PDA

View Full Version : Securing a shared adsl connection



Wiseman
04-02-08, 03:53 PM
Hi,

I would like to know it is possible to have access to a computer on a shared
connection via a ADSL modem router. FYI no work group has been set.

Wiseman

David H. Lipman
04-02-08, 04:36 PM
From: "Wiseman" <wiseman@wiseman.com>

| Hi,
|
| I would like to know it is possible to have access to a computer on a shared
| connection via a ADSL modem router. FYI no work group has been set.
|
| Wiseman
|

Please be more specific on what you are asking.
What are you trying to accomplish ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Wiseman
04-03-08, 04:05 AM
I am sharing my connection with a neighbour and I want to make sure they
can't have access to my pc, that's all.


"David H. Lipman" <DLipman~nospam~@Verizon.Net> a écrit dans le message de
news: 5%SIj.9822$bC6.3537@trnddc08...
> From: "Wiseman" <wiseman@wiseman.com>
>
> | Hi,
> |
> | I would like to know it is possible to have access to a computer on a
> shared
> | connection via a ADSL modem router. FYI no work group has been set.
> |
> | Wiseman
> |
>
> Please be more specific on what you are asking.
> What are you trying to accomplish ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

David H. Lipman
04-03-08, 05:53 AM
From: "Wiseman" <wiseman@wiseman.com>

| I am sharing my connection with a neighbour and I want to make sure they
| can't have access to my pc, that's all.
|

All I can say is -- Don't!

You are responsible for their actions.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Wiseman
04-04-08, 02:23 AM
Try to be more specific. I need to share because the cost is high.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> a écrit dans le message de
news: AG2Jj.9676$s27.6596@trnddc02...
> From: "Wiseman" <wiseman@wiseman.com>
>
> | I am sharing my connection with a neighbour and I want to make sure they
> | can't have access to my pc, that's all.
>
> All I can say is -- Don't!
>
> You are responsible for their actions.
>
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman
04-04-08, 05:38 AM
From: "Wiseman" <wiseman@wiseman.com>

| Try to be more specific. I need to share because the cost is high.
|

Pay for it or don't access the Internet. There are too many risks sharing Internet with
non-family members.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Gerhard Fiedler
04-04-08, 07:29 AM
On 2008-04-04 07:38:51, David H. Lipman wrote:

> From: "Wiseman" <wiseman@wiseman.com>
>
>| Try to be more specific. I need to share because the cost is high.

I think what he's trying to say is that if anyone is doing anything illegal
over the connection, the one responsible for the connection may be held
responsible.

> Pay for it or don't access the Internet. There are too many risks
> sharing Internet with non-family members.

I don't really see how the "family member" qualifier changes anything of
that -- if it is about that. IMO the risk is about the same for family
members and non-family members (at least without knowing details about the
specific persons involved).

Gerhard

Wiseman
04-04-08, 09:47 AM
I appreciate your explanation.

But my question was not about what the neighbour can do on the internet. It
was whether they could access my own computer.

"Gerhard Fiedler" <gelists@gmail.com> a écrit dans le message de news:
oekubd95kn6j$.dlg@gelists.gmail.com...
> On 2008-04-04 07:38:51, David H. Lipman wrote:
>
>> From: "Wiseman" <wiseman@wiseman.com>
>>
>>| Try to be more specific. I need to share because the cost is high.
>
> I think what he's trying to say is that if anyone is doing anything
> illegal
> over the connection, the one responsible for the connection may be held
> responsible.
>
>> Pay for it or don't access the Internet. There are too many risks
>> sharing Internet with non-family members.
>
> I don't really see how the "family member" qualifier changes anything of
> that -- if it is about that. IMO the risk is about the same for family
> members and non-family members (at least without knowing details about the
> specific persons involved).
>
> Gerhard

David H. Lipman
04-04-08, 02:38 PM
From: "Gerhard Fiedler" <gelists@gmail.com>

| On 2008-04-04 07:38:51, David H. Lipman wrote:
|
>> From: "Wiseman" <wiseman@wiseman.com>
>>
>|> Try to be more specific. I need to share because the cost is high.
|
| I think what he's trying to say is that if anyone is doing anything illegal
| over the connection, the one responsible for the connection may be held
| responsible.
|
>> Pay for it or don't access the Internet. There are too many risks
>> sharing Internet with non-family members.
|
| I don't really see how the "family member" qualifier changes anything of
| that -- if it is about that. IMO the risk is about the same for family
| members and non-family members (at least without knowing details about the
| specific persons involved).
|
| Gerhard

Actually you find this as a clause on most if not all ISP ToS/AUP's.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Smiles
04-05-08, 08:00 AM
I have done this.
I had a router at each house and set internal network set for two
different ranges.

