Cable TV ISP Broadband Security Issue

Discussion in 'privacy technology' started by Ayan Banerjee, May 16, 2015.

  1. Ayan Banerjee

    Ayan Banerjee Registered Member

    Joined:
    May 16, 2015
    Posts:
    6
    Forgive me if I am posting in the wrong thread, but I believe this is a pure networking issue.

    Recently I have switched to a local Cable TV Internet Service. These guys do not provide any modem inside the house. Their modem is located outside from where various branched-out wired lan connections are provided to customers.Thus I have a direct lan cable into my computer's lan port. Now the problem is when I go to My Computer -> Networks, I can see a bunch of unknown computers ( who are of course the other consumers and may be an admin).
    https://drive.google.com/file/d/0B7N9qFV5QrtneGZfQnBtejcza2c/view?usp=sharing
    I was worried if any of those computers could actually access my files. So I tried to access theirs from my side. I was surprised to see that any computer without a windows password could easily be accessed. For example \\jack-Pc\C:, was showing shared drives on that PC . Those with windows password could not be accessed though.
    Just to make things clear, this has nothing to do with internet connection. Whether the internet is on or off, just the lan cable plugged in shows all these computers.
    If I turn off network discovery all the computers vanish, google tells me that network admins can access files inspite of network discover/file sharing settings. If I run 'net share' in command prompt it shows all my drives have admin share. So I am afraid that the admin of this stupid network (who could be the isp guys) can actually access my files.Well I googled how to turn admin share off tryu regedit and applied that, but I have the following questions in mind.

    1) Can a network admin access my files and folders without knowing my windows login credentials?
    2) If i disable admin share thru regedit, can he still access my files?
    3) I have noticed putting a router in between the lan cable and my computer, makes these computers vanish. So can my personal router serve as a security shield in this case?


    Just to add, unlike in corporate scenarios where network admin has all rights and the user doesn't have admin rights, here I have complete admin rights on my machine. I am just afraid if the n/w admin of this network also shares the same privilege.

    another point: My antivirus is warning me of duplicate ips, when I am connected to this network.
    https://drive.google.com/file/d/0B7N9qFV5QrtnN2hrWkJ0eFJYQWc/view?usp=sharing
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Add a router/firewall. My preference is pfSense on a low-end PC. Others like *WRT on compatible routers.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Yes, you need a firewall/router function between you and the LAN because you cannot trust whatever router is distributing to the LAN ports, nor can you trust the other computers on the LAN. Nominally, your computer login/shares are protected by strong passwords, but direct LAN access makes your machine more vulnerable to attack, and indeed, things like duplicate IPs are worrying. Since you have a router, I'd put that on immediately, but you should assess whether it's sufficiently robust for the requirement - it's a bad world out there. You may be facing a double-NAT setup presuming that your provider has implemented NAT (which should be clear from the IP address range you are getting from the DHCP server).

    Your network traffic is also potentially vulnerable to packet sniffing on the LAN segment where it is not using session encryption, which can apply to web access or mail or other communications. You will need a VPN to protect that practically.
     
  4. Ayan Banerjee

    Ayan Banerjee Registered Member

    Joined:
    May 16, 2015
    Posts:
    6
    Well the ISP provided me with the following ipv4 parameters (ip address, subnetmask, default gateway, preferred and alt DNS server). I fed those values in my own router and connected to the internet. Does that rule out the double nat problem? And about Ip address and DNS range, its like if I set my routers IP to 172.168.150.200, the DHCP start and END automatically becomes 172.168.150.100 to 172.168.150.199. I am stupid enough and do not know if that is set by my router or the ISP :(
     
  5. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    Ayan Banerjee,

    You are from India, right?

    I am from India too.

    In India, internet through cable operators are mostly the way you have described in your opening post i.e no modem, etc... & direct connection.

    I too have internet through cable operator & exactly the same things mentioned in your post i.e direct connection, visible other computers in network, sometimes get duplicate IP window, etc...

    I am not an expert so dont know if its serious prob or not. And as mentioned almost all cable operators provide internet this way.

    At my place I have tried Pacenet Broadband, Exatt Broadband, Honesty Broadband, etc... all are provided by cable operators & the same way mentioned.

    Hathway too provides net through cable in India. And I think they provide modem with built in WiFi. Hathway is not available at my place.

    Currently I am using Pacenet Broadband.

    When I use direct connection then network shows other computers & sometimes I get duplicate IP window.

    When I use router then network shows only my computer & router.

    What broadband you use?

    I too want to know if this could pose serious security threat?

    And does selecting Home/Public network in Windows FW or third party FW makes any difference to this prob?
     
  6. Ayan Banerjee

    Ayan Banerjee Registered Member

    Joined:
    May 16, 2015
    Posts:
    6

    Yes Yesnoo, ur right I am from India. I am using Wishnet now, and I have seen my friend use Alliance cable, he has the same problem too. Well as far as I understand, and as 'De Boetie' mentioned above, using a router is the simplest solution to stay away from that network.
    Now, whether 1) using a router 2) windows password 3) change default router user/pass 4) change default router ip, is safe enough, I am not sure. May be someone can help us.
    When I try to access the other computers they ask for passwords. So I guess using a password should be safe. But as in office , a network admin can always log in with a master password into your machine, can somebody explain if that can be the case here? I think NO, because I am not in the ISPs domain right? I am not cent percent sure. I hope someone can clarify us on that.
     
