Smb1.0 over tcp/ip, is the most straightforward way.

The win10 box will explicitly need smb1.0 enabled.

Win98(se) and win3.11/dos+supp disks, will speak smb1.0 by default.

https://learn.microsoft.com/en-us/windows-ser … -v3?tabs=server

The recommendation to 'upgrade the server' is laughable for dos clients. The dos client stack has not been updated for decades, and will likely never be updated.

The solution is to turn on smb1, and isolate that network from the internet.

In addition to just 'turning it on', you have to enable 'unsecure guest logon' group policy also.

https://learn.microsoft.com/en-us/windows-ser … re-guest-logons

Despite the name, it applies to smb1 passwordless guest shares as well.

Creating an accessible share on the win11 host is probably more trouble than it is worth; i would set up a writable guest share on the win98/dos/win3.11 system instead, then CONNECT to it with the win11 system, after installing smb1 and enabling insecure guest logon.

More specifically.

On the win11 system, install smb1, as above.
on the win11 system, turn on insecure login group policy, as above.

On the win98 system, use this tutorial to create a full access user-level share.

https://th.canon/en/support/8201431000

On the win11 system, connect to the share, by accessing it via its IP address. (Windows newer than win7 seems to really hate netbios/lanman3-announce, and wont properly find friendly names reliably.)

\\x.x.x.x\share

In the address bar.

Copy the files.

If using win3.11... create the share this way. (Way at the bottom)

http://www.hawaii.edu/its/micro/pc/win31/fsps3112.html

Many thanks for your time!

wierd_w wrote on 2024-06-17, 17:43:

The solution is to turn on smb1, and isolate that network from the internet.

I am not going to isolate my main machine from the internet, so I guess I can't turn on SMB1?

Creating an accessible share on the win11 host is probably more trouble than it is worth

Used to be simple once... 😉 I kind of expected that though.

i would set up a writable guest share on the win98/dos/win3.11 system instead, then CONNECT to it with the win11 system, after installing smb1 and enabling insecure guest logon.

But the win11 system has internet access and needs it too. So from what you said before, this is no option either. Unless you capitalized CONNECT for some reason I don't undertstand. Otherwise, I could live with this one sided solution just fine.

(I always have CF cards to fall back on)

Edit: More thanks for the second part and links.

It might be easier to use a NAS and set up an FTP server. I don't use this myself, but I think Phil has a few videos on that topic on his channel.

There are fully functional FTP clients for DOS and Win9x. Under Win9x, Total Commander is great for quick FTP access. Under pure DOS, you can use mTCP.

It is ... unwise... to let SMB1 loose on an internet connected network.

This is why MS has done everything but put an electrified mousetrap on turning those features on.

This is because those nasty 'i'll encrypt your entire fieshare then demand ransom!' Wirms out there do their evil over smb1 on ip.

I'd suggest using netbeui protocol as the transport, but win11 has no idea what that is. (It is PERFECTLY SAFE to use SMB1 on netbeui! It is NOT ROUTABLE and wont escape your house.)

If your host was win7 or older, this would be the way to go.

But... win11. 🙁

Joseph_Joestar wrote on 2024-06-17, 18:31:

It might be easier to use a NAS and set up an FTP server.

Honestly, whatever comes out of this will compete in simplicity with just moving CF cards or SSDs from swap bays. Add to this that I am limited to 100 mbit on 98se and 10 mbit on 3.1.
Never consciously owned a NAS, except for a USB stick on a router.

wierd_w wrote on 2024-06-17, 18:34:

It is ... unwise... to let SMB1 loose on an internet connected network.

Of course I am behind a router firewall... But I don't really know if that is safe enough. And before I find out the hard way, I rather use CF-cards.

(Hacked WD Mycloud EX2 here... still needs smb1 to work right with windows, though... *I* access it via NFS, as I use linux, so that's a nonissue.)

Let me see if anyone made a netbeui driver for win11...

Actually... ...

