TR Forums

After the Black Friday sell at Circuit City, I came home with a 802.11 b Wireless Belkin Router with a 4-port switch. I dont want to set up sharing internet connection just yet - I would just like to get the computers to view and share files. I got one WinXP desktop connected to the router via ethernet, a Win2000 laptop with a Wireless Card, and a Toshiba PocketPC with a compactflash wireless card. Now given the ingredients I now have to go into the whole process. Reading from some of these posts, I found that some others had more luck than I have. Been trying to figure out how to set it all up with my PC Mag wireless set-up guide, but it's too shallow in info.

So here is my problem. In my desktop, I went to the Network Setup Wizard, put that this computer is connected to a network without internet, and allowed it to automatically detect my connection. I set up my desktop computer name and the Network Group name. Then I finish and restart the computer. After that I found out that Windows put a MAC bridge (which I dont even know what it is) on. On my Win2000 laptop, it says its connected wirelessly, but I cant see any other computer when I goto my Network Places. Ditto for my desktop. My pocketpc didnt detect anything. Now what did I do wrong? I can tell today will be a long long long night.....

I'd remove the bridge that Windows created - I'm not fond of their network setup wizard...

First, check on the router for DHCP configuration options. It should already have an IP and subnet listed...

Once that's out of the way, set all the clients to automatically obtain IP information - the clients should then be able to pickup the info off the router, putting them all on the same network.

Change the workgroup to the same name for all clients - it's case insensitive as I remember, which means that "WORK" and "work" are considered the same.

Once that is done, you should be able to see a client from another. However this takes time in the Network Places because of how NetBIOS (yuck...) functions - detection can take anywhere from 15 to 60 minutes. The workaround to this is to connect via IP - you can get the IP of the client by opening a command prompt and typing "ipconfig" without quotes. Command prompt in Win2k/XP is accessed quickest by Start > Run and type "cmd" without quotes - press enter key and command prompt window will appear.

That'll get you going...

I seem to have made some progress.... (finally). I was able to access my shared folder on my laptop from my desktop, but I cant access my desktop shared folders from my laptop. In fact, my computer isnt even listed in My Network Neighborhood, but my Laptop is. Anyone know of an explanation?

NeRve wrote:

I seem to have made some progress.... (finally). I was able to access my shared folder on my laptop from my desktop, but I cant access my desktop shared folders from my laptop. In fact, my computer isnt even listed in My Network Neighborhood, but my Laptop is. Anyone know of an explanation?

Did you try connecting directly by IP, or are you just checking Net Neighborhood? If the latter, refer to my previous post for the likely reason and how to get around it...

You do not have the XP firewall or zone alarm running do you?

I have ZoneAlarm installed, but I turned it off when trying to connect. I did a ping on both computers each other and it works fine. I do not have WinXP's firewall turned on. Also Canukle, is what you mean by directly connecting via IP is as in going through IE and typing in the IP address to see if any folder is visible? Well I tried that but no luck. I did turn a lot of my services off on my desktop for better security, but I left the SERVER service running. So what's with that?

It works , after several reboots and trials! Alrighty then! I'm supped up for some sweet networking capabilities. But first, can anyone give me a 101 on how to protect my Wireless Network. I read in PC Mag there that MAC Address, SP1, WEP, etc. can do help better secure the network. Can anyone tell me what I how I should use these security features? Thanx!

On my way out the door or I'd do a little more -- but I think it's been covered before. Here's a link to get you started.

Thanx!

So far, I have only networked my computers. Once my DSL modem with ethernet port comes in I'll add it to the network. Currently, I use my single-computer USB DSL modem. Now here's the thing: my family only uses the network on the weekends, and during week-days only I will be using the computers so I will not be needing all the computers turned on and networked.

For security, should I turn off the router and use my USB DSL modem during the weekdays and when it turns to weekend and more than one computer is used, should I then turn on the router and the ethernet DSL modem? Or is it safe for me to just leave the router turned on the whole time and use it to connect to the net through the ethernet modem?

NeRve wrote:

For security, should I turn off the router and use my USB DSL modem during the weekdays and when it turns to weekend and more than one computer is used, should I then turn on the router and the ethernet DSL modem? Or is it safe for me to just leave the router turned on the whole time and use it to connect to the net through the ethernet modem?

As much as a router provides limited security, it is FAR better then a direct connection to a modem (USB or otherwise).