Wiseman wrote:
> I appreciate your explanation.
>
> But my question was not about what the neighbour can do on the internet. It
> was whether they could access my own computer.
>
> "Gerhard Fiedler" <gelists@gmail.com> a écrit dans le message de news:
> oekubd95kn6j$.dlg@gelists.gmail.com...
>> On 2008-04-04 07:38:51, David H. Lipman wrote:
>>
>>> From: "Wiseman" <wiseman@wiseman.com>
>>>
>>> | Try to be more specific. I need to share because the cost is high.
>> I think what he's trying to say is that if anyone is doing anything
>> illegal
>> over the connection, the one responsible for the connection may be held
>> responsible.
>>
>>> Pay for it or don't access the Internet. There are too many risks
>>> sharing Internet with non-family members.
>> I don't really see how the "family member" qualifier changes anything of
>> that -- if it is about that. IMO the risk is about the same for family
>> members and non-family members (at least without knowing details about the
>> specific persons involved).
>>
>> Gerhard
>
>

Gerhard Fiedler
04-05-08, 09:05 AM
On 2008-04-04 11:47:58, Wiseman wrote:

> I appreciate your explanation.
>
> But my question was not about what the neighbour can do on the internet. It
> was whether they could access my own computer.

They can, in general -- your computers normally will be on the same LAN
segment. There are ways to prevent that they can access anything
significant, though, and there are ways to make sure they can't access it
at all: disabling services on your computer, a local software firewall on
your computer, using a router that can create different and separate
"virtual LANs", using a second router/gateway between your computer and the
router/gateway connected to the ADSL connection.

But still it's worth checking whether this is allowed by your ISP, as David
says.

Gerhard

News Reader
04-05-08, 09:44 AM
Smiles wrote:
> I have done this.
> I had a router at each house and set internal network set for two
> different ranges.

Did you connect the WAN ports of the two routers into a common
hub/switch and then to your modem, or did you connect the WAN port of
the neighbors router to the LAN port of your router?

>
> Wiseman wrote:
>> I appreciate your explanation.
>>
>> But my question was not about what the neighbour can do on the
>> internet. It was whether they could access my own computer.
>>
>> "Gerhard Fiedler" <gelists@gmail.com> a écrit dans le message de news:
>> oekubd95kn6j$.dlg@gelists.gmail.com...
>>> On 2008-04-04 07:38:51, David H. Lipman wrote:
>>>
>>>> From: "Wiseman" <wiseman@wiseman.com>
>>>>
>>>> | Try to be more specific. I need to share because the cost is high.
>>> I think what he's trying to say is that if anyone is doing anything
>>> illegal
>>> over the connection, the one responsible for the connection may be held
>>> responsible.
>>>
>>>> Pay for it or don't access the Internet. There are too many risks
>>>> sharing Internet with non-family members.
>>> I don't really see how the "family member" qualifier changes anything of
>>> that -- if it is about that. IMO the risk is about the same for family
>>> members and non-family members (at least without knowing details
>>> about the
>>> specific persons involved).
>>>
>>> Gerhard
>>
>>

Best Regards,
News Reader

News Reader
04-05-08, 10:06 AM
Wiseman wrote:
> I appreciate your explanation.
>
> But my question was not about what the neighbour can do on the internet. It
> was whether they could access my own computer.
>
> "Gerhard Fiedler" <gelists@gmail.com> a écrit dans le message de news:
> oekubd95kn6j$.dlg@gelists.gmail.com...
>> On 2008-04-04 07:38:51, David H. Lipman wrote:
>>
>>> From: "Wiseman" <wiseman@wiseman.com>
>>>
>>> | Try to be more specific. I need to share because the cost is high.
>> I think what he's trying to say is that if anyone is doing anything
>> illegal
>> over the connection, the one responsible for the connection may be held
>> responsible.
>>
>>> Pay for it or don't access the Internet. There are too many risks
>>> sharing Internet with non-family members.
>> I don't really see how the "family member" qualifier changes anything of
>> that -- if it is about that. IMO the risk is about the same for family
>> members and non-family members (at least without knowing details about the
>> specific persons involved).
>>
>> Gerhard
>
>

Separating the two networks into VLANs would be effective (two separate
broadcast domains). You'd need to make sure you restricted interVLAN
routing between them. Your equipment would need to support VLANs, and
you'd need to be up to the challenge of configuring it.

If you did not use VLANs, and attempted to achieve the desired results
with a pair of routers, similar to Smiles (other poster), you would not
want to connect the WAN port of the neighbors router to the LAN port of
your router. They would be able to initiate connections into your network.

If your ISP permits multiple concurrent IP addresses, it would be
preferable to connect the WAN ports of the two routers into a common
hub/switch and then to your modem. NAT on the WAN port of each router
would prohibit connections into each others network. Each WAN port would
negotiate an IP address from the ISP.

I do agree with comments from other posters regarding the liability
incurred, just to save a buck. I like my neighbor, but I wouldn't want
to be legally accountable for his actions.

