Security Features of Internet Connection Sharing

ICS uses Network Address Translation (NAT) technology to route TCP/IP packets between two networks. ICS connects an internal network (usually a small home local area network) and an external network (usually the Internet). ICS associates a TCP/UDP port number to a specific Internet Protocol (IP) address on the internal network. The port number associated to the IP address is recorded in a table.



For example, the IP address for the ICS internal adapter is 192.168.0.1, and the the external ICS adapter has an IP address of 156.59.23.100, which is assigned by the Internet service provider (ISP). The client sends a TCP/IP packet to a Web page at 131.125.13.1 on the Internet at port 80. The packet contains the following information:
Destination IP address= 131.125.13.1 (address of the Internet destination)
Source IP address= 192.168.0.2
Destination port= 80
Source port= 2000 (Set by program)
Because 131.125.13.1 is not local to the 192.168.0.x address range, the packet goes to the ICS computer acting as the default gateway. The ICS computer generates a new packet to send to the Web page at 131.125.13.1. The packet contains the following information:
Destination IP address= 131.125.13.1
The Lincoln Lawyer: A Novel
Source IP address= 156.59.23.100 (This is an IP address assigned to the ICS external adapter by the ISP)
Destination port= 80
Source port= 3000
Notice that the values for the source IP address and the source port have changed. In other words, port 3000 is mapped to IP address 192.168.0.2 until the connection is closed. The port mapping is recorded in a table. After the Web page responds, the ICS computer receives a packet containing the following information:
Destination IP address= 156.59.23.100
Source IP address= 131.125.13.1
Destination port= 3000
Source port= 80
The ICS computer then translates the packet and delivers a new packet to the client IP address of 192.168.0.2 where the initial packet originated. ICS detects that port 3000 is assigned to the IP address because the information is recorded in the port mapping table. The packet sent to the client contains the following information:
Destination IP address= 192.168.0.2
Source IP address= 131.125.13.1
Destination port= 2000
Source port= 80
Notice that the destination port and IP address have changed to the IP address and the port number used by the client where the packet originated. Because of this translation process, the Internet detects the local area network (all clients) behind the ICS computer (including the ICS computer) as one IP address.
The Lincoln Lawyer: A Novel
There are only two ways a packet from the Internet can reach a client behind an ICS computer:
The ICS computer translates an incoming packet and sends a new packet based on the translation table to the client computer. A client must send a packet first (thus, establishing a port mapping) before it can receive a packet from the Internet through an ICS computer.
The ICS computer is configured to direct all incoming traffic on a specific port to a specific client computer. This method requires changing the default configuration. For additional information, please click the article number below to view the article in the Microsoft Knowledge Base:
231162  How to Map a Port in ICS Using an .inf File
For additional information on Network Address Translation, please see RFC 1631.
On the ICS computer, ports 1-1024 are not specifically blocked, with the exception of TCP port 135 and UDP port 139. Blocking these ports prevents File and Printer Sharing requests (SMB requests) from functioning on the external adapter. This affects incoming and outgoing TCP/IP packets on the ICS computer in the following ways:
Any packet sent by the ICS computer or received from the Internet using a port greater than 1024 requires translation just as any other client computer behind the ICS computer. For example, a packet originating from the ICS computer and the corresponding response packet on port 5000 need to go through the translation process described earlier in this article.
Any packet sent by the ICS computer or received from the Internet using port 1024 or less is sent directly to the Internet or to the program on the ICS computer without being translated. For example, when you open the home page on an ICS computer, a packet is sent on port 80 and goes directly to the Internet without being translated. In addition, a packet received by the ICS computer on port 80 is sent directly to the program on the ICS computer that is actively listening to port 80 (for example, a Web server). For the ICS computer to respond directly to a request on port 1024 or less, a program must be listening for packets on the same port as the request. By default, the ICS computer does not respond to server message block (SMB) requests on ports 135 and 139 because they are blocked.
ICS does not unbind File and Printer Sharing from the external adapter on the ICS computer. Dial-Up Networking (DUN) unbinds File and Printer Sharing from the dial-up adapter where Ethernet adapters (for DSL and cable-modem connections) do not unbind File and Printer Sharing by default. Ports 135 and 139 on the ICS computer are blocked by default on the external adapter to prevent remote computers on the Internet from gaining access to shares and printers on the local network. Blocking these ports does not affect the ICS computer's ability to share files and printers to other computers on the local area network (LAN). Unblocking these ports exposes the local network printers and shares to the Internet and is not recommended.

