So if I opened up my computer via DMZ, would other people be able to view my windows shares? What situations, if any, would let other people do this? It's not like I'm opening up DMZs all the time btw, I forward ports properly, I'm just curious

My understanding is that yes, they would be able to see your windows shares. I believe that a computer in the DMZ is pretty much in the same boat as if it were directly connected without a router.

You're able to see shares of people who are directly connected to the internet? That is, with firewalls off and everything?

Yeah, welcome to the wonderful wide world of Windows security.........or lack thereof. If you have a windows box connected directly to the internet and share your drives, it is very possible for other people to see (and access) them. Although I'm a networking amateur, my understanding is that all someone needs is relatively direct access (like on the same section of an ISPs cable network) and knowledge of the windows workgroup (like the standard default) and they are in. Of course the defense against this would be to change the workgroup and password protect all shares and get a firewall in place that prevents access.

That's what firewalls are for.

Damn, that's sketchy. Though the internet is just a big network after all.

Well, modern Windows runs its networking over TCP/IP, so if you know a unfirewalled Windows box's ip address, you can connect to it from anywhere in the world. All you need to do is type \\ip.address in Windows Explorer and guess the username, password, and maybe the workgroup (IIRC, you can use "." to mean the local computer name). Windows 2000/XP I think all you need is a TCP connection to port 445.

you are asking to put a windows box up on DMZ. DMZ = demiliterized zone. this is no different in internet talk then it is in military lingo. it means your system is 100% without the protection the router provided. be that just a NAT based firewall, or a true builtin firewall like IPCop.

as mentioned above any MS OS public on the web is extreemly vulnerable due to the lack of 'secureity' provided by the OS it self.

a perfect example is wardriving where you can grab a wifi device and drive around neighborhoods and peek into peoples houses who have wifi setup and have them unsecured to alow anyone to connect via DHCP. not only do you see their WiFi networks, but you can view their workgroup/domain names, you can view the computer names and shares, etc...

if they shares are not restricted to user/pw or something to that effect you can navigate directly to them and view, modify, etc. what ever is there if those systems are not behind a secure firewall/NAT router.

also by placing your windows box on the DMZ, any and ALL shares it has connected to it are also accessable from the outside.

the only reason for placing a windows box on the DMZ is if you have NOTHING on that computer you care about, and it is completly isolated from the rest of your LAN.

That would be a pretty bad idea as well. On any sort of broadband/big pipe connect that box could end up zombied in less than a day. No sense in helping out the spammers, DDoSers, and assorted no-goodniks any more than necessary, eh?

yes without a doubt any MS system in a DMZ is just begging to become a zombie for some spamer, XXX site, or worse.

hopefully the OP will think twice about putting his MS box on the DMZ with that information, or if he does he has been warned that his system will be compromised in a very short bit of time.

anything older then winXP SP2 will be compromised under 12hrs, winXP SP2 will take a tad longer, but 24hr is on the long side of the slide if i had to guess on it. have not seen any hard data on SP2 as i just avoid it like the plague and secure SP1a as best as possible.