Acessing Internet Through LAN (How Secure)

My new internet connection works by me plugging my RJ45 cable from my
computer to a hole in the wall, ten accessing to a LAN. How secure is
this method of accessing the internet?

Can those who run the LAN see what i'm doing, what sites I'm visiting,
what i'm downloading etc.

SOrry if I appear ignorant

Thanks

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> My new internet connection works by me plugging my RJ45 cable from my
> computer to a hole in the wall, ten accessing to a LAN. How secure is
> this method of accessing the internet?
>
> Can those who run the LAN see what i'm doing, what sites I'm visiting,
> what i'm downloading etc.
>
> SOrry if I appear ignorant
>
> Thanks

If you are using a firewall on your computer, in general, no they cannot.
But if they really wanted to they could (bit like anything really) see what
dirty sites you're visiting by using a packet sniffer.

Dan

On Fri, 23 Sep 2005 03:29:21 +0100, "Dan" <(E-Mail Removed)> scrawled:

>If you are using a firewall on your computer, in general, no they cannot.

For added security a hardware firewall\router could be used in
conjunction with a software one if required.
--
Stuart @ SJW Electrical

Please Reply to group

On Fri, 23 Sep 2005 03:29:21 +0100, "Dan" <(E-Mail Removed)> wrote:

><(E-Mail Removed)> wrote in message
>news:(E-Mail Removed) roups.com...
>> My new internet connection works by me plugging my RJ45 cable from my
>> computer to a hole in the wall, ten accessing to a LAN. How secure is
>> this method of accessing the internet?
>>
>> Can those who run the LAN see what i'm doing, what sites I'm visiting,
>> what i'm downloading etc.
>
>If you are using a firewall on your computer, in general, no they cannot.

I don't follow that, at all. The presence of a firewall on his
computer won't do anything to protect his Internet traffic from
examination by "those who run the LAN". (Unless you're envisaging
some scenario I've missed?) His Internet traffic has, by definition,
been passed by his firewall, if he has one.

>But if they really wanted to they could (bit like anything really) see what
>dirty sites you're visiting by using a packet sniffer.

Quite! I imagine that such interception is very rare but he only way
to protect aginst it is to use encryption, perhaps an ssh tunnel.

Mike.

"Dan" <(E-Mail Removed)> wrote in
news:4333685a$0$49804$(E-Mail Removed):

>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
>> My new internet connection works by me plugging my RJ45 cable
>> from my computer to a hole in the wall, ten accessing to a LAN.
>> How secure is this method of accessing the internet?
>>
>> Can those who run the LAN see what i'm doing, what sites I'm
>> visiting, what i'm downloading etc.
>>
>> SOrry if I appear ignorant
>>
>> Thanks
>
> If you are using a firewall on your computer, in general, no
> they cannot. But if they really wanted to they could (bit like
> anything really) see what dirty sites you're visiting by using
> a packet sniffer.
>
> Dan
>
>

No need for packet sniffing. A LAN will have a router or gateway
device to connect to the Internet. Such devices often have the
ability to log all sites visited.

(E-Mail Removed) wrote:
> My new internet connection works by me plugging my RJ45 cable from my
> computer to a hole in the wall, ten accessing to a LAN. How secure is
> this method of accessing the internet?
>
> Can those who run the LAN see what i'm doing, what sites I'm visiting,
> what i'm downloading etc.
>
> SOrry if I appear ignorant

It may also be against the T&Cs of the LAN to connect up internet connections
not approved by the admins.
This may result in severe sanctions in some cases.

(E-Mail Removed) wrote:
> My new internet connection works by me plugging my RJ45 cable from my
> computer to a hole in the wall, ten accessing to a LAN. How secure is
> this method of accessing the internet?
>
> Can those who run the LAN see what i'm doing, what sites I'm visiting,
> what i'm downloading etc.

If the local network runs to a switch, it is unlikely that any other residents,
apart from the owner of said switch, will be able to intercept traffic, as the
switch will not send out traffic to ports to which packets are not addressed.

Broadcast packets, which include microsoft SMB LM announcements, will, however,
leak to all residents. If you have file and printer sharing enabled and no
firewall enabled on that interface, then you have a major security problem
unless you trust the other LAN users.

Furthermore, if the connection you are sharing is a fully routed connection
(i.e. you are not all hiding beind a NAT box) then all of your systems can be
seen from outside.

What is the IP address that the (whatever it is) offers you when you connect to
that port? If it's a 10.x.x.x or 192.168.x.x or othe RFC1918 address, you are
probably hiding behind NAT, although the owner of that NAT box could forward
some incoming connections to you.

You should assume in all cases that the owner of the wires can see what it
travelling over those wires. There are ways to avoid this by tunneling to a
known friendly site via PPP over SSH, using GPG, etc. but the owners of the
wires could object to that, for whatever reasons their terms and conditions of
access may provide, and if they are routinely monitoring their network, doing so
may point the searchlights in your direction real quick.

On Fri, 23 Sep 2005 11:24:09 +0100, Jim Howes
<(E-Mail Removed)> wrote:

> If the local network runs to a switch, it is unlikely that any other residents,
> apart from the owner of said switch, will be able to intercept traffic, as the
> switch will not send out traffic to ports to which packets are not addressed.

Arp cache poisoning will readily solve that minor irritation in most
cases.

Dave Dowson wrote:
> Arp cache poisoning will readily solve that minor irritation in most
> cases.

It's been a while since I had a play with that particular concept. How true.

However, your average Joe User with Windows XP and perhaps Ethereal has no clue
how to send out such mangled packets. The average script kiddie has no idea
what such packets are, just that he has a tool that can mung a network in a few
seconds (said script kiddie would probably find me hitting them repeatedly about
the head with their front door, having just smashed it down, if I were the
netadmin in the typical (university residential) environment that the OP's
network is used)

Jim
--
I'm sometimes of the opinion that 95% of network abuse problems can be solved,
or rather should be solved, by violence.

On Fri, 23 Sep 2005 12:54:41 +0100, Jim Howes
<(E-Mail Removed)> wrote:

> Dave Dowson wrote:
>> Arp cache poisoning will readily solve that minor irritation in most
>> cases.
>
> It's been a while since I had a play with that particular concept. How true.
>
> However, your average Joe User with Windows XP and perhaps Ethereal has no clue
> how to send out such mangled packets.

Maybe not - but then they can just download a utility to do it all for
them.

> The average script kiddie has no idea
> what such packets are, just that he has a tool that can mung a network in a few
> seconds (said script kiddie would probably find me hitting them repeatedly about
> the head with their front door, having just smashed it down, if I were the
> netadmin in the typical (university residential) environment that the OP's
> network is used)

Perhaps - but if we are talking about a Uni environment then shouldn't
we assume that at least some people have a clue? I have no idea how
sophiticated the monitoring is on the typical Uni network (such things
didn't exist in my days at Uni) but with bogus/spoofed MAC addresses
I'd expect you could avoid detection long enough to capture rather a
lot of useful data on other people (particularly if the person in
question was dumb enough not recognise a spoofed certificate on a
supposedly secure connetion). Or should we assume that all Uni
students are bright enough to not fall for the 'tricks' you can play
on a LAN which are simply not possible on the Internet at large?