Source : http://support.microsoft.com/kb/241570

[ AKICK list for #poolside ]

-ChanServ- 1 - God*!*@*
-ChanServ- 2 - *:*!*@athedsl-326652.home.otenet.gr
-ChanServ- 3 - *!*@114.79.5.180
-ChanServ- 4 - erryka*!*@*
-ChanServ- 5 - *!*erryka@*.wateen.net
-ChanServ- 6 - *!*@114.199.104.*
-ChanServ- 7 - *!*@174.143.171.*

[Polisi curigai Citibank punya ruang "PENYIKSAAN" nasabah]

kabarbisnis.com: Kasus meninggalnya nasabah Citibank, Irzen Octa, setelah diinterogasi oleh debt collector bank tersebut menimbulkan kecurigaan tersendiri bagi polisi. Korps baju cokelat itu mencurigai sebuah ruangan di kantor Citibank di Menara Jamsostek, Jakarta yang diduga sebagai tempat khusus untuk menekan nasabah bermasalah, baik secara psikis bahkan fisik. Ruangan yang disebut ruang Cleo itu kini tengah diusut setelah Irzen Octa meninggal pascamasuk ke ruang tersebut untuk menyelesaikan masalah tunggakan kartu kreditnya.

[PKL / Pertolongan Komputer Lelet]

1. Virus
Beberapa hal yang sering dilakukan virus yang dapat memperlambat kinerja komputer adalah meletakkan file-file execution dan menjalankannya tanpa sepengetahuan kita. Proses yang dilakukan oleh file-file virus ini tentu saja memakan resources CPU dan memory. Banyak jenis virus yang membuat duplikat dari sebagian atau bahkan seluruh file kita, sehingga menyebabkan hardisk kita penuh sesak. Hal ini akan menghambat proses reading dan writing pada hardisk. Padahal, setiap kita mengeksekusi komputer kita, selalu terjadi proses reading data dari hardisk.

[India hadang Domain Porno .xxx]

India adalah salah satu negara yang ikut menolak kehadiran domain .xxx. Mengambil langkah lebih jauh, negeri Taj Mahal itu menyatakan bakal menghadang peredaran domain khusus konten porno itu jika sudah digunakan.

Seperti diketahui, pertengahan Maret 2011, Internet Corporation for Assigned Names and Numbers (ICANN) baru saja merestui .xxx sebagai domain yang menampung semua konten berbau porno. Tak ayal, keputusan ini menimbulkan pro dan kontra di berbagai negara.

[5 Lelucon April Mop ala Google ]

Situs search engine populer Google ternyata gemar merayakan April Mop atau April Fools yang jatuh pada 1 April. Lelucon yang dilontarkan oleh situs ini biasanya terkait dirilisnya fitur-fitur baru yang ternyata hanya bahan untuk bercanda saja.

Hampir setiap tahun Google selalu mengeluarkan lelucon April Mop. Bahkan ketika Google merilis Gmail pada 1 April 2004, hal ini dianggap sebagai lelucon oleh para penggiat internet karena seringnya Google berkelakar pada tanggal tersebut. Berikut adalah beberapa lelucon April Mop Google yang terkenal yang dikutip detikINET dari about.com, Jumat (1/4/2011).

[China Tuduh Google Ngemplang Pajak ]

Google yang baru-baru ini menuding pemerintah China sengaja mengacaukan layanan Gmail, kini balik dituduh telah mengemplang pajak melalui tiga perusahaan afiliasinya di China.

Otoritas pajak China menyebutkan, tiga perusahaan yang berafiliasi dengan Google itu diketahui telah menggunakan faktur, laporan akuntansi dan pajak bisnis palsu senilai 40 juta yuan.

"Google sendiri saat ini tengah dalam investigasi mengenai penggelapan pajak. Otoritas kami telah meminta mereka memperbaiki laporan dan mengambil uang seharusnya dibayarkan," ujar juru bicara tersebut seperti dikutip detikINET dari Reuters, Kamis (31/3/2011).

[Google +1]

Google segera membuat para penggunanya menemukan hasil pencarian yang lebih personal dengan memperkenalkan fitur '+1'. Kehadirannya sekaligus menantang fitur 'Like' yang lebih dulu diperkenalkan oleh Facebook.

