Page 1 of 1 [ 13 posts ] 

PeterMacKenzie
Veteran
Veteran

User avatar

Joined: 15 May 2005
Gender: Male
Posts: 626
Location: BANNED FOR DISCUSSING RECENT BANNINGS!

22 May 2005, 8:17 pm

I'm so happy :D I just set up my first ethernet LAN. I had a hell of a time doing it too, with all manner of protocols and settings that I didn't have a clue about, and an unfortunate incident with some faulty hardware that had me stumped for a while.

Anyway, I now have 2 windows boxes, 2 macs and a windows/linux dual boot connected to a router, so finally I can get online from any one of them. There are still some problems to sort out though; I can only seem to get online on one machine at a time. My geek sense is muttering something about MAC spoofing, but I'm tired and it says crazy things in the early hours of the morning and my geek meta-sense is telling me it's wrong, so I'll just have to muck about and see if I can improve things.

Also, transferring files between machines isn't goint too well. One of the macs with OS9 is ok, but the other with OSX doesn't want to share. I can't figure out the win 98 and win ME (damn I hate win ME) settings for sharing either, and such likely candidates as 'network neighbourhood' refuse to do anything helpful.

Security is an issue I've still to look at too. Besides the perils of them thar interweb thingies, one of the machines is used for home internet access by my mum (the ME one, which is why I didn't wipe the OS ages ago), so I'd like to figure out how to stop that machine from being able to access the others on the network. The limits of my security expertise are 'avoid IE, outlook and anything that's along the lines of N4k3d0rZGi7lz.exe', so help here would be appreciated.

Anyone know anything really interesting I could do with a small network like this? I'd like to play around with cluster computing and stuff, but that's probably getting ahead of myself. It would be a bit boring to have spare machines doing nothing if they could be doing something useful. Maybe I'll just load them up with distributed protien folding or something.

Btw, how does anyone get used to browsing with only one button? I'm using safari for the first time on a G4 iBook, and it's not the smoothest of experiences. I want my right button and scroll wheel! :(


_________________
Banned for discussing the recent spate of bannings.


NotBlueAspie
Yellow-bellied Woodpecker
Yellow-bellied Woodpecker

User avatar

Joined: 7 Apr 2005
Gender: Male
Posts: 57

22 May 2005, 10:30 pm

You can get two-button mice for macs...



jman
Veteran
Veteran

User avatar

Joined: 23 Oct 2004
Age: 40
Gender: Male
Posts: 1,278

23 May 2005, 1:58 am

Whats the make and model of the router you're using? Also have you considered going wireless? i have a WAP(wireless access point) at home and it works great. It's a Microsoft router. I used to have a linksys, but the little bugger(lol thats funny I say little bugger, linksys routers look like bugs :lol: ) failed on me one day and wouldn't power up.I love wireless networking because you don't have to worry about running cable all through the house. The only problem with wireless networking is that it's insecure. I would not reccomend it for any company. However, the newer home WAPs have all kinds of security features such as MAC filtering, WEP encryption, and the ability to hide your SSID.

Quote:
My geek sense is muttering something about MAC spoofing, but I'm tired and it says crazy things in the early hours of the morning and my geek meta-sense is telling me it's wrong


Listen to your "meta-sense" MAC addresses are in no way universal. They are unique identifies for network cards and other network devices. It's very rare to have NICs that have dupilcate MAC addresses on any given network. One thing you might want to check is to make sure you don't have duplicate IP addresses. Also make sure each IP address are on the same subnet. A small home network like that would probably require a class C addressing scheme. The defualt scheme is usually 192.168.2.*. So for example your router should use the address 192.168.2.1. that address would be your default gateway presuming you're router is hooked to cable/DSL.then machine 1 for example would use 192.168.2.2 In a class C addressing scheme you can have up to 254 nodes, meaning you can have up to 254 devices on your network. Since this a home network you might want to use the default subnet mask of 255.255.255.0 .These settings should go into each of your machines network settings. Also another thing i have to ask you, is your router DHCP enabled? DHCP is the broadcasting of ip addresses and assigning them to the different machines.That way you don;t have to enter all this info manually. Also are you using a switch as well?

