Error message in Windows 98 Second Edition

[cquirke (MVP Windows shell/user)]

On Sun, 5 Aug 2007 18:04:02 -0700, Dan wrote:

>Thanks PCR!!! I have a total of 3 MSVCRT.DLL --- they are as follows:
>
>1. ver. 6.10.8637.0 ---- located in c:\windows\system
>2. ver. 6.10.8637.0 ---- located in c:\windows\temp\crfo\drivers\addon
>3. ver. 6.00.8397.0 ---- located in c:\program
>files\creative\sbaudigy\playcenter2

On that, see:

http://cquirke.mvps.org/9x/dllhell.htm

On Win9x in 2G RAM, I'd prolly prefer to install a boss OS (XP or
Vista) and then run the Win9x within a Virtual PC on that -)



>-------------------- ----- ---- --- -- - - - -
Tip Of The Day:
To disable the 'Tip of the Day' feature...
>-------------------- ----- ---- --- -- - - - -

 

[PCR]

"cquirke (MVP Windows shell/user)" <cquirkenews@nospam.mvps.org> wrote
in message news:vaurb3hpuvs66t2fgod9lkrqru190ofn4m@4ax.com
| On Sun, 5 Aug 2007 18:04:02 -0700, Dan wrote:
|
|>Thanks PCR!!! I have a total of 3 MSVCRT.DLL --- they are as follows:
|>
|>1. ver. 6.10.8637.0 ---- located in c:\windows\system
|>2. ver. 6.10.8637.0 ---- located in c:\windows\temp\crfo\drivers\addon
|>3. ver. 6.00.8397.0 ---- located in c:\program
|>files\creative\sbaudigy\playcenter2
|
| On that, see:
|
| http://cquirke.mvps.org/9x/dllhell.htm

I think Dan has gone beyond the pale of a regular DLL-hell & loaded an
XP-irradiated MSVCRT.DLL into the 98 side of his machine! He has
v.6.10.8637.0 in there, & it came in with Audigy drivers. My fully
updated Win98SE has v.6.00.8797.0 only. (At first, I thought mine was
the higher version-- BUT note my "00" where his is "10".

| On Win9x in 2G RAM, I'd prolly prefer to install a boss OS (XP or
| Vista) and then run the Win9x within a Virtual PC on that -)

Yep. He has decided one way or another to re-install or reestablish the
Win98 side. Perhaps doing it this way he may keep his "10". (I don't
know.)

|>-------------------- ----- ---- --- -- - - - -
| Tip Of The Day:
| To disable the 'Tip of the Day' feature...
|>-------------------- ----- ---- --- -- - - - -

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp@netzero.net

 

[Dan]

Thanks for the suggestion, Chris. I will do that if limiting the memory in
the msconfig is not successful.

"cquirke (MVP Windows shell/user)" wrote:

> On Sun, 5 Aug 2007 18:04:02 -0700, Dan wrote:
>
> >Thanks PCR!!! I have a total of 3 MSVCRT.DLL --- they are as follows:
> >
> >1. ver. 6.10.8637.0 ---- located in c:\windows\system
> >2. ver. 6.10.8637.0 ---- located in c:\windows\temp\crfo\drivers\addon
> >3. ver. 6.00.8397.0 ---- located in c:\program
> >files\creative\sbaudigy\playcenter2
>
> On that, see:
>
> http://cquirke.mvps.org/9x/dllhell.htm
>
> On Win9x in 2G RAM, I'd prolly prefer to install a boss OS (XP or
> Vista) and then run the Win9x within a Virtual PC on that -)
>
>
>
> >-------------------- ----- ---- --- -- - - - -
> Tip Of The Day:
> To disable the 'Tip of the Day' feature...
> >-------------------- ----- ---- --- -- - - - -
>

 

[Dan]

I give everyone my warmest thanks and appreciation in helping to give me
advice in regards to Windows 98 Second Edition. Hopefully, the final post in
this thread. <grin>

"cquirke (MVP Windows shell/user)" wrote:

> On Sun, 05 Aug 2007 15:44:07 -0400, 98 Guy wrote:
> >MEB wrote:
>
> >There are 2 aspects of firewall functionality.
>
> >1) Inbound handling of unsolicited data packets
>
> >2) Outbound handling of packets from unauthorized or
> > unrecognized local processes.
>
> >A NAT-router handles #1 IN ALL CASES, be they TCP or UDP. And it
> >handles this for all computers connected to it on the local LAN. It
> >is very efficient at doing this, and it does it in a secure manner.
>
> >A software firewall performs both 1 and 2, but only on ONE computer.
>
> (or rather, on each computer on which it is running)
>
> >If you have more than one computer on a local lan, you already have
> >NAT, so you are already protected for #1.
>
> Not always. A router can be configured to act as a dumb bridge, so
> that it passes the ISP's Internet-accessible IP address directly to
> the PC it is connected to. When this happens, it may as well be an
> "ADSL modem", as it's not NAT-routing at all.
>
> In this scenario, things change as follows:
> - the PC that is assigned the IP address, is the router
> - other PCs connect via this PC using Internet Connection Sharing
> - the PC's sware firewall now acts to manage theier traffic as well?
>
> So it's not only important to have a NAT router, but to have that
> router act AS a NAT router.
>
> Broadband other than ADSL (satellite, ?cable) may work more like a USB
> ADSL modem, i.e. lack the NAT routing component, acting as above.
>
> >Function #1 is a bona-fide protection mechanism that prevents some
> >systems from being comprimized (this almost never applies to
> >windows-98 anyways, but it applied almost 100% to Windows 2K, XP-gold
> >and XP-SP1). Function #1 ->IS<- protection.
>
> True.
>
> >Function #2 IS NOT protection. Function #2 is an alert mechanism.
> >Unless it's a false alarm, #2 tells you that YOUR SYSTEM IS ALREADY
> >COMPRIMIZED IN SOME WAY.
>
> True, in a way. It's more useful as a way of curbing unwanted or
> unexpected behavior of wanted software, e.g. the free screensaver that
> "calls home", etc. which can be a useful thing in its own right.
>
> >Function #2 is also a pain in the ass to configure and live with.
>
> True, also. It's in the same class of monitoring/alertware as PrevX,
> All-Seeing-Eye and UAC - quite a different usage profile from #1.
>
> >Because function #2 is only provided by a software firewall, it
> >can be deactivated by malware or by misconfiguration by the user.
>
> True, plus it can be spoofed in various ways.
>
> >In real life, there are always unwanted / unsolicited packets
> >hammering away at your internet connection (item #1) so it's a given
> >that they are more of a threat and should be delt with - moreseo than
> >dealing with #2. It is MORE important to deal with #1 vs #2
>
> I'd agree with that. I'd say #1 is something every user should have,
> and the less the user knows, the more it is needed. In contrast, #2
> is more useful for users with an interest in knowning what is going
> on as it's more visible, it's more of a source of "warm fuzzies".
>
> >If you were to prioritize the various security appliances, software
> >and settings you could obtain to insure a safe computing experience,
> >the first item on the list is a NAT-router. Even if you have only 1
> >computer and you don't need the ability to have a local LAN, a
> >nat-router will perform your internet log-in for you and will maintain
> >your internet connection even when your computer is off. This means
> >you don't need to run buggy or troublesome ISP login software
>
> Such software often dumbs down the router to act as a bridge, via a
> fake "dial-up connection" type of icon.
>
> >Once you have a NAT-router, you have item #1 covered.
>
> In the context of the Internet, yes. But not in the context of the
> LAN side of the router, which is relevant if one of the PCs on the LAN
> is compromised, and especially relevant if your LAN is open to WiFi
> access (and intrusion). This is where the software firewall's #1
> effect becomes highly relevant, and why I would insist on such a
> firewall even when a physical NAT router is in use.
>
> >I place #2 far down the list of important functions, I have other items
> >next (like a hosts file, locking down browsers with spybot and spyware
> >blaster, updating JAVA JRE engine, etc). At the bottom I place
> >anti-virus software (it is close to becoming useless these days)
>
> I'd disagree there. It's always been leaky as a sole protection
> component, but it is still useful as a "tubour de-bulking" tool.
>
> If your #1 firewall is you first layer of protection, then your av is
> your goalie of last resort - and useful as such.
>
> >software firewall (or more specificaly, item #2) at the very bottom
> >(I don't run one, I never have and never will).
>
> I do use #2 in some contexts, and have found it useful. But like av,
> I have no illusions that it is an impenitrable armour that lets me get
> away with acting like a click-happy moron -)
>
> Typically I use #2 as a replacement for the built-in XP firewall when
> that has been FUBAR'd by malware that's been cleaned up.
>
> >> Moreover, he also thinks the Microsoft's XP firewall will
> >> provide some sort of protection, should he need it.
>
> >The software firewall built into XP is ONLY an incoming firewall.
>
> It's not, actually. It's not an alert hog, and may or may not be as
> powerful on #2 as those that are, but you certainly can set it to
> block egress for particular items, and I use it as such. For example,
> I'll have it block F&PS, Remote Desktop, Remote Assistance etc. where
> I do not want these functions exposed to the Internet.
>
> >Assuming it works correctly at all times, it is exactly equivalent
> >to what a NAT-router does. But because it is a process running
> >on the local machine, it is vulnerable to being tampered with or
> >being deactivated by malware, and for that reason it is inferior
> >to a NAT-router.
>
> Routers can be hacked too, but as there's more variation between
> these, they are less attractive as a point of attack. OTOH, if they
> are considered to be invulnerable objects, they can be more attractive
> as a potential point of exploit against actively-managed systems.
>
> >A NAT-router is THE FIRST THING YOU NEED.
>
> Along with destruction or very careful setup of all wireless access..
>
>
>
> >--------------- ----- ---- --- -- - - -
> Tech Support: The guys who follow the
> 'Parade of New Products' with a shovel.
> >--------------- ----- ---- --- -- - - -
>

 

[98 Guy]

MEB, why aren't you participating in this discussion? Could it be
that you have no clue how effective a NAT-router is, and how it
duplicates the most useful aspects of a software firewall without the
hassle?

"cquirke (MVP Windows shell/user)" wrote:

> > If you have more than one computer on a local lan, you already
> > have NAT, so you are already protected for #1.
>
> Not always. A router can be configured to act as a dumb bridge,
> so that it passes the ISP's Internet-accessible IP address
> directly to the PC it is connected to.

My explanation pertains to the typical broadband SOHO situation where
a single static or dynamic IP is being used by one or perhaps a dozen
machines on a local lan and the NAT aspect of the router is in use.
Which I would guess pertains to 99.999% of the readers of this group.

> > Function #2 IS NOT protection. Function #2 is an alert
> > mechanism.
>
> True, in a way. It's more useful as a way of curbing unwanted
> or unexpected behavior of wanted software,

Yes, I agree with that. Which is why I feel that the out-bound
monitoring that a software firewall does is more suited for the
curiosity or control needs of a "power-user" rather than the security
needs of the average user.

