micknorman11
asked on
How does Remote Assistance access a computer behind a router's firewall without any firewall configuration?
Following on from this question: https://www.experts-exchange.com/questions/21114583/How-to-address-a-computer-behind-router-over-broadband.html
How is that without doing any port forwarding a computer on the internet is able to access a supposedly secure xp machine sitting behind a firewall with nothing but the windows xp software to authenticate the access request from the remote assisting computer?
How does this work under the hood?
How is that without doing any port forwarding a computer on the internet is able to access a supposedly secure xp machine sitting behind a firewall with nothing but the windows xp software to authenticate the access request from the remote assisting computer?
How does this work under the hood?
Additional Notes:
Configuring Port 3389 to Enable Remote Assistance
Remote Assistance runs over the top of Terminal Services technology, which means it needs to use the same port already used by Terminal Services: port 3389.
Note: If the person who is being helped is behind a firewall, NAT, or ICS, Remote Assistance will still function as long as the person being helped initiates the session via Windows Messenger. However, as stated above, Remote Assistance will not work in cases when the outbound traffic from port 3389 is blocked.
Using Remote Assistance in a Home Network
If you are using Personal Firewall or NAT in a home environment, you can use Remote Assistance without any special configurations. However, if you have a corporate-like firewall in a home environment, the same restrictions apply: you would need to open Port 3389 in order to use Remote Assistance.
Configuring Port 3389 to Enable Remote Assistance
Remote Assistance runs over the top of Terminal Services technology, which means it needs to use the same port already used by Terminal Services: port 3389.
Note: If the person who is being helped is behind a firewall, NAT, or ICS, Remote Assistance will still function as long as the person being helped initiates the session via Windows Messenger. However, as stated above, Remote Assistance will not work in cases when the outbound traffic from port 3389 is blocked.
Using Remote Assistance in a Home Network
If you are using Personal Firewall or NAT in a home environment, you can use Remote Assistance without any special configurations. However, if you have a corporate-like firewall in a home environment, the same restrictions apply: you would need to open Port 3389 in order to use Remote Assistance.
ASKER
I neglected to mention that the remote assistance was working before I got the router configured to support remote desktop (ie enabled the port forwarding)
Most consumer-grade routers do not have the firewall enabled by default. Even if they do, they may not be blocking those ports. If you get port-scanned from the outside, you can see which ports you have open and which are closed...
Shields Up!
http://www.grc.com/x/ne.dll?rh1dkyd2
Shields Up!
http://www.grc.com/x/ne.dll?rh1dkyd2
ASKER
Hrm ... I'll go check out the router asap. I thought the firewall was on, but I could have overlooked it. Best double check.
I was just reading another EE question and discovered MAC filtering doesn't prevent sniffing wireless routers either - ACK!
There's at least one change I'll be making on the router - enable WEP.
I've been told 802.11b is piece of cake to bust into anyway ... I'll have to look further into that.
Back in a couple of days ... tks for the input so far :)
I was just reading another EE question and discovered MAC filtering doesn't prevent sniffing wireless routers either - ACK!
There's at least one change I'll be making on the router - enable WEP.
I've been told 802.11b is piece of cake to bust into anyway ... I'll have to look further into that.
Back in a couple of days ... tks for the input so far :)
yea from a linux box, even WEP is no match...
=)
=)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rmassist.mspx