Shared Internet security

[Rodolfo]

Hi there,

A neighbor here is offering to share a 8 Mpbs connection over radio
waves. The connection comes via ADSL in his house and he wants
distribute it to other computers (maybe mine). He said he can set up
the antenna and then he would put a switch to bring the signal down
from the roof to my machine.

I would easily accept an upgrade in my connection speed, however I'm
concerned about security. I'm thinking that having the same IP as
other machines may introduce problems with sites that tracks our IPs
as login, and worse yet, I bet the guy can somehow sniff what I'm
doing... so, what are the "privileges" of the host in a scheme of
shared internet? Is the host able to know where (sites) the peers are
connected, what they're doing, how much data being downloaded, etc?

Please, anything related to security is appreciated as I couldn't find
anything related on the web.

Thanks,

Rodolfo

 

[Dennis McCunney]

Hi there,

A neighbor here is offering to share a 8 Mpbs connection over radio
waves. The connection comes via ADSL in his house and he wants
distribute it to other computers (maybe mine). He said he can set up
the antenna and then he would put a switch to bring the signal down
from the roof to my machine.

I would easily accept an upgrade in my connection speed, however I'm
concerned about security. I'm thinking that having the same IP as
other machines may introduce problems with sites that tracks our IPs
as login, and worse yet, I bet the guy can somehow sniff what I'm
doing... so, what are the "privileges" of the host in a scheme of
shared internet? Is the host able to know where (sites) the peers are
connected, what they're doing, how much data being downloaded, etc?

Please, anything related to security is appreciated as I couldn't find
anything related on the web.

Google on "wireless security"

Whether this is a problem depends on exactly what he is doing. I use a
cable modem, and the cable modem connects to a wireless router. The
desktop connects to the router by a CAT5 cable. The laptop and PDA
connect by Wifi.

The router does NAT (Network Address Translation), and provides each
connected device with its own local IP address. I have wireless
security enabled, so communications are encrypted, and anything wanting
to connect through my router must provide a pass phrase.

It sounds like your neighbor is planning to set up a local Wifi network
using a wireless router, and let you connect to him through it. We'd
need to know more about exactly what he is planning to do to advise
further, and what gear he will use to do it. If he is plnning to set up
a wifi network like I mention above, you don't need to worry about
having the same IP address, because the router handles that for you.
You also probably don't need to worry about him sniffing what you are
doing. That's not a simple task, and requires technical knowledge and
sophisticated gear.

Thanks,
Rodolfo

______
Dennis

 

[Gerald Vogt]

I would easily accept an upgrade in my connection speed, however I'm
concerned about security. I'm thinking that having the same IP as
other machines may introduce problems with sites that tracks our IPs
as login, and worse yet, I bet the guy can somehow sniff what I'm
doing... so, what are the "privileges" of the host in a scheme of
shared internet? Is the host able to know where (sites) the peers are
connected, what they're doing, how much data being downloaded, etc?

If you use his internet connection he has full control over your
connection and can sniff anything you can transmit. He is able to find
out which web servers or email servers you access. If the connections
are not secured with SSL (i.e. webserver https://... or your e-mail
server connection using TLS) he is able to read anything you sent and
receive. E.g., if you go to http://www.google.com/ he can find out. You
enter some search words, he can find out. You download some files from
non-https server, he can find out.

For connections secured with SSL you must verify that the certificates
for server are O.K. If you don't do that, he may be able to setup a
rogue proxy and relay the encrypted traffic through it. Then he would
even be able to read anything you sent through SSL.

He will be able to find out which applications you use, e.g. instant
messaging, etc.

He certainly also is able to find out how much you up- or download.

Whoever has physical access to a device has full control over the
connection and is able to sniff the traffic with the right equipment.
Thus, if you use his internet connection he has control. That is pretty
much inevitable.

Therefore: if you have doubts about your privacy, i.e. if you don't
trust your neighbor completely, don't do it.

Gerald

 

[Chuck]

Hi there,

A neighbor here is offering to share a 8 Mpbs connection over radio
waves. The connection comes via ADSL in his house and he wants
distribute it to other computers (maybe mine). He said he can set up
the antenna and then he would put a switch to bring the signal down
from the roof to my machine.

I would easily accept an upgrade in my connection speed, however I'm
concerned about security. I'm thinking that having the same IP as
other machines may introduce problems with sites that tracks our IPs
as login, and worse yet, I bet the guy can somehow sniff what I'm
doing... so, what are the "privileges" of the host in a scheme of
shared internet? Is the host able to know where (sites) the peers are
connected, what they're doing, how much data being downloaded, etc?

Please, anything related to security is appreciated as I couldn't find
anything related on the web.

Thanks,

Rodolfo

Rodolfo,

Instead of a switch, I'd have him setup a bridge, and YOU setup a NAT router as
your property and protection. I certainly would NOT connect my computer(s)
directly to a switch, connected to WiFi. Nor would I do so, connected thru
somebody else's service.