Tombol +1 mulai diujicoba secara terbatas ke beberapa pengguna mulai hari ini. Keberadaan +1 memungkinkan pengguna berbagai rekomendasi hasil pencarian yang lebih spesifik kepada teman dengan mengkliknya.

Invisible IPv6 Traffic Poses Serious Network Threat

Experts say that most U.S. organizations have hidden IPv6 traffic running across their networks, and that few network managers are equipped to see, manage or block it. Increasingly, this rogue IPv6 traffic includes attacks such as botnet command and controls.

"If you aren't monitoring your network for IPv6 traffic, the IPv6 pathway can be used as an avenue of attack," says Tim LeMaster, director of systems engineering for Juniper's federal group. "What network managers don't understand is that they can have a user running IPv6 on a host and someone could be sending malicious traffic to that host without them knowing it."

Most U.S. network managers are blind to rogue IPv6 traffic because they don't have IPv6-aware firewalls, intrusion detection systems or network management tools. Also, IPv6 traffic is being tunneled over IPv4 connections and appears to be regular IPv4 packets unless an organization has deployed security mechanisms that can inspect tunneled traffic. (See also: 5 of the biggest IPv6-based threats facing CIOs.)

"At least half of U.S. CIOs have IPv6 on their networks that they don't know about, but the hackers do," says Yanick Pouffary, technology director for the North American IPv6 Task Force and an HP Distinguished Technologist. "You can't ignore IPv6. You need to take the minimum steps to secure your perimeter. You need firewalls that understand IPv4 and IPv6. You need network management tools that understand IPv4 and IPv6."

Saving Rachel (A Donovan Creed Crime Novel)
"Although they're not thinking about IPv6, for most of the Fortune 500, it's in their networks anyways," agrees Dave West, director of systems engineering for Cisco's public sector group. "You may not see IPv6 today as a business driver. But like it or not, you are running IPv6 in your network."

IPv6 is the long-anticipated upgrade to the Internet's main communications protocol, known as IPv4. IPv6 features vastly more address space, built-in security and enhanced support for streaming media and peer-to-peer applications. Available for a decade, IPv6 has been slow to catch on in the United States. Now that unallocated IPv4 addresses are expected to run out in 2011, the pressure is on U.S. carriers and corporations to deploy IPv6 in the next few years.

Kindle Wireless Reading Device, Wi-Fi, Graphite, 6" Display with New E Ink Pearl Technology
IPv6-based threats are not well understood, but they are becoming more prominent. For example, the issue of IPv6-based attacks was raised at a June meeting of the National Security Telecommunications Advisory Committee, a high-level industry group that advises the White House about cybersecurity.

Other Page In : http://www.csoonline.com/article/497090/invisible-ipv6-traffic-poses-serious-network-threat?page=2

Windows Security Checklist - Part 6: Invisible Internet Browsing or Talk to the Proxy

by Larry Stevenson, aka Prince_Serendip

First published at CastleCops: January 2, 2005

Revised and Updated: June 20, 2010

No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 6: Invisible Internet Browsing or Talk to the Proxy

It is not as complicated as it may first appear, although there can be a lot of information to absorb. The Security Experts, Malware Removal Specialists, Hardware Experts and MVPs at SpywareHammer can help you if you have questions about any of these techniques.

Invisible Internet Browsing

Each computer on the Internet is marked with its own special IP-address. (IP stands for Internet Protocol.) For cable users you probably have one or two static addresses that rarely change. For High Speed-DSL and Dialup users, you may have dynamic ones which change with each logon or fairly often. On high speed-DSL you can usually change your assigned IP address by turning your modem off, waiting 30 seconds and turning it back on, then reconnecting to your ISP's network. Dynamic IP's can be traced using Reverse-DNS where the network or ISP you are on allows for it. Each Reverse-DNS address is unique. Even if your dynamic IP-address changes, the Reverse-DNS address will remain the same.

Your IP-address allows your ISP and other computers to communicate with your PC. To be completely without an IP-address would be the same as a telephone without a dialtone. There would be no communication, and you would be offline. However, there are ways to mask or encrypt your IP-address.

Proxies are simply servers that connect users to a network. Usually it connects to another network (for example, the Internet) from a local network such as a business or even an ISP (Internet Service Provider). It allows many to access a network with one or several addresses. These servers can be very useful, contributing security, speed and privacy to those who wish to truly enjoy the Internet without giving up their identities.

