GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So if I opened up my computer via DMZ, would other people be able to view my windows shares? What situations, if any, would let other people do this? It's not like I'm opening up DMZs all the time btw, I forward ports properly, I'm just curious
My understanding is that yes, they would be able to see your windows shares. I believe that a computer in the DMZ is pretty much in the same boat as if it were directly connected without a router.
Yeah, welcome to the wonderful wide world of Windows security.........or lack thereof. If you have a windows box connected directly to the internet and share your drives, it is very possible for other people to see (and access) them. Although I'm a networking amateur, my understanding is that all someone needs is relatively direct access (like on the same section of an ISPs cable network) and knowledge of the windows workgroup (like the standard default) and they are in. Of course the defense against this would be to change the workgroup and password protect all shares and get a firewall in place that prevents access.
Originally posted by Hangdog42 Yeah, welcome to the wonderful wide world of Windows security.........or lack thereof. If you have a windows box connected directly to the internet and share your drives, it is very possible for other people to see (and access) them. Although I'm a networking amateur, my understanding is that all someone needs is relatively direct access (like on the same section of an ISPs cable network) and knowledge of the windows workgroup (like the standard default) and they are in. Of course the defense against this would be to change the workgroup and password protect all shares and get a firewall in place that prevents access.
Well, modern Windows runs its networking over TCP/IP, so if you know a unfirewalled Windows box's ip address, you can connect to it from anywhere in the world. All you need to do is type \\ip.address in Windows Explorer and guess the username, password, and maybe the workgroup (IIRC, you can use "." to mean the local computer name). Windows 2000/XP I think all you need is a TCP connection to port 445.
Originally posted by orange400 So if I opened up my computer via DMZ, would other people be able to view my windows shares? What situations, if any, would let other people do this? It's not like I'm opening up DMZs all the time btw, I forward ports properly, I'm just curious
you are asking to put a windows box up on DMZ. DMZ = demiliterized zone. this is no different in internet talk then it is in military lingo. it means your system is 100% without the protection the router provided. be that just a NAT based firewall, or a true builtin firewall like IPCop.
as mentioned above any MS OS public on the web is extreemly vulnerable due to the lack of 'secureity' provided by the OS it self.
a perfect example is wardriving where you can grab a wifi device and drive around neighborhoods and peek into peoples houses who have wifi setup and have them unsecured to alow anyone to connect via DHCP. not only do you see their WiFi networks, but you can view their workgroup/domain names, you can view the computer names and shares, etc...
if they shares are not restricted to user/pw or something to that effect you can navigate directly to them and view, modify, etc. what ever is there if those systems are not behind a secure firewall/NAT router.
also by placing your windows box on the DMZ, any and ALL shares it has connected to it are also accessable from the outside.
the only reason for placing a windows box on the DMZ is if you have NOTHING on that computer you care about, and it is completly isolated from the rest of your LAN.
Originally posted by Lleb_KCir the only reason for placing a windows box on the DMZ is if you have NOTHING on that computer you care about, and it is completly isolated from the rest of your LAN.
That would be a pretty bad idea as well. On any sort of broadband/big pipe connect that box could end up zombied in less than a day. No sense in helping out the spammers, DDoSers, and assorted no-goodniks any more than necessary, eh?
yes without a doubt any MS system in a DMZ is just begging to become a zombie for some spamer, XXX site, or worse.
hopefully the OP will think twice about putting his MS box on the DMZ with that information, or if he does he has been warned that his system will be compromised in a very short bit of time.
anything older then winXP SP2 will be compromised under 12hrs, winXP SP2 will take a tad longer, but 24hr is on the long side of the slide if i had to guess on it. have not seen any hard data on SP2 as i just avoid it like the plague and secure SP1a as best as possible.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.