Re: Networking over mains cables

In article <5001aa7c95invalid-email@xxxxxxxxxxxxxxxxxxxx>,
Paul Vigay <invalid-email@xxxxxxxxxxxxxxxxxxxx> wrote:
In article <5001a2db5espam@xxxxxxxxxxxxxx>,
VinceH <spam@xxxxxxxxxxxxxx> wrote:

remember the name of the last one he used, but it was the last
straw and the reason I opted for limiting the speed, because the
damned thing somehow wormed its way around my attempts at
blocking just about every port except the basic ones needed to
use the internet!

Odd. You should be able to block (incoming and outgoing) P2P ports,
unless he's set it up to proxy through a standard web port or
something.

He's too thick to set it to do anything like that, so I think the
software itself was programmed to leech through any open port it
could find that wasn't currently being used by the computer, so
without blocking him completely it was useable.

I could make it fast enough to still allow that without it using more
than its fair share of the bandwidth, but that would be allowing him
to download pirated material via my network, so the words "fuff" and
"ock" spring to mind here in terms of what he can do.

The alternative is to setup bandwidth shaping on your
router, if it supports it - but again, I guess that won't work
either if he's changed the ports.

The limited speed does the trick.

Can't you just block his MAC address? :-)

But that would be blocking him completely, and I'm supposed to be
providing him with an internet connection.

[2] And I think Vista is probably a weak link here, which is what
my user above has on his laptop. When entering a network key,
Vista allows you to unhide the characters and see the actual key.
What I haven't checked is whether you can go back to that screen
and reveal the previously entered key.

I wouldn't rely on that form of security.

It's not limited to just the WPA2 key - it's also set up to only
allow the MAC addresses of the machines I know about. And, of course,
as I've already said, it's deliberately low power and speed. (Oh and
it also automatically shuts off from 11:30pm until 6am, although
that's not really done because of any security issues. Rather to
prevent the same annoying, selfish twat of a user from staying on
chat rooms until the silly hours and, because he's therefore awake,
making noise when I want to be sleeping: I'm a *very* light sleeper
and it doesn't take much to keep me awake.)

None of it is perfect: that key can be revealed because of the daft
option to make the characters visible, and the mac address of one of
the accepted machines could be spoofed. The only way to make the
wireless network truly secure is to switch it off, and that's not an
option.

I'm not sure about Vista as I don't have wifi on the Vista machine,
but Mac OS X (Leopard) will certainly allow you to go into the
network configuration and view the wifi key if you've previously
entered one. As does Ubuntu Linux.

That's just plain stupid, IMO.

--
VinceH
.

Relevant Pages

  • RE: How to find a changing IP on ethernet network
    ... called "port security". ... tell it how many MAC ... to issue an SMTP trap to your Network Management ...
    (Security-Basics)
  • Re: How Do I Keep Private Computers Off of Our Network?
    ... I recommend enabling port security on on all the switches; ... port to the system's MAC address and then disabling the unused ports. ... If you really need to lock it down then Network Access Control through ... are using their business computer's wired connection to connect ...
    (microsoft.public.windows.server.active_directory)
  • Re: Scan for "outsider" Pcs on network
    ... can use is the MAC address. ... switch ports by MAC address does not secure one's Ethernet network. ... switch port set up to only accept their mac address. ... OpenBSD Box (SOB) set up as a bridge.He drops it inline with the ...
    (Focus-IDS)
  • Re: Not able to print to shared OS X printer
    ... I've been printing to that exact Brother ... > It's shared, via a Mac running OS X, over the network. ... My guess - and I have no way of testing this, is that Mac users don't ... transmit on cups port but transmit on afp over tcp port and thus ...
    (Fedora)
  • RE: Command Line RPC vulnerability scanner?
    ... we are blocking these at the perimeter ... majority of the attempts are hitting on port 445, ... An employee inside your network or with VPN access runs exploit on ...
    (Incidents)