Quote:
There are still some problems to sort out though; I can only seem to get online on one machine at a time



Quote:
with all manner of protocols and settings that I didn't have a clue about


what protocols don't you know about? maybe I can be of assistance. I wish i could give you more help in setting up your network, but I need to be there so I can assess the situation further. Plus I don't know much about networking macs, i;ve never done that before. But i'd definetely reccomend going wireless if you can afford. Buying wireless access cards for each of those machines could be costly, especially on a mac :? But most WAPs today have switches built into them, have DHCP enabled, have all the secuirity features i mentioned above, and are generally easier to set up. Let me know if their is anythintg i can help you with. :)



PeterMacKenzie
Veteran
Veteran

User avatar

Joined: 15 May 2005
Gender: Male
Posts: 626
Location: BANNED FOR DISCUSSING RECENT BANNINGS!

23 May 2005, 8:02 am

<Grrr... Comp crashed, so now I'll have to retype this>

The router is a 4-port safecom adsl model.

Image

I considered using wireless, but like you said, I was concerned with security, especially as I hope to use this network for business purposes at some point. I also know someone who has bad problems with inteference on his wireless network, but also I like cables. I have a thing for real life spatial problems, like arranging my plants so that they gather as much light as possible, so stringing cables about the place is fun for me :P.

The 'only one machine connecting at a time' thing seems to have sorted itself, but I don't know why. Maybe they just all needed restarted to work properly (the great rain dance of the comp world, second only to hitting them).

The default address for the router is 10.0.0.2, and everything connected to it has been automatically assigned things in the 10.0.0.3 - 10.0.0.13 range. The default subnet mask (I've looked up the definition for 'subnet mask', but don't really know anything about it in a practical sense) for the router is 255.0.0.0 (LAN setting), and this has been assigned to all the machines connected to it. The WAN subnet mask for the router is 255.255.255.0.

Quote:
In a class C addressing scheme you can have up to 254 nodes, meaning you can have up to 254 devices on your network.


I take it there's a B class or something for if you exceed that limit (not that I ever will, mind you)?

Quote:
Also are you using a switch as well?


3 of the machines (2 macs, 1 win) are connected to an 8-port 10/100 switch, which in turn is connected to the router. The other 2 machines (2 win) are connected directly to the router. One of the ports on the router is broken (thanks ebay), which has caused me considerable confusion.

Quote:
what protocols don't you know about?


Just protocols and network concepts in general really. Networking is very new to me. Looking at the stuff in my router settings for instance, I have no idea what 'RIP configuration', 'ATM status', 'bridge filtering' or 'virtual server' are, and only a vague theoretical understanding of the route table, DNS and NAT.

Thanks for helping


_________________
Banned for discussing the recent spate of bannings.


danlo
Veteran
Veteran

User avatar

Joined: 11 Mar 2005
Age: 40
Gender: Male
Posts: 1,079
Location: Western Australia

23 May 2005, 8:35 am

The subnet mask tells the network which part of the IP address is the host, and which is the network segments. The subnet mask allows you to do nifty things like subnetting to allow your network more IP addresses to use. Your network is a class A network, far bigger than you need.
It should be pretty basic once you've installed all the protocols. Add the machines to a single workgroup, and you're off. Security-wise, you only have the local security system. You need local profiles on each computer.

NAT is Network Address Translation, and is necessary for internet connection sharing.
RIP is Routing Information Protocol, and is a protocol used for dynamically updating routing tables stored on each router on the network. With only 1 router, you won't need this.



PeterMacKenzie
Veteran
Veteran

User avatar

Joined: 15 May 2005
Gender: Male
Posts: 626
Location: BANNED FOR DISCUSSING RECENT BANNINGS!