  7. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    I never tried to access other computers shown in the network.

    Currently I am not on my system.

    When I will be on my system, will try to access other computers shown in the network & see what happens & post here the outcome.
     
  8. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    When connected to direct connection,

    Under Network, I see---

    Computers (23) - When I click on any computers, asks for username & password. Dont know if password is not set then access will be available or not?

    Media Devices (14) - Clicking on the devices opened Windows Media Player. On the left side of the player the devices were listed. When I clicked on them, some mentioned access to the library is needed. And some were accessible i.e displayed music, pics, recorded TV, etc... & I could open & see the files there.
    Some Media Devices under Network have play button on the icon. When I right clicked those devices & selected media streaming options, it mentioned media streaming is not enabled & gave the option "Turn Media Streaming ON". I didn't go any further i.e didn't try turning it ON.

    Network Infrastructure (1) - Clicking on it showed its properties.

    Other Devices (1) - Clicking on it showed its properties.
     
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Did you mean 172.168 or 192.168.x? 172.168 is a Class B public address (that is to say, it should be directly route-able from anywhere on the internet, a bit profligate with real IP address space!). If that's the case, then you don't have a double NAT situation (but nor do you have any NAT protection - until you've connected your firewall!)

    Since the ISP has given you a fixed IP and DNS address, DHCP isn't likely to be relevant. And it's a big worry that you have duplicate IP for a lot of reasons - denial of service, because the impostor could be intercepting your traffic or using it to attack you, or because you will get a knock on the door depending on what the person has been doing. I'd raise a fault report with your ISP immediately.

    You have to treat your ISP LAN as if it were directly connected to the internet, and untrustworthy as such. There are routinely loads of attacks, which are best handled by a good firewall.

    I would confirm with your ISP, or check on their technical forums, to see how the internet connectivity is actually happening.
     
  10. Ayan Banerjee

    Ayan Banerjee Registered Member

    Joined:
    May 16, 2015
    Posts:
    6
    It was a typo. I meant 192. But as Yesnoo mentioned, this is standard issue for all cable isp, throughout India. SO I think the protocol itself is faulty rather than any particular person trying to hack into a PC. SO in a nutshell, putting a router in between solves the issue. But without the router, media files/shared files are accessible on other computers. (not sure whether these are PCs without or with windows login pass). But does'nt it seem unlikely that just logging into a network would disclose all my hard drives to the admin of that network, especially when I am not a part of the domain of that network? ANd just to add to it, does a standard antivirus firewall serve the purpose?
     
  11. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    I tested again.

    And this time number of computers were few. Few new names were there. And I could access 3 computers i.e username & password was not asked.
    When I clicked on computer name. The window opened & there were folders like MyApp, Users, etc... MyApp was empty. Users Folder - Default - AppData - Local & Roaming folders. Local had 1 folder Microsoft Help Files, Roaming was empty. Some folders had the word "share".

    Attached are 2 screenshots
     

    Attached Files:

  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Windows likes to share on LAN ;)
     
  13. Ayan Banerjee

    Ayan Banerjee Registered Member

    Joined:
    May 16, 2015
    Posts:
    6
    I have the exact same experience. I think the shared drives are wide open in the network unless someone uses a windows password. SO since you and I are ordinary users, for us a windows pass is necessary to access even shared folders on other computers. What I want to know is , whether the admin of this network can bypass the windows pass, and log into anyones computer. As far as I think, that is not possible, because no users are in the domain of this network. I would appreciate some expert comments on this.
     
  14. Ayan Banerjee

    Ayan Banerjee Registered Member

    Joined:
    May 16, 2015
    Posts:
    6
    Yes mirmir, I think microsoft is stupid enough to share stuff without the user's knowledge.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    That's a little unfair to Microsoft, no? From their enterprise-centric perspective, LAN is a trusted environment. But still, in the "Set Network Location" window, there's a "Public network" option with explanation "If you don't recognise all computers in the network, ... this is a public network and is not trusted". Maybe cable Internet providers ought to warn customers to choose "Public network" rather than "Home network" or "Work network".
     
  16. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    So, you have a private Class C address, which means you will be double-NATing.

    A standard PC AV/firewall product will normally ask you if a detected subnet is public or private (where you might want to propagate network shares). The filesharing offer necessarily broadcasts onto the local lan (that's what it's for, so that clients can find the share).

    As far as open shares are concerned, of course people can use weak or zero security. It's your job to use strong! I think it will depend on the Windows version and what passwords people are using, whether or not there is protection.
     
  17. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    I tested with Windows FW Home/Public & Avast FW Private/Public & the results were same.

    My system is Win 7 64 Home Edition.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    It's the others who would need to change, to keep you from seeing their computers ;)
     
Loading...