> > Once you have a NAT-router, you have item #1 covered.
>
> In the context of the Internet, yes. But not in the context
> of the LAN side of the router, which is relevant if one of
> the PCs on the LAN is compromised,

This really depends on what OS the various machines on the LAN are
running - what services are running, what is being shared, what is the
malware that now has access to the local lan, etc. Since NT-based
OS's are more vulnerable, and since XP has it's own firewall, then
that risk is already mitigated. Since 98 is relatively invulnerable
to network exploits, again the risk is low. Five years ago, we might
be talking about the benefits of running a software firewall on win-2k
systems that are part of a multi-system lan - and that's a whole other
ballgame.

> I do use #2 in some contexts, and have found it useful.

It may be useful in that it tells you about the behavior of known-good
software, but for most people that is not why they are told they need
a software firewall.

> > The software firewall built into XP is ONLY an incoming
> > firewall.
>
> It's not, actually.

Yes it is.

http://support.microsoft.com/kb/320855

That KB talks only about the in-bound or unsolicited incoming
monitoring that the XP firewall does.

http://pctechshield.com/ICF.htm

"Basically the first best line of defense from Internet
Scanners and hackers is a $50 Router which can also
shield your I.P. Address and allow instant connection
for multiple computers."

Did you read that, MEB?

"Since Internet Connection Firewall provides inbound
protection only, if you have concerns about programs
that “phone home” or send outbound data to an unknown
destination over the Internet, you may want to consider
a third–party firewall."

Again another reference to XP's firewall being an inbound-only
firewall.

> Routers can be hacked too,

I don't believe there have been any documented examples of circulating
malware that hacks into routers - for example to alter their
configuration, to open ports, etc.

> > A NAT-router is THE FIRST THING YOU NEED.
>
> Along with destruction or very careful setup of all
> wireless access..

Locking down a WIFI adapter is critical.

Given that this is a win-98 newsgroup, wifi and win-98 don't usually
go together, especially not for a desktop machine or network of
machines. WiFi should be disabled on a NAT-router serving a 100%
wired network of machines - or better yet don't buy a NAT-router with
wifi for such a network.

 

[98 Guy]

MEB wrote:

> Look limp brain, why don't you finish your hard drive
> discussion, what's the problem, can't figure it out...
> need some help....

What exactly are you expecting?

What tests are you waiting for me to perform?

 

[MEB]

"98 Guy" <98@Guy.com> wrote in message news:46C11B60.91C7F789@Guy.com...
| MEB, why aren't you participating in this discussion? Could it be
| that you have no clue how effective a NAT-router is, and how it
| duplicates the most useful aspects of a software firewall without the
| hassle?


Look dimwit, look at the web pages on my site,, try to actually READ them.
Just as all pages are on the site, they are limited BY DESIGN to
Fleish-Kincaid Grade Level 10 so even you SHOULD be able to understand
them...

http://peoplescounsel.orgfree.com/ref/gen/security/firewalls.htm
http://peoplescounsel.orgfree.com/ref/gen/security/spyware.htm
http://peoplescounsel.orgfree.com/ref/gen/security/certs_install.htm
http://peoplescounsel.orgfree.com/ref/gen/security/NETWORKING.htm
http://peoplescounsel.orgfree.com/ref/gen/security/antivirus.htm


BTW: I see your still trying to act like you know something SOMEWHERE,
shall I post where to look, where you post, where you live, your
identification numbers, your postal address?

Also, don't create *OUT OF THIN AIR* things I supposedly said as you did
for this segment... you may not be able to read and understand, but others
can..


Finish your hard drive discussion ... see if you can make yourself appear
somewhat intelligent ...


Oh, since your such an expert, describe exactly how a NAT works, why it is
called a NAT, what functions it can also provide, its circuitry, how its
firewall activities are established, what is the best rate router, and other
relevant material,,, please do, the world awaits your extensive knowledge
,,,, hehehehehe

