[Dshield] adsl and 2 pcs

Bruce Lilly blilly at erols.com
Mon Jul 16 19:35:14 GMT 2001

> From: Steve Mainwaring <SteveMainwaring at matthewclark.co.uk>
> To: dshield at dshield.org
> Date: Mon, 16 Jul 2001 10:28:56 +0100
> Subject: [Dshield] adsl and 2 pcs
> Reply-To: dshield at dshield.org
> I read its not a good idea to have 2 different firewalls running on same pc,
> how about 2 different firewalls on 2 pcs?
> 1 'internet pc' connected via usb to ADSL. 2nd 'data pc' connected via
> 100base-T using Netbeui. Have Zonealarm on internet pc but nothing on data
> pc. Is this safe? Is it a good idea to put zonealarm on 2nd pc? or some
> other software firewall?

If NETBEUI (an unroutable protocol) is the *only* protocol used on
the Ethernet interface of the data PC and that PC has no 'back door'
for getting IP traffic in or out, then the data PC is safe provided
that there are no security-related bugs in Microsoft's TCP/IP and
NETBEUI implementations and that ZoneAlarm has no similar bugs, and
that there's nothing else on the USB bus that could compromise your
ADSL connection's security.

Of course, there have been such bugs in Microsoft's software in the
past, and I personally do not have enough confidence in it to risk
everything, which is why I use a separate hardware firewall which is
in no way dependent for its operation on anything related to
Microsoft.  Caveat emptor.

Mind you, ZoneAlarm is certainly better than nothing, and is better
than some other software "firewalls", but all such software products
are to some degree dependent on proper functioning of the OS TCP/IP
stack and any security-related bugs therein.  I don't believe that
ZoneAlarm does any detailed filtering of NETBEUI (I may be wrong),
so putting it on the data PC would have no effect (if, as you say,
NETBEUI is the only protocol on that machine).

If Microsoft's OS on your internet PC translates between NETBIOS over
TCP/IP and NETBEUI, and you have NETBIOS over TCP/IP enabled, you
may have a problem.  I would consider that a security bug if such
translation cannot be easily disabled.  By translation, I mean that
NETBEUI traffic from the data PC causes NETBIOS over TCP/IP packets
to be sent out from the internet PC.

There may be issues during the boot-up sequence if the ADSL connection
is up when your internet PC is booted (or reboots after an OS crash)
depending on the order that USB, Ethernet, TCP/IP, NETBEUI, and
ZoneAlarm are activated. Likewise if you boot that PC to DOS, etc.

More information about the list mailing list