Network setup random versus assigned ip's

[Jeff Reid]

Hardware configuration:

I have two XP pro system, connected via ethernet to a EtherFast
(8 port switcher). I also have a cable modem connected to this
same switcher.

Issue:

If I boot up both systems with the cable modem disconnected,
and use the "random" ip addresses created because there's no
DHCP server, the two systems can ping, and trace rt each other,
and folders can be shared.

If I boot up both systems with the cable modem connected,
the cable modem assigns each computer it's own ip address (Cox
Cable provides this multiple ip address feature), and the
two systems can ping, folders can be shared, but tracert
does not work.

If I boot up both systems with the cable modem disconnected,
using the ip addresses that the cable modem assings (by
manually entering these values), then the two systems can
neither ping or trace route, and folders can't be shared.

In all cases firewall is turned off. Any help here?

 

[Michael D. Alligood]

On your first test, your computers are 169.254.x.x Which is an
autoconfigured IP address for a computer that cannot reach a DHCP server. As
long as both computers are configured this way, they can talk to one
another. It creates a little DHCP traffic (broadcasts) because the computer
are broadcasting out at intervals to find a DHCP server

On your second test, are you saying that you cannot tracert FQDN on the
internet?

On your third test, you have the modem disconnected. You probably are
statically assigning the IP address of the default gateway (Cable Modem) in
the DHCP properities. If that is the case you will not get anywhere becuase
the you disconnected the default gateway with the IP you statically
configured.

--
Best of luck!

Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI

 

[Jeff Reid]

On your second test, are you saying that you cannot tracert FQDN on the

internet?

I just can't tracert between the computers.

On your third test, you have the modem disconnected. You probably are
statically assigning the IP address of the default gateway

I left the gateway field blank. I was attempting to get the entered
data to look as close to the randomd data as possible.

Is there a way to statically assign the IP's (one is 68.... the other
is 65...) so that the two computers can communicate with or without
the cable modem?

 

[Michael D. Alligood]

If you want to two computers to communicate with or without the router
(cable modem) -- do not statically assign ip addresses to the computers.
When the router is connected, they will receive an ip address from the
router. When the router is not available, the will be autoconfigured through
windows xp.

--
Best of luck!

Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI

 

[Richard G. Harper]

You won't be able to run a tracert between the two systems in this
configuration. Why do you believe this is necessary? If they both connect
to the Internet and can share files and folders you have a functional
network, though one that is also hazardously exposed to anyone else who
feels like driving by and taking a shot at you.

I would strongly suggest that you get yourself a router with a firewall and
NAT, put both computers behind it with the router connected to your cable
modem, then share what you want to share. This will give you a reasonably
secure network.

 

[Jeff Reid]

You won't be able to run a tracert between the two systems in this

configuration. Why do you believe this is necessary?

I was trying to do remote debugging with Visual Studio .net, using
DCOM. It's not necessary, as the TCP-IP is working. However a microsoft
tech support person has been trying to help me to get the DCOM to work,
so I experiement with it as I receive suggestions from him.

If they both connect to the Internet and can share files and folders
you have a functional network, though one that is also hazardously
exposed to anyone else who feels like driving by and taking a shot at you.

Each system just has one shared folder, temp folders only used to transfer
files between systems. To free up my primary system, I use the secondary
system for downloads and uploads via cable modem, and use the share folders
to transfer these files to/from the primary system. Uploaded files end up
on my web page for anyone to download, and downloaded files are already
available to anyone, so there's not much concern.

hazardously exposed to anyone else

Is this hazard restricted to just the shared folders? I have remote
log-in disabled, use a non-standard workgroup name, and I normally
enable the XP Pro internet connection firewall, is there anything else
I should setup?

 

[Richard G. Harper]

In today's threat environment there's no reason to expose yourself to any
degree of compromise. You've reduced your known threat level but what about
the things you haven't considered ... such as the ability of a hacker to
access the default administrative shares on your system if they brute-force
or guess an admin password? If they can do that they own the box, as they
can now replace any executable on your system with a trojan or backdoor.

You have nothing to gain by exposing your network to the world at-large and
everything to lose. Add to that equation the fact that an inexpensive
router will reduce your risk profile to near-zero without preventing the
actions you're describing now ...

 

[Jeff Reid]

Add to that equation the fact that an inexpensive

router will reduce your risk profile to near-zero without preventing the
actions you're describing now ...

The router is beter than enabling the firewall on the internet connection
with XP Pro? If I get a router, I assume it's just placed between the
switcher and the cable modem, is this correct? How do I program the
firewall protocol in the router to allow some port access for games?

 

[Jeff Reid]

access the default administrative shares on your system if they brute-force

or guess an admin password?

Is this possible if the administrator is not set up as a remote desktop user,
and if there is only one shared folder (nomrally empty) on each system?

 

[Jeff Reid]

that an inexpensive router will reduce your risk profile

My cable modem assigns each of the two computers it's own
IP address (a service feature provided by Cox Cable). I'm not
sure how I could setup a router with this network setup.

 

[Richard G. Harper]

Let me hit them all at once:

The router is beter than enabling the firewall on the internet connection
with XP Pro? If I get a router, I assume it's just placed between the
switcher and the cable modem, is this correct? How do I program the
firewall protocol in the router to allow some port access for games?

Very much yes. The router is attached to your broadband connection, then
the PCs connect to it. It provides a firewall plus network address
translation (NAT) that, in effect, hides both computers from the Internet.
The configuration of the router will depend on which one you buy, but it's
usually very easy to open ports or ranges of ports for external access. In
fact, better routers don't need any port configuration since they use a
"stateful firewall" which allows incoming packets based not on rules but by
inspecting the incoming packets and assuring that they're intended to arrive
at a specific PC.

Is this possible if the administrator is not set up as a remote
desktop user,and if there is only one shared folder (nomrally empty)
on each system?

Again, yes. The default administrative shares allow access to any drive on
the system if the hacker gets lucky or skillful.

My cable modem assigns each of the two computers it's own
IP address (a service feature provided by Cox Cable). I'm not
sure how I could setup a router with this network setup.

Each PC would get an address from the router and be hidden from the world at
large unless you set up port forwarding.