This discussion could probably be better discussed in a forum like DSL Reports,
where they have an amazing breath and depth of experience. Your concerns
encompass:
* WiFi
* Security
* Networking
* WISP Client
Start in the DSLR WiFi Networking forum. You might want to join (it's free, and
your concerns could involve several sessions):
<http://www.dslreports.com/forum/wlan>
http://www.dslreports.com/forum/wlan

 

[Jack \(MVP-Networking\).]

Hi
As far as the LAN is concern you can segregated your Local Network from the
your friend Network by using a second Router (
http://www.ezlan.net/shield.html ).
However as far as the Internet is concern (given that such an arrangement is
done in order to save few $$) there is nothing you can do about it. I.e the
two of you would be on the same external IP and if one of you is doing
illegal things the police would visit both of you.
And yes your partner would be able to sniff your Internet traffic since he
his in charge of the front Router.
Jack (MVP-Networking).

 

[Barb Bowman]

Bear in mind that most ISPs prohibit this kind of sharing.

Hi there,

A neighbor here is offering to share a 8 Mpbs connection over radio
waves. The connection comes via ADSL in his house and he wants
distribute it to other computers (maybe mine). He said he can set up
the antenna and then he would put a switch to bring the signal down
from the roof to my machine.

I would easily accept an upgrade in my connection speed, however I'm
concerned about security. I'm thinking that having the same IP as
other machines may introduce problems with sites that tracks our IPs
as login, and worse yet, I bet the guy can somehow sniff what I'm
doing... so, what are the "privileges" of the host in a scheme of
shared internet? Is the host able to know where (sites) the peers are
connected, what they're doing, how much data being downloaded, etc?

Please, anything related to security is appreciated as I couldn't find
anything related on the web.

Thanks,

Rodolfo

--

Barb Bowman
MS Windows-MVP
Expert Zone & Vista Community Columnist
http://www.microsoft.com/windowsxp/expertzone/meetexperts/bowman.mspx
http://blogs.digitalmediaphile.com/barb/

 

[Chuck]

Hi
As far as the LAN is concern you can segregated your Local Network from the
your friend Network by using a second Router (
http://www.ezlan.net/shield.html ).
However as far as the Internet is concern (given that such an arrangement is
done in order to save few $$) there is nothing you can do about it. I.e the
two of you would be on the same external IP and if one of you is doing
illegal things the police would visit both of you.
And yes your partner would be able to sniff your Internet traffic since he
his in charge of the front Router.

Right, Jack.

This forum, though, focuses on Windows Networking, not WiFi, or WISPs. There is
a Microsoft forum on WiFi, but its focus is Microsoft issues and solutions.

So I suggested DSLR Forums, which has a very wide base of experts, which will
discuss everything from legal, security, technical, and other issues. They have
very active moderators, which remove trolls and shite threads like "Dial-up
Modem Speed of 56 Mbps?".
<http://www.dslreports.com/forum/sharing>
http://www.dslreports.com/forum/sharing

And it's not my friend network anyway.

 

[Rodolfo]

Ok, thank you all. I knew that's not 100% secure, since i'm not in
total control.
Hey, I did not know DSLReports had a forum service... I do use their
network tests...

I don't care if he can check how much traffic i'm consuming, since i
think it's fare. However, I don't want him to know what i'm doing,
typing, visiting...
I don't trust him completely, even though i bet he doesn't have enough
technical knowledge to do harmful things.

So, I ask if there's any thing I can do to encrypt my traffic. Maybe a
piece of hardware or software?? May a Router be used in this case?

Rodolfo

Hi
As far as the LAN is concern you can segregated your Local Network from the
your friend Network by using a second Router (
http://www.ezlan.net/shield.html ).
However as far as the Internet is concern (given that such an arrangement is
done in order to save few $$) there is nothing you can do about it. I.e the
two of you would be on the same external IP and if one of you is doing
illegal things the police would visit both of you.
And yes your partner would be able to sniff your Internet traffic since he
his in charge of the front Router.

Right, Jack.

This forum, though, focuses on Windows Networking, not WiFi, or WISPs. There is
a Microsoft forum on WiFi, but its focus is Microsoft issues and solutions.

So I suggested DSLR Forums, which has a very wide base of experts, which will
discuss everything from legal, security, technical, and other issues. They have
very active moderators, which remove trolls and shite threads like "Dial-up
Modem Speed of 56 Mbps?".
<http://www.dslreports.com/forum/sharing>http://www.dslreports.com/forum/sharing

And it's not my friend network anyway.

--
Cheers,
Chuck, MS-MVP [Windows - Networking]http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

 

[Chuck]

Ok, thank you all. I knew that's not 100% secure, since i'm not in
total control.
Hey, I did not know DSLReports had a forum service... I do use their
network tests...

I don't care if he can check how much traffic i'm consuming, since i
think it's fare. However, I don't want him to know what i'm doing,
typing, visiting...
I don't trust him completely, even though i bet he doesn't have enough
technical knowledge to do harmful things.

So, I ask if there's any thing I can do to encrypt my traffic. Maybe a
piece of hardware or software?? May a Router be used in this case?

