Thread: Very few uploads compared to earlier versions
View Single Post
  #32 (permalink)  
Old November 25th, 2002
LeeWare LeeWare is offline
Valued Member contributor
  
Join Date: August 4th, 2002
Location: Chicago, USA
Posts: 321
LeeWare is a great assister to others; your light through the dark tunnel
Lightbulb A Word About Security
Technically you are not broadcasting your IP address onto the Internet. That language is suggestive and it leads people to believe that their boxes (computers) are actively shouting the ip addresses to the Internet. This is not true. In context, when you force your IP address in LimeWire you are forcing the ip address of your firewall/router (which is NOT your computer!) -Remember this is why no one could upload from you.

Your IP for your computer is probably 192.168.0.x --->router/firewalls-ip->(172.15.x.x.) <- this ip is always public whether you force it or not.

Now, what does happen is this-- when people search for files on Limewire your machine not only returns a lists of files it has but it also returns the ip of where to get those files from, people who have their Limewire software configured to show location can see the ip address of the machines returning the results but, pay attention even if you hide this information a download request would show the ip during the transfer!

Note: Some people fall into the trap of thinking that an ICMP message is the only way someone can tell if a machine is alive or not. This about it this way ICMP message work like this:

Bob is standing in a dark closet. (Your machine on the network!)
Pete is looking or Bob. (Potentially a hacker:-( )
Pete says Bob are you there? (someone looking to see if a machine is alive (ICMP -> PING))
Bob replies Yes I'm here. (i.e. your machine responding to a query=ICMP PING)

The End Now, when you cut off ICMP messages the converstation stops because Bob doesn't respond to Pete.

But, for several years now that more and more machine are not responding (stealth scanning -been around for a while has basically made not responding some what useless in attempt to hide a machine from remote probing.)

Consider our story:

Bob is standing in a dark closet. (Your machine on the network!)
Pete is looking or Bob. (Potentially a hacker:-( )
Pete Throws a Brick in the closet! (someone sending specially formatted data to your computer.)
Bob replies Ouch! (someone listing to the responses!)

Are you safer?


A complete discussion of security is beyond the scope of this thread but the last poster does correctly point out a concern that I am confident has been overlooked by many file-sharers and that is basic computer security.

For those of you that are interested I highly recommend that you do the following:

Goto http://www.dslreports.com/scan

use the tool to scan your machine. If the report comes back with open services that you don't understanding please post your concerns here and I'll help you get that resolved. If the report shows that you have open disks + services send me an email at security(remove_the_no_spam)@leeware.com and I will provide you with some help and information on securing your connection.


Thanks for your cooperation and I hope this helps.
__________________
Lee Evans, President
LeeWare Development
http://www.leeware.com
Reply With Quote