Smb1 over IPX/SPX might do? While routable, modern routers have no idea what it is, so it TOO, wont escape your house. Iirc, 11 has an ipx driver?

(Bonus, dos lan games EXPECT ipx!)

wierd_w wrote on 2024-06-17, 18:49:

Let me see if anyone made a netbeui driver for win11...

Well, don't invest too much time into my problem. I am kind of relieved that it is indeed way more complex these days and not just me unable to flip a few obvious switches.

Many thanks for your very helpful instructions. Probably other people with less security concerns may still put them to good use. But I am not going to take that risk for a little extra convenience.

wierd_w wrote on 2024-06-17, 18:49:

Smb1 over IPX/SPX might do? While routable, modern routers have no idea what it is, so it TOO, wont escape your house. Iirc, 11 has an ipx driver?

Good question. The selection I find has only one thing not checked and that is Microsoft Multiplexor Protocol for Network adapters.
But maybe it would be hiding elsewhere?

ux-3 wrote on 2024-06-17, 19:08:

wierd_w wrote on 2024-06-17, 18:49:

Smb1 over IPX/SPX might do? While routable, modern routers have no idea what it is, so it TOO, wont escape your house. Iirc, 11 has an ipx driver?

Good question. The selection I find has only one thing not checked and that is Microsoft Multiplexor Protocol for Network adapters.
But maybe it would be hiding elsewhere?

If you need a LAN-only networking protocol, AppleTalk is also an alternative. It supports DOS PCs and NE2000 cards, too.

Linux kernal can support it, too.
In theory, there are even Amiga networks supporting it.

Linux:
https://cregit.linuxsources.org/code/4.18/net … et_atalk.c.html

https://www.downtowndougbrown.com/2020/08/hac … -5-1-and-newer/

Amiga:
http://amiga.resource.cx/exp/doubletalk2000

This blog entry has more information about DOS use: "A LocalTalk PC card, a Macintosh Plus and a Linux box."

Windows 3.x and 9x could use the DOS drivers, I think.
Normally, the underlying, DOS-based network stuff still is available on Windows.
Windows will even show a network drive as such (network icon).

Edit: Windows 11 support is out-of-question, maybe.
Indirectly it may work, though. Virtual Box has a folder-sharing feature that could be used.
Provided that an OS supports both Virtual Machine additions and an AppleTalk network stack.

Edit: Now that I think of it, there's also LANtastic, which used to be available to DOS, Windows and OS/2.
Unfortunately, likely no 64-Bit Windows NT network stack is available to it, either.
Still, it used to be more popular than Little Big LAN or Kirschbaum Netz.

Edit: About AppleTalk on Windows.. In case anyone reads this and cares.
It's possible to use the Windows 2000 drivers. Just like with IPX/SPX or NetBEUI.
However, a manual installation might be possible. This topic on a Mac site has more information (no software, just info).
As for x64 support.. Not sure. I read Server 2003 seems to support it, so maybe there's a small chance Server 2003 x64 drivers can be used on later Windows versions.
(Btw, Services for Macintosh and support for AppleTalk and AFP are not quite same thing. Could be that Server merely supports the former over TCP/IP, not sure.)

ux-3 wrote on 2024-06-17, 16:53:

After my frustration with USB 2.0 cards has reached saturation, I am trying to follow the advice given here in several threads f […]
Show full quote

After my frustration with USB 2.0 cards has reached saturation, I am trying to follow the advice given here in several threads for data transfer problems: Go through network.

OK. First attempt was to use the USB port on the router for a USB stick that everyone can access. But NO!, Win 11 laughs at the protocol (SMB1) and says nono. OK, going direct may be the better idea anyway.

In the past, I sometimes used the Windows networking ability to create a home net for data transfer. So I tried my best to get it set up. I created a folder "retro" and gave access right to everyone in the network. The funny thing is, on the win98 machine, I can at least see my main machine and my wife's PC now. When I then click on the main machine, I get told it is not available, despite me having released a folder.
On my main machine, I can not even see the win98 machine nor that from my wife. But I get to see several Wifi access nodes.

