Audio & Video
Business Center
Cameras
Cell Phones & PDAs
Desktop PCs
Gadgets
Gaming
HDTV
Laptops
Macs & iPods
Monitors
Printers
Software
Spyware & Security
Storage
Upgrading
Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Products
Most Popular Downloads
Friday, September 17, 2004 5:34 PM PT Posted by Andrew Brandt
XP SP2 Bug Inadvertently Shares Your PC's Files Online
PC World's counterpart in Germany, PC Welt, published a short story today detailing how Windows XP computers running Service Pack 2 may be inadvertently sharing files on their hard drive with more people than they might like.PC Welt editors Thorsten Eggeling and Andreas Kroschel discovered that a setting created when you install SP2 slightly changes the way the Windows Firewall--one of the new components installed with SP2--creates so-called exceptions to the firewall. The firewall, under normal circumstances, should block all incoming traffic, but exceptions allow certain programs that need to communicate through the firewall to do so.
In this case, the Windows Firewall creates a default exception for the File and Printer Sharing component of Windows XP. If this service was blocked, and you wanted to share files with others on your local network, for instance, the other people wouldn't be able to connect to your PC. However, Windows mistakenly opens the "exception" gap a bit too widely. (The PC Welt story has the technical explanation of the bug.)
Here's how PC Welt's editors recommend you fix the problem: Open the Windows Firewall control panel applet (click Start, Settings, Control Panel, double click Windows Firewall, then click the Exceptions tab.
If you don't ever need to use File and Printer Sharing, you can clear the checkbox next to that label, and the firewall will block any attempt to connect to your PC.
But if you want to use File Sharing, you need to change some settings. Select the listing for File and Printer Sharing, and click the Edit button. In the "Edit a Service" dialog box that appears, click the button labeled "Change scope."
Typically, if you use a home gateway/router, your home network will use internal IP addresses that start with the numbers 192.168.0.x, 192.168.1.x, or something similar.
Click the "Custom list" radio button and then create an entry for your network. The entry will look like this:
192.168.1.1/255.255.255.0
The first IP address should be your gateway/router's internal IP address (192.168.1.1, in the example above); The second IP address should be "255.255.255.0" (without the quotes).
Click OK on all the dialog boxes, and you should be all right.
Recent Posts
Archives
View posts from:
PC World's Marketplace
PC World's Free Whitepapers
QUICK LINKS:
cheap laptops
cell phones
laser printers
HDTV reviews
LCD TV Plasmas
digital cameras
laptop reviews
security antivirus
windows vista reviews
digital camera reviews
inexpensive desktop
LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
tech news tech blogs community & forums laptop prices software reviews downloads
FYI:
The name of the PC Welt editor is NOT "Von" Thorsten Eggeling, same as the writer of the article above did most likely not name him
"Posted by" Andrew Brandt.
Correction:
The name of the PC Welt editor is NOT "Von" Thorsten Eggeling, same as the writer of the article above is most likely not called
"Posted by" Andrew Brandt
Whoops, we fixed the typo.
-=A
what about IP address spoofing?
this solution as presented does not protect against a hacker with half a brain.
... half a brain used to google a list of broadband ip blocks and ip spoofing technology.
this article doesn't make much sense.
Any user that has more than one static and/or dynamic IP address from their ISP would most likely have the brains to firewall.
A user that has one IP (dynamic or static) would most likely be using a linksys/ belkin/ netgear etc. router.
This vulnerability only extends to people directly connected to their DSL or Cable modem. Your solution as proposed would only make a difference if port forwarding was enabled or if the vulnerable computer was in a DMZ. Anyways consumer routers are vulnerable to ip address spoofing anyways. So the proposed fix merely deters the average port sniffer. It does not "secure" your windows shares at all.
You should advise people that are connected directly to their cable/xdsl modem to turn off all sharing.
Why? Because the average user that is directly connected to the modem has no lan and does not share in the (non-existent) lan.
... and what if the subnet is 255.0.0.0?
But honestly.
Any article on this topic should end with a link to the free zonealarm. Because (as this article shows) built in windows firewalls suck.
This article makes no sense,
the new XP firewall has different rules for different connections.
If you're running your internal and external lan off the same physical interface you deserve what is comming to you.
ds = jackass