such inbound
> > services as you need (for example a Web server on port 80) and make damned
> > sure that the PC you aim it at is well protected and cannot be
> > compromised.
> > You might start be deleting anything having the word "Microsoft" on it
> > ;-).
> >
> > Paul DS.
> >
> >
>
> yes, i told him to get rid of it and found a website that informs me of
> telnet commands that can be issued to the router, i gave him a crash course
> in telnet and he has now setup his own rules to deny certrain
> services/ports.
>
He shouldn't be denying certain services and ports, he should be
denying everything, then allowing only what he needs.