--
MEB
http://peoplescounsel.orgfree.com
________


|
| "cquirke (MVP Windows shell/user)" wrote:
|
| > > If you have more than one computer on a local lan, you already
| > > have NAT, so you are already protected for #1.
| >
| > Not always. A router can be configured to act as a dumb bridge,
| > so that it passes the ISP's Internet-accessible IP address
| > directly to the PC it is connected to.
|
| My explanation pertains to the typical broadband SOHO situation where
| a single static or dynamic IP is being used by one or perhaps a dozen
| machines on a local lan and the NAT aspect of the router is in use.
| Which I would guess pertains to 99.999% of the readers of this group.
|
| > > Function #2 IS NOT protection. Function #2 is an alert
| > > mechanism.
| >
| > True, in a way. It's more useful as a way of curbing unwanted
| > or unexpected behavior of wanted software,
|
| Yes, I agree with that. Which is why I feel that the out-bound
| monitoring that a software firewall does is more suited for the
| curiosity or control needs of a "power-user" rather than the security
| needs of the average user.
|
| > > Once you have a NAT-router, you have item #1 covered.
| >
| > In the context of the Internet, yes. But not in the context
| > of the LAN side of the router, which is relevant if one of
| > the PCs on the LAN is compromised,
|
| This really depends on what OS the various machines on the LAN are
| running - what services are running, what is being shared, what is the
| malware that now has access to the local lan, etc. Since NT-based
| OS's are more vulnerable, and since XP has it's own firewall, then
| that risk is already mitigated. Since 98 is relatively invulnerable
| to network exploits, again the risk is low. Five years ago, we might
| be talking about the benefits of running a software firewall on win-2k
| systems that are part of a multi-system lan - and that's a whole other
| ballgame.
|
| > I do use #2 in some contexts, and have found it useful.
|
| It may be useful in that it tells you about the behavior of known-good
| software, but for most people that is not why they are told they need
| a software firewall.
|
| > > The software firewall built into XP is ONLY an incoming
| > > firewall.
| >
| > It's not, actually.
|
| Yes it is.
|
| http://support.microsoft.com/kb/320855
|
| That KB talks only about the in-bound or unsolicited incoming
| monitoring that the XP firewall does.
|
| http://pctechshield.com/ICF.htm
|
| "Basically the first best line of defense from Internet
| Scanners and hackers is a $50 Router which can also
| shield your I.P. Address and allow instant connection
| for multiple computers."
|
| Did you read that, MEB?
|
| "Since Internet Connection Firewall provides inbound
| protection only, if you have concerns about programs
| that "phone home" or send outbound data to an unknown
| destination over the Internet, you may want to consider
| a third-party firewall."
|
| Again another reference to XP's firewall being an inbound-only
| firewall.
|
| > Routers can be hacked too,
|
| I don't believe there have been any documented examples of circulating
| malware that hacks into routers - for example to alter their
| configuration, to open ports, etc.
|
| > > A NAT-router is THE FIRST THING YOU NEED.
| >
| > Along with destruction or very careful setup of all
| > wireless access..
|
| Locking down a WIFI adapter is critical.
|
| Given that this is a win-98 newsgroup, wifi and win-98 don't usually
| go together, especially not for a desktop machine or network of
| machines. WiFi should be disabled on a NAT-router serving a 100%
| wired network of machines - or better yet don't buy a NAT-router with
| wifi for such a network.

 

[MEB]

"98 Guy" <98@Guy.com> wrote in message news:46C11BDE.6CC265E@Guy.com...
| MEB wrote:
|
| > Look limp brain, why don't you finish your hard drive
| > discussion, what's the problem, can't figure it out...
| > need some help....
|
| What exactly are you expecting?
|
| What tests are you waiting for me to perform?


Gee, let's see, in your other discussions you expounded upon how you proofed
the 4k *no cluster problem* with large drives aspects, and in your last you
finally discovered there must be a problem... so EXACTLY where is the
breaking
point for 4k clusters and Win98, the WORLD wants to know ...

What is the MAXIMUM hard drive size you have tested and proofed as working
in Win98 and the LARGEST partition size...

Let's see, in your prior discussions you claimed you had tested the aspects
of large hard drives running in DOS compatibility mode being able to
function perfectly.. ah where was that proof...

More over, describe in detail how the functions within Win98 worked upon
those large files you were supposedly using,, was there any difficulty
working with, deleting, copying, opening, editing, and other like activity
with those massive files?

Shortly after those original hard drive postings, you expounded upon and
bragged about downloading and installing illegal
software upon your computer - VISTA wasn't it... so where did your Win98
proofing box go,, and how long did you test it... hmm

I see your having difficulties with a sound card,, oh wait that's somewhere
else ... so let's see you'll return to this group next as a supposed sound
card expert right .. . . .

Hmm, do you have ANY computers that are fully functioning? How about with
newer boards???

And since it is doubtful that you would actually posts factually, please
supply some verifiable parties who can swear to actually having seen you
personally perform these findings and tests.

Must I also remind you, when you first posted in here, you were not posting
supposedly anonymous.

--
MEB
http://peoplescounsel.orgfree.com
________

 

[98 Guy]

MEB wrote:
>
> | MEB, why aren't you participating in this discussion?
>
> Look dimwit, look at the web pages on my site

No, I'm not going to have a discussion with a bunch of web links.

Put your rebuttal to my postings into YOUR OWN WORDS. Stop hiding
behind a bunch of links. If you have a counter argument to anything
I've posted, then formulate it in your own words and say it right
here, right now.

 

[Franc Zabkar]

On Sat, 11 Aug 2007 19:57:27 +0200, "cquirke (MVP Windows shell/user)"
<cquirkenews@nospam.mvps.org> put finger to keyboard and composed:

>On Sun, 05 Aug 2007 15:44:07 -0400, 98 Guy wrote:

>>If you have more than one computer on a local lan, you already have
>>NAT, so you are already protected for #1.
>
>Not always. A router can be configured to act as a dumb bridge, so
>that it passes the ISP's Internet-accessible IP address directly to
>the PC it is connected to. When this happens, it may as well be an
>"ADSL modem", as it's not NAT-routing at all.

That is the default configuration of the D-Link DSL-302G modems that
were supplied by my former ISP, Optusnet. In fact many of the
router/firewall functions in the firmware have been crippled. I
suspect that most people would not be network savvy (including me),
which means that most of Optusnet's user base would probably benefit
from a software firewall.

- Franc Zabkar
--
Please remove one 'i' from my address when replying by email.

 

[98 Guy]

Franc Zabkar wrote:

> That is the default configuration of the D-Link DSL-302G modems
> that were supplied by my former ISP, Optusnet. In fact many of
> the router/firewall functions in the firmware have been crippled.

Do those modems have multiple LAN ports? If not, then they clearly do
not need to impliment NAT functionality inside the modem. If they do
have multiple LAN ports, then I can't see how those ports would be
functional without NAT being enabled.