However, security and functionality are polar opposites.
Some things don't function well if at all behind a router, and could require configuration of the router to properly work. For example, instant messenger chat programs like MSN, Yahoo, ISQ, AIM, etc usually work fine behind a router, but file sharing over these might not work until the router and IM client are configured.

So - find out what your family uses and research how what they use works behind a router. Better to find out and configure it before they come to you screaming about how it's not working Still, it won't prevent them from installing something that might have them cursing your name anyway - welcome to being a SysAdmin

NeRve wrote:

For security, should I turn off the router and use my USB DSL modem during the weekdays and when it turns to weekend and more than one computer is used, should I then turn on the router and the ethernet DSL modem? Or is it safe for me to just leave the router turned on the whole time and use it to connect to the net through the ethernet modem?

I'm not familiar with this particular router. However, every one that I've seen has the option of turning off the wireless access point without affecting anything else. Rather than re-jig your hardware every weekend, you could just turn the radio on and off. With it off, you're as secure as you would be with any other piece of equipment (and as insecure as you choose to make yourself by opening ports or DMZ-ing machines) -- and more secure than you would be with just the modem alone. Of course you have to remember to turn wireless off, but assuming you do that, and you take what steps you can to protect yourself when the wireless is on, you're about as secure as you can be short of buying a separate firewall and putting it downstream of your access point (which still wouldn't protect you from drive-bys using your internet connection). As Canuckle says, the router provides some protection so you should use it (I wish every DSL modem sold had a NAT router built-in -- even if it didn't provide more than one connection -- simply because it would vastly reduce the proliferation of worms).

I personally find that 802.11a is a great, albeit somewhat accidental, security option: many people don't have cards that work on the "a" band and it has shorter range (but long enough for my needs).

Alrighty! I am working out the kinks of the system, but it's still very frustrating. I just recieved by mail my ethernet DSL modem. I was able to connect to the net through the router using that modem. However, (I'm not sure if this was a hacker) I couldnt access my configurations for the router. Belkin uses a web-based configuration system that could also include a password to prevent unauthorized access to settings. Only one person was allowed to access administrator at a time. Everything was going fine, when I went into the main setup and created my administrator password. And then the wierd thing happened. I logged out and tried to log back into the router system, but I couldn't it said 240.121.100 (something like that) is controlling the router system. I was like, (oh crap someone already trying to hack through my network). I immediately disconeecting my modem from my router. And after several tries I was able to access the router system again. (I wasnt sure if 240.121.100 was a wireless computer or from the net) but that lost some of my confidence in the security of the network. *Sigh* I check through IP Config my computer's IP address and it certainly wasnt 240.121.100. Got me wondering who could access my router so fast. Was it a hacker or was it simply a programing glitch in routing system. I dont know. But I was wondering of you had problems like this before?

NeRve wrote:

Alrighty! I am working out the kinks of the system, but it's still very frustrating. I just recieved by mail my ethernet DSL modem. I was able to connect to the net through the router using that modem. However, (I'm not sure if this was a hacker) I couldnt access my configurations for the router. Belkin uses a web-based configuration system that could also include a password to prevent unauthorized access to settings. Only one person was allowed to access administrator at a time. Everything was going fine, when I went into the main setup and created my administrator password. And then the wierd thing happened. I logged out and tried to log back into the router system, but I couldn't it said 240.121.100 (something like that) is controlling the router system. I was like, (oh crap someone already trying to hack through my network). I immediately disconeecting my modem from my router. And after several tries I was able to access the router system again. (I wasnt sure if 240.121.100 was a wireless computer or from the net) but that lost some of my confidence in the security of the network. *Sigh* I check through IP Config my computer's IP address and it certainly wasnt 240.121.100. Got me wondering who could access my router so fast. Was it a hacker or was it simply a programing glitch in routing system. I dont know. But I was wondering of you had problems like this before?

If that's indeed the IP address you saw (240.121.100.something) that could be someone spoofing an IP (240 is class E, "reserved" space). But it could also be you, if you're using DHCP and the router is allocating addresses out of that range. Which would be weird -- most consumer routers I've seen allocate out of Class C: 192.168.x.x -- but not impossible. Keep in mind that your router is going to get the IP address that your ISP has allocated to you, and then (through the wonders of NAT) the router will allocate a completely different set of IPs to the various PCs hooked up to it. As far as your ISP is concerned, your router is you, and anything that goes on behind that is effectively outside the internet, which is why they provide a measure of security.