Best Regards,
News Reader

Smiles
04-07-08, 07:19 AM
adsl modem to router to two more routers

so each house was two routers to the internet and two routers between each

and yes the networks where two different ranges coming out from each

News Reader wrote:
> Smiles wrote:
>> I have done this.
>> I had a router at each house and set internal network set for two
>> different ranges.
>
> Did you connect the WAN ports of the two routers into a common
> hub/switch and then to your modem, or did you connect the WAN port of
> the neighbors router to the LAN port of your router?
>
>>
>> Wiseman wrote:
>>> I appreciate your explanation.
>>>
>>> But my question was not about what the neighbour can do on the
>>> internet. It was whether they could access my own computer.
>>>
>>> "Gerhard Fiedler" <gelists@gmail.com> a écrit dans le message de
>>> news: oekubd95kn6j$.dlg@gelists.gmail.com...
>>>> On 2008-04-04 07:38:51, David H. Lipman wrote:
>>>>
>>>>> From: "Wiseman" <wiseman@wiseman.com>
>>>>>
>>>>> | Try to be more specific. I need to share because the cost is high.
>>>> I think what he's trying to say is that if anyone is doing anything
>>>> illegal
>>>> over the connection, the one responsible for the connection may be held
>>>> responsible.
>>>>
>>>>> Pay for it or don't access the Internet. There are too many risks
>>>>> sharing Internet with non-family members.
>>>> I don't really see how the "family member" qualifier changes
>>>> anything of
>>>> that -- if it is about that. IMO the risk is about the same for family
>>>> members and non-family members (at least without knowing details
>>>> about the
>>>> specific persons involved).
>>>>
>>>> Gerhard
>>>
>>>
>
> Best Regards,
> News Reader

News Reader
04-07-08, 11:09 AM
Smiles wrote:
> adsl modem to router to two more routers
>
> so each house was two routers to the internet and two routers between each
>
> and yes the networks where two different ranges coming out from each
>

Depending on your routing choices, this would not necessarily be a
requirement. If the upstream router had static routes configured, or
dynamically learned routes to the networks on the LAN side of the
downstream routers, you would need the LAN network IDs to be different
(e.g.: 192.168.1.0 /24, 192.168.2.0 /24).

If you were using typical residential routers in their factory-default
"gateway mode" (i.e.: didn't enable static or dynamic routing) with NAT,
the two network IDs used on the LAN side of the downstream routers could
be the same. Without routes in its routing table for those networks, the
upstream router would have no awareness of the addressing scheme used on
the LAN side of the downstream routers.

The upstream router would see all of your LAN hosts as having the same
IP address; the address of your downstream router's WAN interface (e.g.:
192.168.0.2), to which your hosts are NAT'd.

The upstream router would see all of your neighbor's LAN hosts as having
the same IP address; the address of your neighbor's downstream router's
WAN interface (e.g.: 192.168.0.3), to which his/her hosts are NAT'd.

Lets assume you used a common network ID (e.g.: 192.168.1.0 /24) on the
LAN side of each of the downstream routers. Any attempt by your neighbor
to connect to a host with an address of 192.168.1.x, would be contained
within the LAN side of his/her downstream router. Those packets wouldn't
even traverse his/her router to the WAN port.

You could both have hosts addressed with e.g.: 192.168.1.10, and you
would each reach your own host, but be completely isolated from the
others host with the same address.

The key is the upstream router not having routes to the LAN side of the
downstream routers (i.e.: a lack of awareness of the addressing scheme
used).

> News Reader wrote:
>> Smiles wrote:
>>> I have done this.
>>> I had a router at each house and set internal network set for two
>>> different ranges.
>>
>> Did you connect the WAN ports of the two routers into a common
>> hub/switch and then to your modem, or did you connect the WAN port of
>> the neighbors router to the LAN port of your router?
>>
>>>
>>> Wiseman wrote:
>>>> I appreciate your explanation.
>>>>
>>>> But my question was not about what the neighbour can do on the
>>>> internet. It was whether they could access my own computer.
>>>>
>>>> "Gerhard Fiedler" <gelists@gmail.com> a écrit dans le message de
>>>> news: oekubd95kn6j$.dlg@gelists.gmail.com...
>>>>> On 2008-04-04 07:38:51, David H. Lipman wrote:
>>>>>
>>>>>> From: "Wiseman" <wiseman@wiseman.com>
>>>>>>
>>>>>> | Try to be more specific. I need to share because the cost is high.
>>>>> I think what he's trying to say is that if anyone is doing anything
>>>>> illegal
>>>>> over the connection, the one responsible for the connection may be
>>>>> held
>>>>> responsible.
>>>>>
>>>>>> Pay for it or don't access the Internet. There are too many risks
>>>>>> sharing Internet with non-family members.
>>>>> I don't really see how the "family member" qualifier changes
>>>>> anything of
>>>>> that -- if it is about that. IMO the risk is about the same for family
>>>>> members and non-family members (at least without knowing details
>>>>> about the
>>>>> specific persons involved).
>>>>>
>>>>> Gerhard
>>>>
>>>>
>>
>> Best Regards,
>> News Reader

Best Regards,
News Reader