StarDestroyer.Net BBS

Post your home network setups here-

Mine:

Windows NT 4 box upstairs (up), Linux desktop downstairs(bigbox), Linux laptop(laptop), and a Linux server(server). Server acts as a gateway, runs Apache 2 for testing purposes, NTP, DHCP which matches IP addresses to MAC address, and a DNS server running BIND (I like being able to connect to other computers on my network by name- serious overkill when one can use hosts files, but meh).

All of this is connected via wired 10/100 ethernet strung on the edges of the floor, with a D-Link router acting as a hub/switch, since the server is performing most of it's functions (more flexible).

server shares /home via NFS and SMB to the two desktops- NFS is used where possible since it seems a lot faster (using the kernel based server). The laptop accesses files on the server via the userspace version of sshfs using the FUSE kernel module, since I need to be able to quickly connect and disconnect it without becoming root, and it has the benefit of being able to shuttle files over the internet (though a bit slow).

Printing is done via IPP- I don't even bother sharing printers through Samba- unfortunately, that means the Windows NT4 computer can't print, but it's not used for much anyway.

Windows network ... 2000 Server for FTP/webserver and file storage ... XP Pro desktop for gaming/internet ... XP Pro laptop for stuff from the office.

Laptop & desktop controlled through KVM switch, server controlled through VNC or Remote Desktop ... network sits behind SOHO firewall manufactured by my employer. Entire network can run through 10/100 ethernet or 802.11b wireless.

DSL connection via a wireless router; all computers connect through router.

Mom's WinME computer (Big One - so named back when a 1 GHz Athlon was hot shit in more than one way) connected via wireless USB network interface; wireless connections restricted to that and only that MAC address.

My server (Magnus - huge fucking SC5000 server chassis) and my personal computer (Super-Colossus) connected via ethernet cable. Server controlled via VNC.

No explicit shares on any computers as I rarely do file transfer; when I send stuff to the server I just use the administrative C$ share. Mine and my mother's computers each have their own printer; she has some cheap quasi-disposable Epson inkjet printer, I have an old yet fairly reliable Canon bubblejet printer. I'd happily ditch color and snag a laser, but none I've seen would be quite so compact as this nice little bubblejet.

Can't MAC addresses be sniffed and spoofed?

My setup here is an eTec wired router with three desktops linked in and one laptop.

I'm currently running a lovely little sublet on the ISP I've got, getting all my flatmates here in the student accomodation to pay for use of the internet. I am the only person in the building that has managed to get broadband internet.

Pu-239 wrote:Can't MAC addresses be sniffed and spoofed?

I don't know.

What I do know is I've got an 802.11b setup, I'm not willing to shell out the cash for all new G hardware that has stronger security, and we're not stringing a wire around or through the wall separating my room from my mother's room.

So, what I've got will simply have to do.

Besides which, I live in a sleepy bedroom community where most of my neighbors are not the technically minded sort, nobody's likely to be doing any wardriving, and my mother's computer is off for the great majority of the time; so most of the time there wouldn't even be any packets being transmitted to pick up.

I don't lose any sleep over it.

Internet Connection: Roadrunner over Toshiba Modem pugged into wan port of router.
Router/Hub/Whatever the fuck you want to call it: Linksys 802.11b/4 port switch (the wireless portion is usually deactivated unless friends/relatives wan't to access it, so i've taken no measures to secure it. At some point I'll start using it more often and will, when that point comes, add encryption, keys, and whatever the fuck else it takes to keep moochers off my connection(up to and including switching to a new standard should the need arise))
Computers: Dell POS (ground floor) running Windows XP Home Edition, in same cabinet as router, wired connection; Debian Linux Box (Upper Floor)(soon to be dual booted with Windows XP home), Wired into Router w/ 50' of ethernet cable. The dell has a printer wired into it and would act as a print server for the linux box through samba's printer controls, but there's no fucking linux driver for a Lexmark X83 because Lexmark is run by wankers.

Specially trained hamsters carry hand-printed 1's and 0's back and forth between my various workstations.

Firewall, mail server, DNS server: Sun SPARCstation 5, runs OpenBSD. Three ethernet interfaces which connect to DSL modem, wireless access point (Apple AirPort 802.11b), and two wired switches. Negotiates IPSec to protect wireless clients.