23 May 2005, 8:53 am

I've been looking at the router firewall, but don't really know what to do with it. I've turned on the following:

IP Spoofing checking
Ping of Death checking
Land Attack checking
Ressambly Attack checking
SYN Flooding checking
ICMP Redirection checking
Source Routing checking
Winnuke Attack checking
Hacker log

I'm not sure if I should do anything with these:

router wrote:
The following services can be configured based on your specific need.

Ping from External Network
Telnet from External Network
FTP from External Network
DNS from External Network
IKE from External Network
RIP from External Network
DHCP from External Network"


I also don't know what "Firewall Databases" does, and the 'inbound policy database' is pretty confusing.

danlo wrote:
Your network is a class A network, far bigger than you need.


Are there any performance or security issues with that that would make a class C network preferable? And if so, do I just change the subnet mask in the router settings from 255.0.0.0 to 255.255.255.0? Also, what do you do if you need something larger than class A? :P Move onto IPv6?

Quote:
Security-wise, you only have the local security system. You need local profiles on each computer.


I'm not sure what you mean by this. Could you elaborate please?


_________________
Banned for discussing the recent spate of bannings.


jman
Veteran
Veteran

User avatar

Joined: 23 Oct 2004
Age: 40
Gender: Male
Posts: 1,278

23 May 2005, 10:35 am

Those sound like good security features in your firewall. A syn attack for example is when someone sends a flood of TCP requests to your machine slowing it down to a crawl.A winuke attack is when someone sends a flood of pings to your machine.

The following services can be configured based on your specific need.

Ping from External Network
*A ping is a request from another machine a respone in the form ICMP messages.ICMP is internet control message protocol which I'd rather not get into details about cause it will take too long.
Telnet from External Network
*Telnet is a terminal based service thats runs a command line that would be used to connect to a remote machine
FTP from External Network
*file transfer protocol
DNS from External Network
Domain Naming services used to setup domains such as 'wrongplanet.net'
IKE from External Network
*IKE???
RIP from External Network
See Danlo's explaination aboce I don't see the point in typing it again :roll:
DHCP from External Network"
*DHCP Dynamic Host control protocol used to broadcast IP addresses that are to be assigned to each Machine.

[/quote]Are there any performance or security issues with that that would make a class C network preferable? And if so, do I just change the subnet mask in the router settings from 255.0.0.0 to 255.255.255.0? Also, what do you do if you need something larger than class A? Move onto IPv6?

Quote:

I don't think their really is any performance isssues, their is just no need for you to have a class A subnetting scheme can millions of machines. However,you said your WAN is using a class C, if thats the case then your ISP must be pretty small. Otherwise you might want to check your WAN settings or check with your ISP because as I discussed earlier class C can only support up to 254 nodes. Your ISP should at the very least be using a class B subnetting scheme. I think Ip v6 is still in the experimental stage.

Quote:
Quote:
Security-wise, you only have the local security system. You need local profiles on each computer.


I'm not sure what you mean by this. Could you elaborate please?


perhaps he is talking about the local profiles for each machine for each user not sure what that has to do with ethernet networking and routers.




PeterMacKenzie
Veteran
Veteran

User avatar

Joined: 15 May 2005
Gender: Male
Posts: 626
Location: BANNED FOR DISCUSSING RECENT BANNINGS!

23 May 2005, 11:03 am

jman wrote:
*IKE???

Google wrote:
To properly establish a third party's identity, Internet Key Exchange (IKE) and Public Key Encryption are often used. This involves the use of public and private keys to sign packets and unlock encryption algorithms. IKE also supports automatic key refresh, which further improves security.


I wasn't so much asking for a definition of all those things as I was asking if I should configure my firewall to disable them. Sorry if I wasn't clear about that.

jman wrote:
I don't think their really is any performance isssues, their is just no need for you to have a class A subnetting scheme can millions of machines. However,you said your WAN is using a class C, if thats the case then your ISP must be pretty small. Otherwise you might want to check your WAN settings or check with your ISP because as I discussed earlier class C can only support up to 254 nodes. Your ISP should at the very least be using a class B subnetting scheme. I think Ip v6 is still in the experimental stage.