Anyway, like I said, I'm unfamiliar with this particular router. It shouldn't allow the web interface to be accessed from the upstream side -- its internal http server should only be talking to the systems that are "behind" it (though this may be an adminstration setting you have to specify -- also, if it allows access to the adminstration settings from the wireless side of things you should turn that off too, if it lets you).

You might want to read the docs and see what range the router uses for DHCP. You can probably also check that in the web interface -- it should have a screen that displays the IPs it has allocated to each of the systems you have hooked up to it. It's not uncommon, BTW, for routers like this to have a little hiccup when you change settings and be unavailable for a few seconds.

Another thought -- Belkin caught a lot of deserved crap recently for putting an adware hook in one of their routers. They now have a BIOS fix to remove that (check their website for more info). What you saw might be related to that (wouldn't surprise me if they're using a reserved IP address for something like that).

UberGerbil wrote:

Anyway, like I said, I'm unfamiliar with this particular router. It shouldn't allow the web interface to be accessed from the upstream side -- its internal http server should only be talking to the systems that are "behind" it (though this may be an adminstration setting you have to specify -- also, if it allows access to the adminstration settings from the wireless side of things you should turn that off too, if it lets you).

My Linksys BEFSX41 allows for WAN access to the admin http server, so I'm presuming most/many consumer-grade routers are the same.

Captain Ned wrote:

My Linksys BEFSX41 allows for WAN access to the admin http server, so I'm presuming most/many consumer-grade routers are the same.

Yes, both of the routers I've owned (a Netgear and a Linksys) allow WAN access to the administrative interface, but it is disabled by default. Before this feature can be used, you need to log in from the LAN side and explicitly enable it.

Captain Ned wrote:

UberGerbil wrote:

Anyway, like I said, I'm unfamiliar with this particular router. It shouldn't allow the web interface to be accessed from the upstream side -- its internal http server should only be talking to the systems that are "behind" it (though this may be an adminstration setting you have to specify -- also, if it allows access to the adminstration settings from the wireless side of things you should turn that off too, if it lets you).

My Linksys BEFSX41 allows for WAN access to the admin http server, so I'm presuming most/many consumer-grade routers are the same.

My use of "shouldn't" in that sentence was prescriptive, not descriptive.

I don't know your specific router either but the two I have
(one wireless, one wired dlinks) allow you to change a whole lot of stuff. You should, if your that concerend, set up only certain addresses to be allowed any use through the router. Since you currently only have three PC's than you would only need 3 addresses. You would have to change the IP addresses in the PC's to be static instead of dynamic. This way no other PC's could get into your network at all unless you specifically allow them. During the week you could also disallow those two other IP's from connecting to the net at all and come the weekend enable them again. It may be a pain but it would certainly be secure. Don't know if you have this option but you should also make your router unpingable.

atryus28 wrote:

I don't know your specific router either but the two I have (one wireless, one wired dlinks) allow you to change a whole lot of stuff. You should, if your that concerend, set up only certain addresses to be allowed any use through the router. Since you currently only have three PC's than you would only need 3 addresses. You would have to change the IP addresses in the PC's to be static instead of dynamic.

Some routers allow the access policy to be set by MAC address. This eliminates the requirement to use static IPs for all of the systems on the LAN in order to set access policies.

This way no other PC's could get into your network at all unless you specifically allow them.

You seem to be confusing the outgoing access policy (which controls which PCs on the LAN can access the Internet, and when) with the firewall/NAT functionality which prevents outside access to your LAN. The two are in fact separate functions. Your LAN is just as secure from outside intrusions whether you set local access policies or not.

During the week you could also disallow those two other IP's from connecting to the net at all and come the weekend enable them again. It may be a pain but it would certainly be secure.

Most routers support automatic scheduling of the access policies. Set it up once, and it will enable and disable access according to the schedule you specify.

Don't know if you have this option but you should also make your router unpingable.

Most routers support this as well. My Linksys is unpingable by default. IIRC my old Netgear required you to set an option in order to have it not respond to pings.

You seem to be confusing the outgoing access policy (which controls which PCs on the LAN can access the Internet, and when) with the firewall/NAT functionality which prevents outside access to your LAN. The two are in fact separate functions. Your LAN is just as secure from outside intrusions whether you set local access policies or not.

I was talking about the wireless part and some bonehead trying to connect to your network. If you only allow X connection and X connections are filled then that's that.

atryus28 wrote:

I was talking about the wireless part and some bonehead trying to connect to your network. If you only allow X connection and X connections are filled then that's that.

Oh, OK. I misunderstood!

atryus28 wrote:

I was talking about the wireless part and some bonehead trying to connect to your network. If you only allow X connection and X connections are filled then that's that.