Web server: Sun SPARCstation 4, runs OpenBSD. Serves a website with a phpBB bulletin board using Apache and PostgreSQL.

File server: Sun Ultra 5, runs Solaris 10. Serves miscellaneous files using NFS and streams music using HTTP.

Print and imaging server: HP 9000/712, runs HP-UX. Spools and RIPs jobs for an attached HP LaserJet and shares an attached flatbed scanner using SANE.

Darth Wong wrote:Specially trained hamsters carry hand-printed 1's and 0's back and forth between my various workstations.

I hope you don't have any cats, otherwise you could have serious packet loss problems.

Spacebeard wrote:Firewall, mail server, DNS server: Sun SPARCstation 5, runs OpenBSD. Three ethernet interfaces which connect to DSL modem, wireless access point (Apple AirPort 802.11b), and two wired switches. Negotiates IPSec to protect wireless clients.

Web server: Sun SPARCstation 4, runs OpenBSD. Serves a website with a phpBB bulletin board using Apache and PostgreSQL.

File server: Sun Ultra 5, runs Solaris 10. Serves miscellaneous files using NFS and streams music using HTTP.

Print and imaging server: HP 9000/712, runs HP-UX. Spools and RIPs jobs for an attached HP LaserJet and shares an attached flatbed scanner using SANE.

Dammit, you beat me.

Uraniun235 wrote:DSL connection via a wireless router; all computers connect through router.

Mom's WinME computer (Big One - so named back when a 1 GHz Athlon was hot shit in more than one way) connected via wireless USB network interface; wireless connections restricted to that and only that MAC address.

MAC filtering, WEP, Turing of SSID disabling DHCP are a minor annoyance to anyone with a modern sniffing application today.

They are also worse than useless because you get a false sense of security.

Instead enable WPA-PSK to secure the wireless network.

Well, that's a wonderful suggestion, except my router does not support WPA-PSK.

I live in a town of less than ten thousand. I have no neighbors in range that would know how to connect to my router, let alone break in. I live on a quiet residential street that has a negligible risk of wardriving. Compound that with the fact that my mother's computer is on for an average of perhaps one minute per day (meaning: her computer remains off for days at times) which means that for most of the time, there are no packets to sniff to begin with. Statistically, I should be more worried about some random meth-head from a few streets over breaking into my car some night.

I therefore am not feeling too motivated to shell out the cash needed to purchase new wireless equipment. Nor, I suspect, would my mother.

My setup.
Cable Modem: RCA DCM-315R
Router: Zyxel Prestige 334 router.
Wireless AP: D-Link DI-624 configured as AP only.
Wireless NIC: Intel PRO/Wireless 2200BG integrated into my Dell Inspiron 9300 laptop.
Print Server: Trendnet TE100-P2U1P connected via USB to a HP Laserjet 1200 and a HP Photosmart 7960 photo printer.

Comments.
I'm using the Zyxel router/D-Link as AP only setup because of dropped connections on the D-Link on the wired connection between it and my desktop machine .
Also the Zyxel has a true SPI firewall.
I used to use a D-Link DWL-G650 PCCard wireless NIC w/my old Inspiron 1100, but I recently sold the 1100 because I used the recent $750 off Dell coupon to order a Inspiron 9300 widescreen and it has integrated Intel wireless.
And yes, Faram, I do use WPA-PSK encryption.
Not only that, I set the signal strength from the router to 25%.

One of my neighbors has a linksys that they're running in 'out of the box' configuration with all settings at defaults.
It's the same neighbor that plays loud music at all hours, so it's tempting to just 'adjust' his settings to something more 'secure'.

The RCA modem I got new off of eBay for $30 shipped to replace the SA modem from my ISP that I was paying $10 a month rent for.

I got the print server so I could print stuff from my lappy without having to go through the desktop machine, plus it freed up two USB ports.
The only quirk about the PS is that upon initial setup, you have to disable the windows firewall so the software can detect the PS. Once you have the PS software installed, you can re-enable the firewall and it works with no problem.

One thing that made it easier to set everthing up was the excellent advice I got from Faram last year when I first bought the D-Link wireless gear.
Thanks again. The advice was very helpful.

Once I figured out that disabling DHCP on all of the gear and configuring IP's manually was the way to go, the network is stable as a rock.

Once I figured out that disabling DHCP on all of the gear and configuring IP's manually was the way to go, the network is stable as a rock.