There's basically three kinds of anonymous proxy services of interest to home users. Public Anonymous Proxy Listings which you can use by selecting, then inserting their addresses and port numbers into your web browser. You can find instructions for doing that with most popular browsers here: Using Proxies. Btw, their instuctions for Internet Explorer 6, apply to 7 and 8 as well. That article also explains about transparent, anonymous, distorting, and high anonymity proxies. Note: Try to avoid using proxy toolbar browser addons as many of these include tracking spyware, rather counterproductive to privacy.

By using an anonymous (http) proxy server, you are using their IP instead of your's to access the Internet. An anonymous proxy removes, masks or encrypts your IP on any requests you make when it passes these along to Internet websites. They talk to the proxy, not to you. For these proxies to be truly effective it is important to disable Java, Javascript and third-party cookies in your browser. If this detracts from your enjoyment then leave them on. Be aware though, that by doing so it is riskier. Additional risks also exist for these types of proxy servers, most especially from unencrypted traffic containing logins and passwords. If the anonymous public proxy you're using belongs to a malicious owner, you could be in trouble. You could likely encounter that kind of thing when using random choices from anonymous proxies lists without checking them to see if they're okay. You can look up IP addresses and whois at a site such as What Is My IP. You can find more such sites by searching for whois in your favorite search engine. Btw, Google is never anonymous. I use Scroogle all the time. Donations to Scroogle help us all, so be generous. As a general rule I stay away from anonymous proxies located in Eastern Europe, Russia, anywhere in Asia, Africa and South America.

Tip ...especially for dialup users: Large downloads can be agonizingly slow on dialup. By connecting to a web proxy server you can speed up the download by having the proxy get the files first, and then give them to you at their speed. You may have to test and expirement to find a server that can do that. You can also search for Premium Link Generator Sites. They have features where you can download large files from file sharing sites. You download the file to their server, then you get it from them. Be careful though, as there are some link/sync sites which offer browser addons that are spyware.

For large downloads, I would strongly advise that you get a Download Manager--even if you're on a high speed connection. These types of programs can resume downloads that have stopped without warning or become broken somehow. They can greatly speed up the download by simultaneously splitting the file into smaller segments and downloading them all at once. My favorite one is Free Download Manager.

Kindle Wireless Reading Device, Wi-Fi, Graphite, 6" Display with New E Ink Pearl Technology

Another kind of anonymous proxy server is accessed via a web page service. There's no need to program your browser. Simply open the web page and insert the URLs/addresses you wish to visit in their search bar. IPHider is one such service, and it's entirely free.

The third way is by means of a VPN, a Virtual Private Network. A few of these are free, but most are subscription based. Please refer to this article: 8 Free VPN Services.

Warning (Tip)...do not try to join security forum boards using an anonymous proxy. You could be banned. They don't trust members who are not forthcoming.

Besides using anonymous proxy servers on the web, you can use a free program that does even more. Proxomitron is shown below.

Proxomitron has these features:

Stop windows that pop-up, pop-under, or pop-over

Stop those un-closable endless banner chains

Stop pop-up JavaScript message boxes

Remove web-branding and other scripts tacked on by "free" web providers.

Convert most ads and banner pictures into simple text links

Freeze all animated gifs

Make blinking text appear as bold instead

Remove slow web counters

Stop web pages from "auto-refreshing"

Prevent pages from changing fonts

Get rid of or replace web page background images

Protect against getting "trapped" inside someone else's frames!

Make all frames resizable

Close top or bottom frame banner windows

Make background MIDI songs play only when you choose.

Remove status bar scroll-texts

Remove "dynamic" HTML from pages

Disguise your browser's identity and version from JavaScripts

Remove style sheets

Un-hide URLs when the mouse is over a link

Disable frames or tables altogether

Change or delete cookies

Change your browser's user-agent and other identifying fields

Hide where you've been previously from inquisitive web servers

Saving Rachel (A Donovan Creed Crime Novel)

For more information please refer to: The Proxomitron - Universal Web Filter

This article is meant to be a general introduction to the use of anonymous proxies, and not a detailed dissertation on the subject. Thanks for reading.

Best regards and always take care of your security!

Source : http://mvp-help.webs.com/apps/blog/show/4076189-windows-security-checklist-part-6-invisible-internet-browsing-or-talk-to-the-proxy