Alan Jackson said:
a quick note .. when i activate file sharing for a folder under xp sp2 i
thought it would poke a hole through the xp firewall for all the SMB ports
needed for clients to access the shared folder.
well .. it didn't .. i had to do it manually .. and this is what was
preventing me from accessing this folder remotely over my home network. is
this the correct way the xp firewall should respond to activating file
sharing? seems like a bug to me .. or microsoft is being just plain
retarded about there security these days.
anyone experience the same thing?
thanx
AJ
Everyone who reads the instructions first and then follows them,
will experience the same thing. I'm somewhat amazed that people
who are fairly bright but who know little about computers, think
that computers will work according to their own logical assumptions
rather than how they are described to work in the docs. Their own
assumptions have big gaps of information about the evidence needed.
quoting from google:
"And, oh, if life were so easy, because, before you can share anything,
you must configure your firewall so that ports 137, 138, and 139 are
open (relatively easy) on both linux and windows boxes and you must
configure smb.conf. For many people, configuring smb.conf turns out
to be a nightmare, as far as I can tell because they start out by
stuffing everything and the kitchen sink into the file, for which
there are dozens of options, not all of them consistent."
SH: The more you know about computers the more you realize
that you need to read the instructions. I had a customer tell me
that because MSN Messenger 6.2 (Instant Messaging program)
could establish a two-way video connection with a webcam,
that it "should" also establish an audio connection. Yours and
this customer's assumptions are closer to the opposite of reality
and it is not the way it is or even "should" be.
I've just spent several moments trying to imagine how you could
think that having a program automatically open ports up in a
firewall is somehow safer or more secure than requiring a user
to manually configure the open ports. I couldn't conceive of it.
Your view is like saying that choosing to have your password
automatically typed in and stored, is more secure than requiring
the password to be provided manually by the person logging in
each time.
quoting from google:
"As to harming a LAN after breaking a firewall, I'm afraid you've got it
wrong. If a cracker DOES gain access to a firewall, the internal network
is quite vulnerable. Details vary from one network to another, of course
-- some employ multiple firewalls of varying designs in order to slow
down a determined intruder in a situation like this. Suppose, though,
that you run half a dozen Windows computers using Windows SMB/CIFS
networking protocols and connect them to the Internet via a single
firewall computer. If an intruder cracks the firewall, then the Windows
machines may be vulnerable via the SMB/CIFS file sharing protocols."