Bah, I like my DHCP server statically allocating hostnames (and matching IPs it pulls off of the nameserver) based on MAC address- makes traveling w/ a laptop much easier (don't have to switch between static and dynamic) w/ the benefits of static IP on a home network. Don't use wireless except for a card stuck in my server for the sole purpose of... ahem... sharing connections and a WLAN card for the laptop for travel.

When I bring PC's home to work on (I fix them on the side) I enable DHCP in the Zyxel so I don't have to screw around entering MAC addresses in the router for a simple winupdate hit before returning the machine to the owner.

It's just that I learned the hard way about leaving DHCP enabled on both routers and the print server while they're all connected together.

Connection to the outside world: 1.5 MBpbs DSL connection feeding into . .

Router/basic firewall: US Robotics 802.11g wired/wireless router. WEP key 128-bit enabled and set up. Need to upgrade the firmware to support WPA, or, since I only access it using a number of cards whose MAC addresses I already know, set up the network to exclude unknown MAC addresses. On it:

1) Desktop running Windows 2000 connected via 100 MBps wired Ethernet. Sitting behind a firewall.

2) Laptop running Windows 2000 connected via 802.11g wireless card. Sitting behind a firewall.

3) Occasionally . . . PDA running Windows CE 3.0, connected via 802.11b wireless card.

Uraniun235 wrote:Well, that's a wonderful suggestion, except my router does not support WPA-PSK.

I live in a town of less than ten thousand. I have no neighbors in range that would know how to connect to my router, let alone break in. I live on a quiet residential street that has a negligible risk of wardriving. Compound that with the fact that my mother's computer is on for an average of perhaps one minute per day (meaning: her computer remains off for days at times) which means that for most of the time, there are no packets to sniff to begin with. Statistically, I should be more worried about some random meth-head from a few streets over breaking into my car some night.

I therefore am not feeling too motivated to shell out the cash needed to purchase new wireless equipment. Nor, I suspect, would my mother.

Double-check firmware upgrades for your 802.11b router, you may be able to upgrade to WPA-PSK, which is not only more secure but easier to configure because you're not stuck with fixed-length hex keys.

If you're stuck with WEP, at least go to the trouble of setting up multiple WEP keys and rotating through them on a weekly or monthly basis. It's not much but it's better than nothing.

I don't know a whole lot about networking, but I started tinkering around with the settings in the Zyxel and the D-Link and found that if I enabled DHCP on the Zyxel and disabled both DHCP and static IP's on the D-Link, the D-Link lets the laptop acquire its IP and DNS info from the Zyxel when the laptop is set for dynamic IP.

When I first set this up, the advice I was given was to manually configure everything and set the IP for the wireless out of the range used on the Zyxel in order to avoid IP conflicts with DHCP on the zyxel.

So now I have the Zyxel using DHCP (with reserved IP's for the laptop and desktop machine MAC's), both static and dynamic IP disabled on the D-Link, and everything appears to work perfectly.

Comcast.NET Cable Modem (3mbps down/384kbps up) => Linksys WRT54G => Rest of network (currently one computer and one game console).

Wireless access on the router, when enabled, is secured with a WPA-PSK and a MAC Address filter. I disabled SSID broadcast, but enabled DHCP for when I have visitors. All computers that can run firewalls are required to (visitors included).

Single port DSL router, 8 port 10/100 switched hub, 2 windows xp boxes, 1 windows laptop, 1 fedora/mandrake/ubuntu/whatever random thing I happen to be in the mood to install on it box.

Yay, I have the most sophisticated setup after Spacebeard and maybe DW...

There is also the wireless access point I forgot to mention.

ISP: Rogers Highspeed Internet
Modem: Webstar DPC2100 series cable modem
Router: D-Link DI-624 Airplus Xtreme G Wireless with a 128 bit WEP key.

Primary computer is a new P4 640 3.2 Ghz system connected via ASUS 802.11g connection that is built on the Mobo.

Secondary comp is a 2.5 year old Athlon XP 2.1 Ghz connected with a basic PCI wired connection to the router

Third comp is my brothers Dell P3 800Mhz Laptop which is connected using a Linksys 802.11g PCMCIA card.

All comps are running Windows XP Professional with SP2. First and second comp are in the same room on the same big desk and my bro keeps his laptop in his room now mostly since he got his wireless card.