ISP's have historically been the owner of their own fate for the fact
that they supplied modems to customers with NAT intentionally turned
off. It is well known that such a decision was made to enable the ISP
to charge customers an extra monthly fee for performing security or
firewall services on their end. By not enabling the NAT function,
they insured that many of their customers would become infected back
in 2002 through 2004 because of the vulnerability of Win-XP during
those years.

In any case, for anyone that has a broadband modem with only one LAN
port (ie a modem without NAT functionality), the use of a $25 to $50
NAT-router is highly recommended as the first security-related
purchase made by the customer. In addition to acting as an in-bound
firewall, A NAT-router is very useful for it's other functional
aspects (connection login and keep-alive, sharing the internet
connection with other computers and therefor forming a secure internal
LAN, etc).

> which means that most of Optusnet's user base would probably
> benefit from a software firewall.

They would benefit even more if their first acquisition was a
NAT-router instead of a software firewall.

A nat-router is plug'n'play. A software firewall is a pain in the ass
to configure and live with.

 

[Franc Zabkar]

On Fri, 17 Aug 2007 10:10:20 -0400, 98 Guy <98@Guy.com> put finger to
keyboard and composed:

>Franc Zabkar wrote:
>
>> That is the default configuration of the D-Link DSL-302G modems
>> that were supplied by my former ISP, Optusnet. In fact many of
>> the router/firewall functions in the firmware have been crippled.
>
>Do those modems have multiple LAN ports?

There is one Ethernet port and one USB port.

> If not, then they clearly do
>not need to impliment NAT functionality inside the modem. If they do
>have multiple LAN ports, then I can't see how those ports would be
>functional without NAT being enabled.

I have enabled NAT:
http://www.users.on.net/~fzabkar/DSL-302G/MainPages/NAT.htm

Here is a compilation of photos, notes, utilities, router
pages/scripts/files:
http://www.users.on.net/~fzabkar/DSL-302G/

The abovementioned files were captured via FTP.

This is a photo of the PCB:
http://www.users.on.net/~fzabkar/DSL-302G/Photos/PCB_Component.jpg

Notice that the artwork has checkboxes for Modem and Router, and that
the router checkbox is not ticked.

A Dynalink RTA100 modem appears to be very similar, if not identical,
from a hardware perspective. However it has a fully featured firewall
and NAT router. In fact some people have reportedly flashed the RTA100
firmware into the DSL-302G.

**** Please be aware that the RTA100+ has a different AFE chip and is
not firmware compatible.

http://www.dynalink.com.au/products/rta100.htm
http://www.dynalink.com.au/Products/Rta100+/Brochure.pdf

>ISP's have historically been the owner of their own fate for the fact
>that they supplied modems to customers with NAT intentionally turned
>off. It is well known that such a decision was made to enable the ISP
>to charge customers an extra monthly fee for performing security or
>firewall services on their end. By not enabling the NAT function,
>they insured that many of their customers would become infected back
>in 2002 through 2004 because of the vulnerability of Win-XP during
>those years.
>
>In any case, for anyone that has a broadband modem with only one LAN
>port (ie a modem without NAT functionality), the use of a $25 to $50
>NAT-router is highly recommended as the first security-related
>purchase made by the customer. In addition to acting as an in-bound
>firewall, A NAT-router is very useful for it's other functional
>aspects (connection login and keep-alive, sharing the internet
>connection with other computers and therefor forming a secure internal
>LAN, etc).

All the modem configurations I've seen perform transparent automatic
logins on power-up. This makes me wonder whether a machine is
vulnerable soon after bootup before the software firewall has started.

BTW, I manually login and logout, and I intentionally chose an ISP
with a dynamic rather than static IP.

>> which means that most of Optusnet's user base would probably
>> benefit from a software firewall.
>
>They would benefit even more if their first acquisition was a
>NAT-router instead of a software firewall.

Optus provides a bundled product, as do many ISPs. Their users don't
know any different.

In fact the modem's browser interface has been replaced by a dumbed
down version. The original "techy" interface is still there, but you
need to know where it is.

>A nat-router is plug'n'play.

Then how do you explain the plethora of "Port Forwarding" pages
devoted to setting up one's router for Bit Torrent, etc?

>A software firewall is a pain in the ass
>to configure and live with.

My brother's machine was infected by BadTrans, the first (?) malware
to successfully challenge the tenet that one's machine could not
become infected just by reading one's email. Fortunately ZoneAlarm
prevented BadTrans from calling home.

You can disparage software firewalls as much as you like, but my
experience has convinced me that they are an indispensable component
of any security suite. BTW, ZA is relatively painless to install and
configure. It may be a PITA to uninstall, though.

- Franc Zabkar
--
Please remove one 'i' from my address when replying by email.

 

[98 Guy]

Franc Zabkar wrote:

> A Dynalink RTA100 modem appears to be very similar, if not
> identical, from a hardware perspective. However it has a
> fully featured firewall and NAT router.

You can't say that an external device has both a "fully-featured
firewall" AND "NAT Router".

If by "fully-featured" you mean both inbound and outbound firewall,
note that any external device (a modem, a router, etc) can't perform
outbound fire-walling.

> All the modem configurations I've seen perform transparent
> automatic logins on power-up.

They can't do that unless they have the customer's ID and password
burned into their system (firmware, NV-ram, etc). I've never heard of
a modem coming to a customer with that information already burned or
loaded into them. Instead, it was typical for an ISP to supply some
software (PPPOE login utility) where the PC supplied the modem with
the necessary network login information. I'm not sure how common that
software became since win-XP became widely used (since XP has native
support for PPPOE).

