HOw to get access? what is being used

[paul123456]

I am very confused. i am trying to figure out how these clients from the internet are getting access to files on a network. i know that they are behind a router. i went to one of the clients house to see how there are connecting with. there are not using a vpn connection. there are no startup scripts the only thing i noticed was that they had pcanywere but it wasn't in the tsr or in the processes. they simply mapped a network drive to the ip like this \\ip\share i can't figure out how they did this? i looked at the destination computer and it also isn't running vpn server. and it doesn't have pcanywere installed but another computer on the network does. this is an internal network? can someone give me some ideas as of how this is connected? Thanks, PAUL

 

[dankelt]

It's connected using either Netbios or SMB. >Windows 2000 uses SMB or Netbios, all other versions of windows will use netbios only. Most networks do not allow Netbios or SMB traffic outside their LAN. It is far from secure. To connect to a map simply do a "start", "run" then type in \\ipaddress\share

 

[paul123456]

Your absolutely right, and why in the heck would a company do this. its the most unsecure setup i've ever seen. the thing is is that the company is behind a router, does that mean that they port forwarded 137-139 to the destination computer? and have u ever done this to anyone? or have u ever seen this done to anyone? Thanks, PAUL

 

[John Lewis]

People do this because they don't know any better.

Mapping to \\IP\share doesn't rely on the broadcasts that mapping to \\name\share does, so it will often work. Few possibilities as to why it works. First would be that they have public IPs behind the router. Second would be portforwarding at the router. Third would be static routing tables on both ends of the connection.

If the IPs behind the router are public, they should also be routable, so the internet structure would take care of all of that.

If the ports are being forwarded, it should be obvious as they would be connecting to the IP of the router instead of the actual sharing computer.

Routing tables would show up if you were to type 'route print' in a command window. You would see a route to the private IP on the host side with a gateway of the router on the host side.

The other possibility is that they are running router to router VPN. This would require capable routers on both ends. You wouldn't really see it unless you looked at the router configuration.

Anything other than the last scenerio is very sloppy and dangerous. If you have any input at all in the situation, do your best to get it changed. Best option would be a VPN setup. Router to router would be an option, but recent versions of Windows have native VPN support. Several possiblities without additional capital.

Either way, Microsoft networking needs to be disabled on the internet connected interfaces. Period. Current situation is kinda like parking in a bad neighborhood and taping your keys to the parking meter. Sooner or later, someone's gonna figure it out. Won't be good.

 

[paul123456]

Yeah i hear you on the last part. The computer that is hosting the sare is on a private network so i think that they have port forwarding going cause anyone on the net could simply map a network drive or connect using \\ip\share. I still can't get over the fact that an it consulting company did this. Since the router at the main building doesn't support vpn, i think i am going to do a incoming vpn server on the xp machine and port forward 1723. unless u can come up with a better solution? Thanks, PAUL

 

[dankelt]

Forwarding port 1723 will probably not work. PPTP also relies on the GRE protocol, which a lot of routers do no support through NAT.

What kind of router do you have?

 

[John Lewis]

The XP client should be fine for a small network with few VPN clients. At the very least, you could start there and move to something else if it proves ineffective. Biggest problem you will see if it becomes overloaded would be dropped connections, not a security problem.

dankelt is correct that you will have to pass GRE as well as TCP on port 1723, and also that some older routers do not play well with VPNs in general. Most more recent routers can deal with it, although you may need to upgrade the firmware. Generally, the option you need to enable is PPTP pass-through, although some high-end routers will have an option to pass specific protocols.

I think you have something here that could be workable. Take one thing at a time and you should be fine.

 

[paul123456]

Ok the router does support the GRE protocol but i have another question. if i block ports 137-139 and i have a bridge connection enabled to another router. will it effect the bridge connection client router to be able to get shares over the intranet? if it does what is an alternative method for doing this? Thanks, PAUL

 

[dankelt]

I think I understatnd what you are asking, but I'm not for sure. I'll try to answer your question. If you are blocking netbios on the vpn router or on any router that is between the vpn server and vpn client it will not effect getting to shares (all traffic is tunnled though port 1723). However if you are blocking netbios on a router that, for example, is between the vpn router and the file server (outside the tunnel), it will block the share.

I hope that made sense.
Dan