I really don't want anything fancy: I would like to have a folder on my main PC that I can access from the retro machines and/or I would like to be able to have full HDD access to the reto machines from my main PC.

Is there a tutorial on how to do this? Maybe I am just missing something basic?

I just use PuTTY and SSH (on the Win95/98-era systems)... you can enable SSH access on your Win10/11 system fairly easily I suppose? Then just scp those files to and fro. Although, if you're doing it from the old system with PuTTY, the command is actually pscp.

Quick, easy, and secure.

What also comes to mind, the "full versions" of Windows NT may have better networking support (the server editions, I mean).
They may still have the ability to enable CIFS support (SMB1) via registry tweaking, not sure.

wierd_w wrote on 2024-06-17, 18:34:

This is because those nasty 'i'll encrypt your entire fieshare then demand ransom!' Wirms out there do their evil over smb1 on ip.

I'd suggest using netbeui protocol as the transport, but win11 has no idea what that is. (It is PERFECTLY SAFE to use SMB1 on netbeui! It is NOT ROUTABLE and wont escape your house.)

I'm honestly not sure whether being 'routable' has anything to do with it. Such worms as you described infect a PC, then attack locally mounted drives and locally accessible folders. At this the fact that the file shares cannot "escape your house" will not protect you. The shares being read-only might protect you, unless there is a way to circumvent access restrictions over SMB1.

The issue, is that no 'service' is living on any accessible port, from the internet.

There is no way into the network. The insecure transport does not talk to the internet. At all.

With smb1 bound ONLY to netbeui, the vulnerable service does not respond to hacker attempts. (Because it is not listening to tcp/ip.)

From the remote hacker pov, there are no smb1 shares to infect. They scan the netbios over tcp port numbers, nothing responds; we are NOT using netbios over tcp.

No attack surface.

It is possible to configure such exclusive transport rules with windows.

https://answers.microsoft.com/en-us/windows/f … 98-d900810f89f9

You can explicitly configure smb1 to not use tcp/ip.

I used this very tactic back in the BLASTER worm era, to bind 'File and print sharing' and 'Client for microsoft windows' to ONLY 'ipx/spx compatible transport'.

I was never once infected.

Apparently, (as I have been looking into this), the xp64bit version of the ipx/spx driver WILL INSTALL on windows 10 and 11.

To use it legally, you need the xp x64bit edition disc.

This site does have a link to an archive containing the driver.

dont use it, its providence is questionable. Dig out original files from a real XP x64 bit edition disc, but otherwise use their instructions.

Use the advanced networking options in the network connections control panel to exclusively force smb1 to use ipx/spx.

https://www.elevenforum.com/t/ipx-spx-protoco … indows-11.7591/

I have a win10 box, (and I will have to dig for my xp x64 edition disc), so I will test this later.

I am sleepy now.

Nas share accessible to my win11 pc. Also shared via nfs to a debian vm that has a smbv1 share on a segregated retro-network. Jobs' done.

wierd_w wrote on 2024-06-17, 20:23:

The issue, is that no 'service' is living on any accessible port, from the internet.

Isn't it something that any home router will take care of anyways? No port is accessible from the internet, unless you (a) open it explicitly, or (b) use DMZ , or (c) Use UPnP, or (d) The original request is initiated from inside the LAN.

(a) and (b) are completely under the user's control and must be configured manually. (c) is something a user may want for other services; does the SMB stack on Windows utilize UPnP in any way? (d) I don't think applies.

wierd_w wrote on 2024-06-17, 20:23:

From the remote hacker pov, there are no smb1 shares to infect. They scan the netbios over tcp port numbers, nothing responds; we are NOT using netbios over tcp.

No attack surface.

Correct, but that's not the attack vector for most cryptomalware. The cryptomalware installs itself locally, after a gullible user clicks a bad link or downloads and runs an infected file. At that point it can do almost anything, or anything at all if the account has local admin privileges.