I doubt that my ISP would be considered 'small'. I'm with British Telecom :P. It works though - I'm online through it right now and all my machines can ping each other.


_________________
Banned for discussing the recent spate of bannings.


danlo
Veteran
Veteran

User avatar

Joined: 11 Mar 2005
Age: 40
Gender: Male
Posts: 1,079
Location: Western Australia

28 May 2005, 1:50 am

Quote:
Security is an issue I've still to look at too.

Quote:
I'm not sure what you mean by this. Could you elaborate please?

He was wondering about security, so I was telling him he only has local computer security for his profiles. I did not realize he was meaning network security, ie firewalls, from hackers.

Onto other things:
The IP address of your router, of 10.0.0.2, will just be your internal address. Routers like that have 2 addresses, an external and an internal address. Its external address has to stay the same or you'll lose your connection to the internet, but the internal address is changeable and whatever you want it to be won't change the performance of anything.
About your router firewall, just enable everything. I know you didn't ask for definitions, but I may as well anyway.
IP Spoofing checks if the packets your computer receives are faked aka spoofed.
The Ping of Death checks IP packets that exceed the maximum length (65535 octets).
Winnuke is a DoS attack. Basically, its sending lots of packets to your machine to eat up bandwidth. Information overload.
The hacker log logs the IPs of all the packets that fail the checks. So if someone attempts to DoS you, the log will log their IP and you can do what you like back to them.
The other crap I have no idea, lol.

There is no security or performance issues with having a class A network, with only a few computers. If you need something larger than a said class there is a thing called variable length subnetting. Say you have a network of 125.16.0.1, using subnetting you can change the place where the network segment ends and the host segment begins. You have 2 octets where you can split into additional network/host segments. Say you split halfway through the first octet. You would then have 4 possible subnets with 4092 possible hosts in each. You would then need a subnet mask of 255.255.240.0 (Someone may need to check my calculations, lol).



jman
Veteran
Veteran

User avatar

Joined: 23 Oct 2004
Age: 40
Gender: Male
Posts: 1,278

28 May 2005, 6:53 am

Danlo,

You sure seem to know alot about networking, have ever considered pursueing a career in the IT field?



PeterMacKenzie
Veteran
Veteran

User avatar

Joined: 15 May 2005
Gender: Male
Posts: 626
Location: BANNED FOR DISCUSSING RECENT BANNINGS!

28 May 2005, 6:39 pm

I'm reading this to get more of an idea about the subject:

http://nsa2.www.conxion.com/cisco/guides/cis-2.pdf

It's the NSA router security guide; by paranoids, for paranoids. It's really quite good.


_________________
Banned for discussing the recent spate of bannings.


danlo
Veteran
Veteran

User avatar

Joined: 11 Mar 2005
Age: 40
Gender: Male
Posts: 1,079
Location: Western Australia

29 May 2005, 8:04 am

I've only done my MCSE (Microsoft Certified System Engineer) qualifications, in Windows 2000 server. But the jobs are few and far between here in Western Australia, so I've had to give up on my hopes for such a job. The catch22 of IT: Can't get an IT job without experience, can't get experience without a job.
I now work at the Police Department, and am hoping I can someday slide across into an IT job. Government is the best place to do that, apparently. In the meanwhile, my skills are on the slide down as MCSE requires updating everytime a new OS comes out, and they're expensive courses.



PeterMacKenzie
Veteran
Veteran

User avatar

Joined: 15 May 2005
Gender: Male
Posts: 626
Location: BANNED FOR DISCUSSING RECENT BANNINGS!

31 May 2005, 10:00 am

Maybe there's a market for networking services? I met a couple in a business partnership ,while I was on some business courses, who were setting up a business that focused on setting up networks for dentists, lawyers, small offices etc who didn't have the time or knowledge to do it themselves. It was all word of mouth, with them going along the lines of "Yeah, that tooth there... Say, you've got a lot of zip disks lying around. Do you have a network? <Gives card>". Last I heard, business was very good.


_________________
Banned for discussing the recent spate of bannings.