A (probably silly) LAN question

Discussion in 'Community Discussion' started by 0dev, Dec 7, 2011.

  1. 0dev macrumors 68040

    0dev

    Joined:
    Dec 22, 2009
    Location:
    127.0.0.1
    #1
    Right, basically, I'm off to uni soon, and I'll be living in the halls. A lot of unis offer free internet, or at least cheap internet, and I have a question about it: if I'm in a building with a bunch of other students (and a lot of the student accommodation is like blocks of flats, so we're talking about a lot here), and I plug my laptop into the ethernet in my room, can other people in that building use Firesheep or similar software to see what I'm doing online?

    I know this is probably very noobish, I just want to make sure the connection will be safe before I start logging into stuff. I use a lot of sites (forums and so on) which don't support SSL.

    Thanks :)
     
  2. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #2
    If you're really concerned about it, you might consider using Tor (if your university permits it).
     
  3. 0dev thread starter macrumors 68040

    0dev

    Joined:
    Dec 22, 2009
    Location:
    127.0.0.1
    #3
    Well I'd probably use a reliable VPN if I had to, I just wanted to know if it was necessary.
     
  4. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #4
    Well, I think any data you send over standard HTTP or other non-encrypted protocols is always going to be open to interception (and much of your encrypted data, depending on how dedicated your pursuer is). It's probably just a question of how much you need to worry about this stuff. If your roommate is going to be the Girl with the Dragon Tattoo, then yes, you should probably assume she'll know what you do online whether or not you VPN. :p
     
  5. 0dev thread starter macrumors 68040

    0dev

    Joined:
    Dec 22, 2009
    Location:
    127.0.0.1
    #5
    True, but I was more asking about the nature of such a network setup rather than HTTP. Am I to understand that, if I hook up to the ethernet port, the person in the next room can, in theory, Firesheep my ass? :p
     
  6. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #6
    I'm not a hacker, but my understanding is that, most likely, yes, plus or minus a step or two.
     
  7. 0dev thread starter macrumors 68040

    0dev

    Joined:
    Dec 22, 2009
    Location:
    127.0.0.1
    #7
    I feared as much.

    Ahh well, VPN it is for me then. Or I could do all my browsing through 3G, depending on how good the connection is in the area.
     
  8. steve2112 macrumors 68040

    steve2112

    Joined:
    Feb 20, 2009
    Location:
    East of Lyra, Northwest of Pegasus
    #8
    The short answer: Maybe

    Long answer: Possibly. It is a bit harder to snoop a hard wired connection than wireless. With wireless, all your bits are just flying through the air, waiting to be sniffed and captured. With a wired connection, it's so easy. Yes, you can snoop traffic coming across the wire with something like Wireshark, but that requires doing a port span and sniffing the traffic. If you are all on the same network segment, someone could snoop around the network and start trying to exploit machines on the network, which honestly would be easier than sniffing your traffic.

    This is assuming they are using managed switches, which will make things a bit more secure. If they have the flats broken up into different VLANs, it will make things a bit more secure as well. Also, if anyone gets physical access to your machine or network jack, all bets are off.
     
  9. 0dev thread starter macrumors 68040

    0dev

    Joined:
    Dec 22, 2009
    Location:
    127.0.0.1
    #9
    I guess I could make myself look like a massive nerd by asking the IT people how their networks are setup when I get there :p

    Still thinking I'll use 3G though, certainly not wanting my machine to be more open to exploits.
     
  10. steve2112 macrumors 68040

    steve2112

    Joined:
    Feb 20, 2009
    Location:
    East of Lyra, Northwest of Pegasus
    #10
    Is this university provided house and networking? If so, I would be a lot more likely to trust it that privately owned stuff. Any network can be vulnerable, but a wired network is going to be more secure than wi-fi. The problem is that for something like Firesheep, or any sniffer for that matter, is that you have to intercept the traffic in transit from your machine to the next hop (wireless AP, router, switch, etc), and this is much more difficult on a wired connection than it is on a wireless, where all those bits are just flying through the air. Generally, unless someone has installed a sniffer of some sort somewhere on the wire, such as on the patch panel or switch, they won't able to sniff traffic. Now, your machine getting owned by someone poking around the network is a different story.

    If you are nervous about it, ask the IT folks if you are allowed to plug your own router into their hardwire connection. You could do something like a double NAT, and allow the router to get a connection from them, and in turn setup your own LAN on the inside of the router.
     
  11. 0dev thread starter macrumors 68040

    0dev

    Joined:
    Dec 22, 2009
    Location:
    127.0.0.1
    #11
    This is all good info, thanks.

    If I set up my own router, will that alleviate the risks from people poking around the network then? Are there any certain options I'll have to set up on the router? How would I get a connection on the uni network, would I ask the IT guys for the setup information?

    Just out of curiosity, if I was in a normal flat, would I have the same issue? Or would I expect each flat to be completely separate, since I'd have to buy internet myself from an ISP?
     
  12. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #12
    I think if you were directly wired in to an ISP (that is, you have your own apartment, your own cable connection, cable modem, etc, and it's all wired-only), the hack would be very challenging -- probably would either need to physically come to your house and splice into your cables or else somehow intercept your traffic out on the public internet, which would be a lot harder.
     
  13. 0dev thread starter macrumors 68040

    0dev

    Joined:
    Dec 22, 2009
    Location:
    127.0.0.1
    #13
    Good, cheers :)
     
  14. steve2112 macrumors 68040

    steve2112

    Joined:
    Feb 20, 2009
    Location:
    East of Lyra, Northwest of Pegasus
    #14
    If you did use your own router, you would basically setup the router to get a DHCP address from the uni's network. You could then setup the router to issue DHCP addresses to anything connected to it on a different subnet. For example, if the university is providing addresses from 192.168.1.1-1.254, you would let it get an address, say 192.168.1.5. Then setup the router to issue its own DHCP addresses in, say, the 192.168.10.1-192.168.10.254 range. Anything you connect to your router would be in a completely separate network, which should discourage most people except for the most hard-core. The router will simply drop any traffic it doesn't know how to handle. There is a small chance you could some type of vulnerability with the router OS, but most people aren't going to put out that kind of effort.

    It's actually not as hard as it sounds. Of course, it all depends on how the flats are setup and if the university will allow you to bring in your own equipment. For most non-university housing, I would expect each flat to provide its own internet service, though I have seen complexes that provide service to tenants. I'm always kind of wary of those, since I don't control it. Then again, I do network security for a living, so I'm a bit paranoid anyway. :D
     
  15. 0dev thread starter macrumors 68040

    0dev

    Joined:
    Dec 22, 2009
    Location:
    127.0.0.1
    #15
    Cool, I'll just set up a router if I can then. If I don't need to do anything special, I'll just get a cheap one from PC World or something :p

    I'm not really worried about super-complex hacks because I doubt anyone would go to those lengths just to get access to my forum accounts anyway, I just wouldn't want to be on a network where it's easy for someone to snoop my traffic or hack my computer. If setting up a router basically secures me against both of those things (not 100%, but then, as you know, nothing is 100% anyway), that's what I'll do :)

    Thanks for the help :)
     

Share This Page