Rodolfo

An interesting question, Rodolpho. A VPN tunnel would be a good solution for
you, except that you'll need a host at the other end of the tunnel.

My ISP has this sort of setup, but it's for registered customers to use the
service owned by other registered customers. I can VPN thru other WiFi
networks, to a VPN endpoint at my ISP, and from there to the Internet.

As an unregistered visitor, I am afraid that you are subject to the benevolence
of your neighbour. You can (and should) protect your computer(s) behind a NAT
router, but your Internet traffic is going to be subject to his scrutiny. As it
should, since he is the service owner of record.

I think the best I can say is If you don't trust him, don't start this. Get
your own service.

 

[Rodolfo]

An interesting question, Rodolpho. A VPN tunnel would be a good solution for
you, except that you'll need a host at the other end of the tunnel.

My ISP has this sort of setup, but it's for registered customers to use the
service owned by other registered customers. I can VPN thru other WiFi
networks, to a VPN endpoint at my ISP, and from there to the Internet.

As an unregistered visitor, I am afraid that you are subject to the benevolence
of your neighbour. You can (and should) protect your computer(s) behind a NAT
router, but your Internet traffic is going to be subject to his scrutiny. As it
should, since he is the service owner of record.

I think the best I can say is If you don't trust him, don't start this. Get
your own service.

Chuck, I sure would get my own service if I could. In fact I pay a
landline plan that should include ADSL access, though the company says
I can't get the Internet service because of "technical issues"....
well, there goes more than a year battling with them.
I have also tried companies that offer radio connections, but again
they say it's not possible cuz i would need more people to join with
me (so we share a big antenna...)
This neighbor got the ADSL and is trying to get some money from it.
Well, I don't know what is a VPN tunnel yet, but i'll google for it.
Who is expected to be the host in that VPN scheme you mentioned (me
and/or my neighbor?!)?

And what is the level of security/privacy a NAT router provides me?
Can I hide pages I access and the IPs I connect to using it?

Thank you, and sorry if this is not the right place to be discussing
this matter.

Rodolfo

 

[Gerald Vogt]

This neighbor got the ADSL and is trying to get some money from it.
Well, I don't know what is a VPN tunnel yet, but i'll google for it.
Who is expected to be the host in that VPN scheme you mentioned (me
and/or my neighbor?!)?

Against who do you want to protect yourself?

1. against your neighbor tapping on your transmissions. Then you need a
VPN service in the internet to which you connect. Can't tell you who
offers something like that and how much it costs. With that any
transmission from your computer through the wireless, through the LAN of
your neighbor, through the internet to this service is protected.

2. against anybody else. Then your neighbor would have to setup a VPN
server and you connect to the VPN server. However, I guess it is much
easier to use WPA or WPA2 on the wireless connection with a strong
encryption key. That should be enough to keep others from tapping in.

And what is the level of security/privacy a NAT router provides me?

Security: Generally the computers behind a NAT router are not directly
accessible from the internet unless you configure port forwarding.

Privacy: none. Anyone who can tap on the communication knows to which
servers you are using unless the communication is encrypted. But that's
no difference whether you connect a computer directly to the internet or
to a NAT router.

Can I hide pages I access and the IPs I connect to using it?

No. Any IP packet has a source and a destination address. You cannot
hide the destination address because otherwise the packet would not get
where it has to go. You cannot hide the source address as the return
packet must find its way back to your computer somehow.

Gerald

 

[Chuck]

Chuck, I sure would get my own service if I could. In fact I pay a
landline plan that should include ADSL access, though the company says
I can't get the Internet service because of "technical issues"....
well, there goes more than a year battling with them.
I have also tried companies that offer radio connections, but again
they say it's not possible cuz i would need more people to join with
me (so we share a big antenna...)
This neighbor got the ADSL and is trying to get some money from it.
Well, I don't know what is a VPN tunnel yet, but i'll google for it.
Who is expected to be the host in that VPN scheme you mentioned (me
and/or my neighbor?!)?

And what is the level of security/privacy a NAT router provides me?
Can I hide pages I access and the IPs I connect to using it?

Thank you, and sorry if this is not the right place to be discussing
this matter.

Rodolfo

Rodolfo,

If you wanted to protect yourself against your neighbors examination of your
Internet traffic, you would have a tunnel starting from your LAN, extending thru
your neighbors service, to an outside gateway.

The problem is, there is no service (that I know of, anyway) capable of
providing an outside gateway for you. If you use your neighbors service, you
will have to trust his benevolence. You can (and should) keep your computer(s)
safe behind a NAT router, but the Internet traffic that you generate will go
thru your neighbors network, and it will be subject to his scrutiny.

A NAT router protects your computer(s). It does nothing to hide your Internet
traffic.

If your neighbor is going to trust you to not use his service for illegal or
obnoxious activity (child porn, P2P of "copywrited" material, etc), you will
likewise have to trust him (not intercept or interfere with your traffic). It's
that simple. You both have to trust each other.