> BTW, I manually login and logout, and I intentionally chose an
> ISP with a dynamic rather than static IP.

To each his own. You obviously have only one machine with internet
access, because if you had more than one you would have to have a
router of some sort.

> Optus provides a bundled product, as do many ISPs. Their users
> don't know any different.

By bundled, do you mean modem and software firewall?

> >A nat-router is plug'n'play.
>
> Then how do you explain the plethora of "Port Forwarding"
> pages devoted to setting up one's router for Bit Torrent,
> etc?

For the 99.99% of people that don't do torrents, a nat-router is
plug-and-play. For the relatively few that do torrents, sure they
have to poke a hole in their router's port list - but they'd have to
do the same thing if they had a software firewall. So what's your
point?

> My brother's machine was infected by BadTrans, the first
> (?) malware to successfully challenge the tenet that one's
> machine could not become infected just by reading one's
> email.
>
> Fortunately ZoneAlarm prevented BadTrans from calling home.

Why didn't his AV software pick it up first?

Badtrans (or any malware) could have just as easily deactivated
ZoneAlarm before it phoned home. Practically all such malware will
attempt to deactivate your AV and firewall software.

> You can disparage software firewalls as much as you like, but
> my experience has convinced me that they are an indispensable
> component of any security suite.

Ask anyone who even remotely understands networking. They will say
the most important item is a NAT-router. You can't tell me that a
software firewall trumps a NAT-router. If you want to add a software
firewall AFTER you get a NAT-router, that's your choice. If you use a
software firewall IN PLACE OF a nat-router, well that's a dumb choice.

 

[MEB]

Franc, your wasting your time. Those files will likely not be looked at.
98Guy wouldn't know what was there anyway, and wouldn't understand it.

As I have said before, Google this entity,,, note the questions placed in
one forum,, and supposed expert advise supplied by 98Guy resultant to those
answers previously received which are then placed in others.
Hardware and electronics are well beyond the capabilities of 98Guy ..
chips, functions, and the like software aspects [limitations, interactions,
etc.] networks and networking, are ALL apparently a far off planet to
98Guy.

Look at everything put in this group and here in this supposed discussion.
What does this show?
Someone who lacks any concept or understanding of issues attempted at
discussion.

Just another lost soul searching for recognition for SOMETHING.


--
MEB
http://peoplescounsel.orgfree.com
________


"Franc Zabkar" <fzabkar@iinternode.on.net> wrote in message
news:7pbcc35vl2f3nh0ssmoaj4mhae8oip1qp6@4ax.com...
| On Fri, 17 Aug 2007 10:10:20 -0400, 98 Guy <98@Guy.com> put finger to
| keyboard and composed:
|
| >Franc Zabkar wrote:
| >
| >> That is the default configuration of the D-Link DSL-302G modems
| >> that were supplied by my former ISP, Optusnet. In fact many of
| >> the router/firewall functions in the firmware have been crippled.
| >
| >Do those modems have multiple LAN ports?
|
| There is one Ethernet port and one USB port.
|
| > If not, then they clearly do
| >not need to impliment NAT functionality inside the modem. If they do
| >have multiple LAN ports, then I can't see how those ports would be
| >functional without NAT being enabled.
|
| I have enabled NAT:
| http://www.users.on.net/~fzabkar/DSL-302G/MainPages/NAT.htm
|
| Here is a compilation of photos, notes, utilities, router
| pages/scripts/files:
| http://www.users.on.net/~fzabkar/DSL-302G/
|
| The abovementioned files were captured via FTP.
|
| This is a photo of the PCB:
| http://www.users.on.net/~fzabkar/DSL-302G/Photos/PCB_Component.jpg
|
| Notice that the artwork has checkboxes for Modem and Router, and that
| the router checkbox is not ticked.
|
| A Dynalink RTA100 modem appears to be very similar, if not identical,
| from a hardware perspective. However it has a fully featured firewall
| and NAT router. In fact some people have reportedly flashed the RTA100
| firmware into the DSL-302G.
|
| **** Please be aware that the RTA100+ has a different AFE chip and is
| not firmware compatible.
|
| http://www.dynalink.com.au/products/rta100.htm
| http://www.dynalink.com.au/Products/Rta100+/Brochure.pdf
|
| >ISP's have historically been the owner of their own fate for the fact
| >that they supplied modems to customers with NAT intentionally turned
| >off. It is well known that such a decision was made to enable the ISP
| >to charge customers an extra monthly fee for performing security or
| >firewall services on their end. By not enabling the NAT function,
| >they insured that many of their customers would become infected back
| >in 2002 through 2004 because of the vulnerability of Win-XP during
| >those years.
| >
| >In any case, for anyone that has a broadband modem with only one LAN
| >port (ie a modem without NAT functionality), the use of a $25 to $50
| >NAT-router is highly recommended as the first security-related
| >purchase made by the customer. In addition to acting as an in-bound
| >firewall, A NAT-router is very useful for it's other functional
| >aspects (connection login and keep-alive, sharing the internet
| >connection with other computers and therefor forming a secure internal
| >LAN, etc).
|
| All the modem configurations I've seen perform transparent automatic
| logins on power-up. This makes me wonder whether a machine is
| vulnerable soon after bootup before the software firewall has started.
|
| BTW, I manually login and logout, and I intentionally chose an ISP
| with a dynamic rather than static IP.
|
| >> which means that most of Optusnet's user base would probably
| >> benefit from a software firewall.
| >
| >They would benefit even more if their first acquisition was a
| >NAT-router instead of a software firewall.
|
| Optus provides a bundled product, as do many ISPs. Their users don't
| know any different.
|
| In fact the modem's browser interface has been replaced by a dumbed
| down version. The original "techy" interface is still there, but you
| need to know where it is.
|
| >A nat-router is plug'n'play.
|
| Then how do you explain the plethora of "Port Forwarding" pages
| devoted to setting up one's router for Bit Torrent, etc?
|
| >A software firewall is a pain in the ass
| >to configure and live with.
|
| My brother's machine was infected by BadTrans, the first (?) malware
| to successfully challenge the tenet that one's machine could not
| become infected just by reading one's email. Fortunately ZoneAlarm
| prevented BadTrans from calling home.
|
| You can disparage software firewalls as much as you like, but my
| experience has convinced me that they are an indispensable component
| of any security suite. BTW, ZA is relatively painless to install and
| configure. It may be a PITA to uninstall, though.
|
| - Franc Zabkar
| --
| Please remove one 'i' from my address when replying by email.