Agreed - Proper subnetting is always a good idea.

Well, my Belkin has a MAC filtering system. If I use that, will my network be secure somewhat from eavesdropping wireless signals or the Net?

NeRve wrote:

Well, my Belkin has a MAC filtering system. If I use that, will my network be secure somewhat from eavesdropping wireless signals or the Net?

That helps security to a degree (like all security measures). The problem is that these days it's easy to spoof the MAC address though it would mean that someone would have to know one on your network to gain access. MAC address filtration used with proper subnetting would be a better security measure...

Mmm... ok any easy-to-do-subnetting guides out there?

NeRve wrote:

Mmm... ok any easy-to-do-subnetting guides out there?

It depends on how many Computers you are going to connect. If you are only connecting say 3 computers for now you can assign them static IP's and give out addresses like 192.168.0.100-102. This would give you only three addresses and all three would be taken up by your existing three PC's. If you wanted to add more you would have to go back in to your router and add addresses as needed. You could make your addresses sporadic as well like say: 192.168.0.55, 192.168.0.103, and 192.168.0.231. If you only allow three connections (or howevermany you need) and all of them are taken up no one else should be able to get on your network. This is only really needed for the wireless end of your network though even if you have one wired and two wireless you should do this.

atryus28 wrote:

It depends on how many Computers you are going to connect. If you are only connecting say 3 computers for now you can assign them static IP's and give out addresses like 192.168.0.100-102. This would give you only three addresses and all three would be taken up by your existing three PC's. If you wanted to add more you would have to go back in to your router and add addresses as needed. You could make your addresses sporadic as well like say: 192.168.0.55, 192.168.0.103, and 192.168.0.231. If you only allow three connections (or howevermany you need) and all of them are taken up no one else should be able to get on your network. This is only really needed for the wireless end of your network though even if you have one wired and two wireless you should do this.

Not quite...

Subnetting means keeping the IP range (say 192.168.0.x) but changing the subnet (from 255.255.255.0 [/24 prefix] which allows 254 hosts) to something that allows say 6 hosts (255.255.255.248 - the /29 prefix), or 4 hosts (255.255.255.252 - the /30 prefix).

For more information on subnetting, see the last half of this article. But there's literally tonnes of subnetting howtos if you look on Google...

Here's why:
If you do what atryus28 suggested, and only statically set the IP addresses, I could effectively (if allowed) come to your home/place/whatever and connect to your network. As long as my IP were of the correct IP range, and subnet (typically 255.255.255.0) I would have internet access.

Granted though, this is not taking the MAC address filtering into consideration nor do I know the extent of such implementation on a hardware router. Give me linux/BSD though...

Thanx for all your responses, but here's a question. What implementation does an average Joe put in security for his network - wired or wireless? Is subnetting a network, especially a home network - done in most cases? After going through Google... I have a brain-cramp just looking at the explanation of the system of IP and binary addresses.

NeRve wrote:

What implementation does an average Joe put in security for his network - wired or wireless? Is subnetting a network, especially a home network - done in most cases?

Depends on the level of information regarding security they've accumulated, to which they are left at the same point you are at - deciding to what degree do you want to involve yourself in actually doing it. Some are really gunho and do it all, some aren't so...

I guess the idea of computer related security and network administration is coming into prespective for you, eh?

I should have been more specific. I wasn't explainging how to subnet (I feel that's a waste of time in a home envirnment, but that's me). I was trying to explain how to limit your number of connections to the router. If you only allow three IP's and all three are used no more can be added until you change it in the router. So if you use only three AND you filter MAC's then you really can only have three without it being a PITA. I doubt my mother's router even connects far enough for anyone outside to connect anyhow. That's just one example though.

As with most things in the PC world, there are numerous ways to something. You'll have to decide what fits you best and check whether or not you have a tin foil hat on or not.

atryus28 wrote:

I was trying to explain how to limit your number of connections to the router.

You mention limiting the router to allow 3 connections but lack any details beyond "set it". Can you expand on it please? I'm interested to know if hardware routers like those made by Linksys, Netgear, etc do this...

Properly subnetting is effectively setting the number of IPs available and therefore setting the number of connections able to be established. With MAC filtration, it's more likely a system has been compromised then someone spoofing.

As with most things in the PC world, there are numerous ways to something. You'll have to decide what fits you best and check whether or not you have a tin foil hat on or not.

Call it paranoia if you like, really it's the difference between being a good network tech and a mediocre one.