Re: How to tell which protocol (NetBUI or TCP/IP) each Network Neighborhood connection is using

From: Steve Winograd [MVP] (winograd_at_pobox.com)
Date: 07/29/04 

Date: Thu, 29 Jul 2004 16:59:31 -0600

In article <OE9soNbdEHA.644@tk2msftngp13.phx.gbl>, "*** Kistler"
<dickkist@nospam-hotmail.com> wrote:
>> NetBEUI was the default protocol in Windows 95. TCP/IP has been the
>> default protocol in every version of Windows since Windows 98.
>> Nothing in Windows networking has ever required NetBEUI. Even in
>> Windows 95, you can install TCP/IP and remove NetBEUI.
>
>Yes, you can do this, but my experience(admittedly small) is that
>it is difficult to do file and printer sharing with Win 95, Windows XP
>and TCP/IP, and adding the second protocol makes it easy to do this. I don't
>know why, and would like to know.

In my experience, it's easy to network all versions of Windows (even
Windows for Workgroups 3.11) with TCP/IP. If TCP/IP doesn't work, the
most likely problem is that a misconfigured firewall is blocking
access.

>I think that NetBEUI has a longer history. That it was the
>primary non-Netware protocol on MSDOS networks before
>interest in the internet came along. My guess is that there are
>lots of computers using it, under conditions that don't require
>internet access, since it has a lower overhead than IPX/SPX
>for small networks and doesn't require any configuration.

Yes, the lack of configuration is an advantage of NetBEUI.

>> If I wanted multiple levels of security, I'd use both a broadband
>> router and a software firewall, but I wouldn't add another protocol.
>
>I understand this, and use both the router's firewall and a software
>firewall in my
>network. My interest in a second protocol came from an incident in which an
>internet site was able to learn the network ip address of one of my
>computers.
>This should be impossible as I understand how NAT routers work. I could
>not find anything wrong with the configuration of the router. It's possible
>that
>there is something wrong with the router, of course, but since it otherwise
>works ok, I think that is unlikely.
>
>Luckily, the software firewall I run logged and stopped the attack.

This is interesting. What was the attack? What address was being
attacked?

Even if a web site finds out the private IP address (e.g. 10.x.x.x,
192.168.x.x) that a router gives to your computer, the web site can't
attack that address. Internet routers don't have routes to private IP
addresses, so they drop all packets addressed to them. After all,
there are probably thousands of different computers with IP address
192.168.0.1 at any moment. A web site can only attack the router's
public IP address

I recently went to an Internet site that displayed my computer's
private IP address after running a "firewall" test. However, the
information from the web site is misleading. My firewall didn't
reveal the address -- it was Java running in my web browser that did.
When I turned off Java, the web site couldn't see the private IP
address. To try it, go to www.auditmypc.com and run Firewall Test 1.
It works by causing the browser to create and execute a reference to
this URL:

http://www.auditmypc.com/freescan/uinfo.asp?a=www.xxx.yyy.zzz

where "www.xxx.yyy.zzz" is your private IP address. For example, if
you click this link, it will tell you that your IP address is
192.168.0.1:

http://www.auditmypc.com/freescan/uinfo.asp?a=192.168.0.1

>So, I started looking at a second protocol for another protection layer,
>and found that neither NetBEUI or NWLink work for my situation.
>And that nobody could give me good, technical answers to why.
>
>There are sites that religiously advocate using a second protocol, and
>regard anyone who only uses one as nuts. Also there are people like
>you that can't see any reason to use a second protocol. So far, I
>haven't seen any good, technical discussions that would allow a
>choice between the two options.

I've seen some of those sites, and I think that they exaggerate the
difficulty of securing a TCP/IP-only network. One flagrant example is
http://grc.com which, in my opinion, is long on scare tactics and
short on technical accuracy.

>I, however have a situation in which one protocol doesn't seem to
>be enough, and in which two protocols don't work.
>And no-one seems to have any real reasons for why this is so.
>The lack of a real reason that MS stopped support for NeBEUI
>is just one of small pieces of the puzzle.
>
>Perhaps this is the wrong forum for this discussion, but it
>seems to me that having a second protocol that is not
>routable, and that is easy to configure(and doesn't cause
>browsing problems) would be a good strategic thing for
>Microsoft to do to make networks more resistant to
>outside attack. In addition to whatever firewalling you
>do. That's all.
>
>*** Kistler
>
>Oh, by the way, some of the sarcasm about MS's motives
>came from the fact that they seem to be operating, like
>most large corporations, in a mode that considers their
>own problems to be more important than their customers.
>Cases in point:
>
>1. Dropping support for NetBEUI
>
>2. Short end of life for Win 95, 98, 98SE also MSDOS
>
>3. Dropping the ball on potential uses of Windows PE
>
>4. Overly integrating Internet Explorer with the OS
>
>5. Dropping support for distinctive ring from Window XP
>
>Not meant to be comprehensive, just the things I personally
>have run across in my work.

#5 really annoys me, too. You didn't mention what I consider to be
the worst flaw in Windows XP: the use of "simple file sharing", which
offers no access control, in Windows XP Home Edition networking. 

-- 
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)
Please post any reply as a follow-up message in the news group
for everyone to see.  I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.
Microsoft Most Valuable Professional - Windows Networking
http://mvp.support.microsoft.com
Steve Winograd's Networking FAQ
http://www.bcmaven.com/networking/faq.htm