 

[Franc Zabkar]

On Sat, 18 Aug 2007 10:32:03 -0400, 98 Guy <98@Guy.com> put finger to
keyboard and composed:

>Franc has some cheap-ass modem that
>doesn't need to impliment NAT internally because it only has 1 LAN
>port so his ISP saved a buck or two when they orderd a few million of
>them for their customer base.

As stated elsewhere, it has two LAN ports, USB and Ethernet.

It *does* implement NAT internally, but is delivered with NAT
disabled. I have since enabled it.

A Dynalink RTA100 modem/router has exactly the same hardware, but its
firmware includes support for firewalling and many other features.

- Franc Zabkar
--
Please remove one 'i' from my address when replying by email.

 

[Franc Zabkar]

On Fri, 17 Aug 2007 21:32:50 -0400, 98 Guy <98@Guy.com> put finger to
keyboard and composed:

>Franc Zabkar wrote:
>
>> A Dynalink RTA100 modem appears to be very similar, if not
>> identical, from a hardware perspective. However it has a
>> fully featured firewall and NAT router.
>
>You can't say that an external device has both a "fully-featured
>firewall" AND "NAT Router".

Well, this is what I see when I attempt to access the disabled
firewall menu:

http://www.users.on.net/~fzabkar/DSL-302G/MainPages/FireWall.htm

OTOH, a Dynalink RTA100 using the same chipset allows access to all
the settings. See pages 50-61 in this document:

http://www.dynalink.com.au/Products/Rta100/Usermanual.pdf

There is a section entitled "IP Filter Configuration". It states that
"the IP filter feature enables you to create rules that control the
forwarding of incoming and outgoing data between your LAN and the
Internet".

>If by "fully-featured" you mean both inbound and outbound firewall,
>note that any external device (a modem, a router, etc) can't perform
>outbound fire-walling.

But a software firewall can. That sounds like as good a reason as any
to install one. Anyway, see my reference to IP filtering above.

>> All the modem configurations I've seen perform transparent
>> automatic logins on power-up.
>
>They can't do that unless they have the customer's ID and password
>burned into their system (firmware, NV-ram, etc). I've never heard of
>a modem coming to a customer with that information already burned or
>loaded into them. Instead, it was typical for an ISP to supply some
>software (PPPOE login utility) where the PC supplied the modem with
>the necessary network login information. I'm not sure how common that
>software became since win-XP became widely used (since XP has native
>support for PPPOE).

My modem has a built-in PPPoE client. When the modem was delivered, I
had to supply the username and password, after which it was stored in
NVRAM. When I said that the modem performs automatic logins on
power-up, I meant that the modem's default behaviour is to
"automatically connect to the Internet at startup":

http://www.users.on.net/~fzabkar/DSL-302G/MainPages/Connection_Status.htm

>> BTW, I manually login and logout, and I intentionally chose an
>> ISP with a dynamic rather than static IP.
>
>To each his own. You obviously have only one machine with internet
>access, because if you had more than one you would have to have a
>router of some sort.

The modem can support two machines, one via USB, the second via
Ethernet. There are plenty of people who are using such a
configuration (see http://forums.whirlpool.net.au/).

>> Optus provides a bundled product, as do many ISPs. Their users
>> don't know any different.
>
>By bundled, do you mean modem and software firewall?

No, I mean that Optus provides the service plus a modem, two filters,
and a setup CD.

>> >A nat-router is plug'n'play.
>>
>> Then how do you explain the plethora of "Port Forwarding"
>> pages devoted to setting up one's router for Bit Torrent,
>> etc?
>
>For the 99.99% of people that don't do torrents, a nat-router is
>plug-and-play. For the relatively few that do torrents, sure they
>have to poke a hole in their router's port list - but they'd have to
>do the same thing if they had a software firewall. So what's your
>point?

My point is that a NAT router is not "plug and play". There may be
times when you will need to intervene manually.

>> My brother's machine was infected by BadTrans, the first
>> (?) malware to successfully challenge the tenet that one's
>> machine could not become infected just by reading one's
>> email.
>>
>> Fortunately ZoneAlarm prevented BadTrans from calling home.
>
>Why didn't his AV software pick it up first?

I don't know. In any case, heuristic analysis notwithstanding, there
is always a window of opportunity before new malware is detected by AV
software.

