problems with home network

motherwolf

Hi,
I'm trying to make my two home computers see each other but am having some difficulty. I have Windows 2000 on my desktop and that is directly wired to my router. I have an XP laptop that is wireless and I can't get them to see one another. The XP laptop can't even see itself when I click on entire network and then click on the workgroup name, the desktop can see itself. For some reason the desktop can't ping the router but can access the internet, huh? I took a look at the NIC and the amber LED is solid and the green flickers every so often, but not often enough for my liking. Makes me think something is wrong with the NIC, but how do you explain the Internet access? Any suggestions would be greatly appreciated, thanks.

sprkymrk

Does your XP laptop have a firewall turned on?

motherwolf

I have the windows firewall off but I'm running PC-cillin internet security 2006. Should I turn the firewall off?

motherwolf

OK, it worked, they can see each other now, thanks. But how do I protect myself with my firewall turned off?

5no-yt

You can create rules to allow traffic from certain local IP's
Can't remeber how to do this... and I can't test as im stuck on my thinclient terminal at work :S
Hopefully someone can give you instructions.. if not by the time I get home.. I'll sort it out.

motherwolf

OK, thanks

seuss_ssues

Your firewall is default blocking ICMP packets which are used by ping. That is why you couldnt ping your router. It may also be blocking windows file sharing and so forth also causing you to not be able to see the other computer.

Ive never used that product before so i dunno how to change it. There should be options to change or add rules and that is where you need to look. Just read the documentation or google it. Shouldnt be too hard to figure out.

5no-yt

For your windows firewall....

Open control panel,
Double click security centre.

Scroll down and you should see down the bottem right.. "manage security settings for"
click on windows firewall

goto - advanced Tab -> click ICMP Settings button
make sure "allow incoming echo request is ticked"

(Thats what i done when i had the same problem on my network)

as for PC-Cillin..... somewhere in the settings will be a section for you to allow certain IPs.
as i have never used it myself there should be somthing in the link provided (do a search for lan traffic or somthing)

http://esupport.trendmicro.com/support/search.do

leme know if you get really really stuck and ill see what i can do.
rodger that?

-chapt3r

oldtech

Do you really think that a firewall is necessary on a home p.c, anti virus yes , anti spam yes, anti spyware yes but a firewall.........

RussS

Most definitely oldtech - preferably one on your ADSL router that is totally locked down. With that done you can have reasonably lax rules on your machines so that all runs smoothly, but with the number of machines I find out there with keyloggers and trojans one has to be careful.

royal

With all the botnets out there due to insecure home PCs, keyloggers, virii, worms, malware, and more, I'd definitely say it is necessary to secure your systems. Why not use the built-in firewall in XP? Granted, it's not a great firewall, but it's there and adds an extra layer of protection. Heck, I think home systems should be more secure than they are currently. Especially with people doing things such as online shopping, online banking, identity theft, DDOS attacks using zombie home pcs), etc...

JDMurray

Software firewalls are great because they offer egress (outbound) protection. They can quickly alert you of anything on your machine that is attempting to "phone home" via a network connection. The Windows XP firewall has only an ingress (inbound) filter. I'm not sure about Vista.

sprkymrk

jdmurray wrote:

Software firewalls are great because they offer egress (outbound) protection. They can quickly alert you of anything on your machine that is attempting to "phone home" via a network connection. The Windows XP firewall has only an ingress (inbound) filter. I'm not sure about Vista.

Vey true JD. I don't think Vista added egress filtering either. Microsoft purposely decided to leave off egress filtering for several reasons (so they say). Their reasoning goes something like this:

Egress filtering on a home computer for a typical user (not someone like us) is of minimal value because now you rely on a user clicking on a security prompt for your security. In other words when something tries to access the internet from your computer, a pop up comes up and asks if you want to allow it. Most users click "okay" or "yes" regardless because they don't know any better.

Secondly, they claim, most spyware/malware now use port 80 or 443 outbound anyway, so unless you are using something more than a packet filter (which is what the Windows firewall is) you can't stop using those ports outbound entirely. Most users won't know to only allow those ports for IE or whatever.

Thirdly, they claim that many users will tire of the prompts after a while and simply turn the firewall off, thus lessening security. They say that given the choice of security or watching dancing pigs from a malicious website, dancing pigs win out most every time.

In some ways I agree with these assessments, but it would be nice if they created a firewall that let you set security to high, medium and low. High would be the ingress and egress filtering. Medium would be only ingress filtering. Low would be only ingress filtering, but allowing the various netbios ports from ip's on the same network.

JDMurray

sprkymrk wrote:

Egress filtering on a home computer for a typical user (not someone like us) is of minimal value because now you rely on a user clicking on a security prompt for your security. In other words when something tries to access the internet from your computer, a pop up comes up and asks if you want to allow it. Most users click "okay" or "yes" regardless because they don't know any better.

It would still be better to have the egress filtering, but have it off by default, or have different security levels (and zones like IE) like you suggest. The typical home user would probably never adjust these settings, but the corporate IT admins would take advantage of it.

sprkymrk wrote:

Secondly, they claim, most spyware/malware now use port 80 or 443 outbound anyway, so unless you are using something more than a packet filter (which is what the Windows firewall is) you can't stop using those ports outbound entirely.

True. I use 80 and 443 in my network-aware apps to bypass firewall controls. The Sunbelt Kerio software firewall I use has a NIPS feature that scans network ports for traffic containing known attack signatures. I wouldn't expect Microsoft's firewall to provide this functionality, but other software firewalls already do. Microsoft is just not interested in competing in this software market niche.

sprkymrk

jdmurray wrote:

Microsoft is just not interested in competing in this software market niche.

Yet....