Norton firewall blocking local network?

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Two mechines connected through a D-Link router, one is 2000 and the
other is a XP, a printer link to the 2000 mechine. Local network
works fine of both file sharing and printer sharing.

Installed Norton on the XP mechine, things start go wrong from then,
the mechines cann't see each other anymore, even when the firewall was
turned off. The firewall is setting to trust all the non-routable IP
on the home networking setting, and window file and printer sharing
are set as permit.

One odd thing is that the XP mechine can still print stuff to the 2000
printer! But at extremely slower speed, a single page can take upto
10 mins. Before the Norton, the printing from the XP to the 2000
printer was instantaneous.

Any thought and suggestions, please help, Thanks!

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

sodrd8848 schrieb:

> Two mechines connected through a D-Link router, one is 2000 and the
> other is a XP, a printer link to the 2000 mechine. Local network
> works fine of both file sharing and printer sharing.
>
> Installed Norton on the XP mechine, things start go wrong from then,
> the mechines cann't see each other anymore, even when the firewall was
> turned off. The firewall is setting to trust all the non-routable IP
> on the home networking setting, and window file and printer sharing
> are set as permit.
>
> One odd thing is that the XP mechine can still print stuff to the 2000
> printer! But at extremely slower speed, a single page can take upto
> 10 mins. Before the Norton, the printing from the XP to the 2000
> printer was instantaneous.
>
> Any thought and suggestions, please help, Thanks!

Why do you install the firewall if you already have the router which
most likely does already have a firewall? There is usually no use for
the second one except that it slows down your system and has the
potential to make a whole lot of problems, as you see.

I tested NIS on two computers and it has many problems with file
sharing. I mailed Symantec support but they don't have a clue how to fix
it. One problem they seem to have is that they have default blocking
rules that fire and block file sharing before they actually have
identified the network. Once they identified the network it should
actually let everything through as it is related to the trusted network
but for some reason I guess their firewall is so stateful that is
actually remembers that it has blocked file sharing right in the
beginning and thus does it forever. And funniest thing about it: the
problem that the client cannot access the server is related to a firing
incoming rule on the client computer, whoever thought that that is related.

So maybe you get an idea...

Gerald

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

johnlu8848@hotmail.com (sodrd8848) wrote in
news:fef0df2f.0405221059.4da3a704@posting.google.com:

> Two mechines connected through a D-Link router, one is 2000 and the
> other is a XP, a printer link to the 2000 mechine. Local network
> works fine of both file sharing and printer sharing.
>
> Installed Norton on the XP mechine, things start go wrong from then,
> the mechines cann't see each other anymore, even when the firewall was
> turned off. The firewall is setting to trust all the non-routable IP
> on the home networking setting, and window file and printer sharing
> are set as permit.
>
> One odd thing is that the XP mechine can still print stuff to the 2000
> printer! But at extremely slower speed, a single page can take upto
> 10 mins. Before the Norton, the printing from the XP to the 2000
> printer was instantaneous.
>
> Any thought and suggestions, please help, Thanks!
>

If you're looking for that extra bit of security to protect the LAN, then
you can go with IPsec that is on the XP and 2K O/S(s).

The AnalogX SecPol file when implemented will provide the protection
behind the NAT router and it can stop inbound or outbound by port,
protocol, and IP.

It's a piece of cake.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Thank you very much Gerald,

The reason I'm putting up another firewall behind the router is that
something unusual happened to this particular mechine, and I then went
to Gibson's site to do a leadk test, and the Gibson test show that
this particular mechine is leaking, i.e., went on to connected to the
outside world without telling me that, so I thought I may need a
firewall on this mechine too. My understanding to the router hardware
firewall is that it will stop most of the attack from the outside, but
wouldn't be able to detect anything if a horse already exist and
making contact to the outside world, is it correct, or just my
misunderstanding about the router thing?


It seems that you didn't get a straight answer from the Norton guys,
but did you fix the problem by any other means? What I mean is that
did manage to get your local mechines talk to each other again?

Thanks again for you help.

John



Gerald Vogt <vogt@spamcop.net> wrote in message news:<2yNrc.71643$hY.61953@twister.nyroc.rr.com>...
> sodrd8848 schrieb:
>
> > Two mechines connected through a D-Link router, one is 2000 and the
> > other is a XP, a printer link to the 2000 mechine. Local network
> > works fine of both file sharing and printer sharing.
> >
> > Installed Norton on the XP mechine, things start go wrong from then,
> > the mechines cann't see each other anymore, even when the firewall was
> > turned off. The firewall is setting to trust all the non-routable IP
> > on the home networking setting, and window file and printer sharing
> > are set as permit.
> >
> > One odd thing is that the XP mechine can still print stuff to the 2000
> > printer! But at extremely slower speed, a single page can take upto
> > 10 mins. Before the Norton, the printing from the XP to the 2000
> > printer was instantaneous.
> >
> > Any thought and suggestions, please help, Thanks!
>
> Why do you install the firewall if you already have the router which
> most likely does already have a firewall? There is usually no use for
> the second one except that it slows down your system and has the
> potential to make a whole lot of problems, as you see.
>
> I tested NIS on two computers and it has many problems with file
> sharing. I mailed Symantec support but they don't have a clue how to fix
> it. One problem they seem to have is that they have default blocking
> rules that fire and block file sharing before they actually have
> identified the network. Once they identified the network it should
> actually let everything through as it is related to the trusted network
> but for some reason I guess their firewall is so stateful that is
> actually remembers that it has blocked file sharing right in the
> beginning and thus does it forever. And funniest thing about it: the
> problem that the client cannot access the server is related to a firing
> incoming rule on the client computer, whoever thought that that is related.
>
> So maybe you get an idea...
>
> Gerald

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

sodrd8848 schrieb:
> firewall on this mechine too. My understanding to the router hardware
> firewall is that it will stop most of the attack from the outside, but
> wouldn't be able to detect anything if a horse already exist and
> making contact to the outside world, is it correct, or just my
> misunderstanding about the router thing?

Yes. Once you have a trojan, noone can help you anymore, because the
trojan can easily circumvent and software running on your computer
including the firewall. A PFW cannot give you a guarantee that
information cannot be leaked outside. It is just not possible.

The problem just starts the very moment you install the malware, because
malware or whatever else usually doesn't just show up on your computer,
but it comes through either a vulnerability that you haven't patched or
because you run it. (like virus attachments)

> It seems that you didn't get a straight answer from the Norton guys,
> but did you fix the problem by any other means? What I mean is that
> did manage to get your local mechines talk to each other again?

Yes. Deactive NIS...

Gerald

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

John,
I've had a very similar problem with NIS 2004 on W2k. I've finally
got around it by using the Wizard (rather than manual settings) in the
Networking tab when configuring a Trusted Network. This seems to work.
However you have to be administrator for it to run. Furtermore, if you
want a normal user on the machine to be able to see shares, you have to
temporarily give them Administrator rights and use the wizard when
logged in as that normal user. Take away Admin rights when you are
finished.
--
tcrowe
------------------------------------------------------------------------
Posted via http://www.webservertalk.com
------------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message235462.html