>Badtrans (or any malware) could have just as easily deactivated
>ZoneAlarm before it phoned home.

The fact is that Badtrans did not deactivate the firewall.

>Practically all such malware will
>attempt to deactivate your AV and firewall software.

Is there any point in locking up one's house if any would-be burglar
can just break a window?

>> You can disparage software firewalls as much as you like, but
>> my experience has convinced me that they are an indispensable
>> component of any security suite.
>
>Ask anyone who even remotely understands networking. They will say
>the most important item is a NAT-router. You can't tell me that a
>software firewall trumps a NAT-router.

Where did I even remotely hint at that?

>If you want to add a software
>firewall AFTER you get a NAT-router, that's your choice. If you use a
>software firewall IN PLACE OF a nat-router, well that's a dumb choice.

All I have ever said is that a software firewall is an important
*component* of any security suite. A NAT router is another such
component, admittedly a much more important one.

One additional benefit of a software firewall is that it tells me
which programs are accessing the Internet, whether benign or
otherwise.

- Franc Zabkar
--
Please remove one 'i' from my address when replying by email.

 

[98 Guy]

Franc Zabkar wrote:

> > Franc has some cheap-ass modem that doesn't need to impliment
> > NAT internally because it only has 1 LAN port so his ISP saved
> > a buck or two when they orderd a few million of them for their
> > customer base.
>
> As stated elsewhere, it has two LAN ports, USB and Ethernet.

But they can't be used simultaneously. If it had 2 LAN ports (both of
them being RJ45) then that would be a different story. Your single
RJ45 and USB can't be used simultaneously, because that would require
2 IP addresses (one for each) and that would require NAT to be
performed by the modem.

> It *does* implement NAT internally, but is delivered with NAT
> disabled.

Because the manufacturer charged more for the version with NAT
enabled, so your ISP instead ordered the version with it disabled to
save some coin.

 

[98 Guy]

Franc Zabkar wrote:

> The modem can support two machines, one via USB, the second via
> Ethernet.

I don't see how the modem can do that without assigning a separate
internal LAN IP to both interfaces (which would require the modem to
impliment some form of NAT to route packets properly).

 

[Franc Zabkar]

On Sun, 19 Aug 2007 00:39:04 -0400, 98 Guy <98@Guy.com> put finger to
keyboard and composed:

>Franc Zabkar wrote:
>
>> The modem can support two machines, one via USB, the second via
>> Ethernet.
>
>I don't see how the modem can do that without assigning a separate
>internal LAN IP to both interfaces (which would require the modem to
>impliment some form of NAT to route packets properly).

That's what it does.

http://www.users.on.net/~fzabkar/DSL-302G/MainPages/IP_Addr.htm
http://www.users.on.net/~fzabkar/DSL-302G/MainPages/LAN_Config.htm
http://www.users.on.net/~fzabkar/DSL-302G/MainPages/IP_Route.htm

- Franc Zabkar
--
Please remove one 'i' from my address when replying by email.

 

[Franc Zabkar]

On Sun, 19 Aug 2007 00:13:30 -0400, 98 Guy <98@Guy.com> put finger to
keyboard and composed:

>Franc Zabkar wrote:
>
>> > Franc has some cheap-ass modem that doesn't need to impliment
>> > NAT internally because it only has 1 LAN port so his ISP saved
>> > a buck or two when they orderd a few million of them for their
>> > customer base.
>>
>> As stated elsewhere, it has two LAN ports, USB and Ethernet.
>
>But they can't be used simultaneously.

Apparently they can. See below.

> If it had 2 LAN ports (both of
>them being RJ45) then that would be a different story.

IIUC, both ports (10.1.1.1 and 10.1.1.2) are on the same LAN.

>Your single
>RJ45 and USB can't be used simultaneously, because that would require
>2 IP addresses (one for each) and that would require NAT to be
>performed by the modem.

Can I share the Internet with 2 PCs by connecting to the modem via USB
and Ethernet at the same time?
http://forums.whirlpool.net.au/index.cfm?a=wiki&tag=OND_sharemodem

====================================================================
With the DSL-302G DSL modem, you can connect one PC through USB and a
2nd PC through its NIC so that both can surf web. All you need to do
is to enable NAT in the Advanced Network Setup settings on the modem.

The easiest way to do this using the standard Optus D-Link 302G
firmware is as follows:

• Connect only the PC using Ethernet
• Navigate to 10.1.1.1
• Click on "Advanced Network Setup" in the left-hand menu
• Click on "Enable NAT", then click OK
====================================================================

>> It *does* implement NAT internally, but is delivered with NAT
>> disabled.
>
>Because the manufacturer charged more for the version with NAT
>enabled, so your ISP instead ordered the version with it disabled to
>save some coin.

Maybe I'm not explaining myself very well. The Optus firmware appears
to be missing much of the advanced NAT and firewall configuration
code, but the basic functions are still there.

All I have to do to enable NAT is to tick a checkbox:

http://www.users.on.net/~fzabkar/DSL-302G/MainPages/NAT.htm

I can even add my own rules.

This is the menu of functions that are available to the user:
http://www.users.on.net/~fzabkar/DSL-302G/Router_Files/home/hag/pages1/TreeMenu/menu.ssi

If you view the source, you will see the other hidden or missing
functions including RIP, FireWall, IP Filter, DNS, Blocked Protocols.
In fact I was able to use the hidden DNS menu to enable DNS Relay, a
feature which I found useful.

- Franc Zabkar
--
Please remove one 'i' from my address when replying by email.