How to ( safely? ) share Comcast with Sketchy Dudes?

I just moved into a small house I'm renting from a man who said
Comcast internet access was included. Turns out the place I'm
renting was never subdivided from the lot/house next door where
his very sketchy son lives with two equally sketchy friends, and the
landlord was counting on this making it okay for me to run a cable
from the router in their place ( it's hooked up to a Comcast modem )
over to my place.

I checked with Comcast, and they're fine with it because the two lots
are legally the same property, which he, the father, owns, and because
the bill is in his, the father's, name. Sketchy son is fine with it, too,
and says he has an unused port on his router I can use for the purpose.
I haven't seen it, but I presume his router is an older one, as I
understand he's had Comcast as an ISP for several years.

I've read Nickspohn's very helpful intro "sticky", and have looked
around the web some, but I still have some questions:

(1) How risky is this re security against malware and such?

(2) If the son or his friends do something really stupid, dangerous,
or illegal on the web, could they viably claim that I was the culprit?
( They're not hackers at all, just "computer literate" enough to find
gambling sites and sites with nekkid females, actually ... a more
direct phrasing for the same was disallowed by editor. )

(3) Is there some way I can introduce a ( extra? ) layer of isolation
between my web access and theirs, e.g. a hardware firewall, or
some such device, even though we'd all be using the same
router?

Don't know if it matters, but I'm planning to run Ubuntu; he and his
friends are using XP, so ...

(4) I was also wondering whether using different OS on different ports
of the same router presents any kind of difficulty?

I know it'd be cleaner to get my own connection, but I'm returning to
school and really don't want to spend another $50/month if I can
reasonably avoid it.

Thanks in advance, and thanks, especially, to those of you who've
contributed here so freely already. I've learned a lot from your posts;
great stuff.

 

Well your traffic will never be safe and there is nothing extra you can do unless every webpage you go to is encrypted which would be impossible.

 

cain and abel....nuff said.


get off that **** or tunnel ALL your traffic through somewhere else.

 

Thanks, I didn't know, and I don't need to ask for that kind of trouble.

But could someone explain why it'd be more problematic than just sharing a typical wireless connection in a pub or an airport? Is it because they have physical and administrative control of the router, and could ( if they knew how ) use that additional ability maliciously? Or is it just because they're ... well, sketchy, and are more likely than your average pub customer or airport user to be looking at risky sites? Or is it because responsible providers of free Wifi in public places configure their equipment to try to isolate users from each other some to some extent - e.g. to try to prevent packet sniffing and keystroke loggers and such?

I'm asking out of curiosity; based on these two answers, I'm not going to try to use their connection. I'm very unfamiliar with networking, and wouldn't know how to tunnel all my traffic through somewhere else ( that'd be somewhat like setting up a VPN or some similar arrangement, I suppose? ) - but I'd like to understand where the majority of the the risk lies.

 

Not very safe

 

Right, I get it that it's not safe. But what's unsafe about it? i.e. what are the specific risks, and why is it any riskier than using WiFi at Starbucks, given that these guys barely know how to turn their computers on?

 

well they can get your logins and credit card #'s, and i though you said they were computer literate?

even at a place like starbucks it isn't safe, someone can just start sniffing for packets and collect private information.

 

well if you want me to really rape the **** out of you let me start

every email password, every credit card credential, everything you send out that wire is now mine.

I can then take that and a)sell it b) **** with you and drain accounts C)be the nice guy and just do it for fun.

DONT DO IT.

 

Amen like focus said... Cain & Abel... and while you need to know a little about computers you don't need to know much at all.

Point in case: My friend borught down an entire school network all because he didn't want a teacher to be able to access our grading network and put in some of his recent bad grades........... then there was the time he got bored and cracked all of the admin passwords..

 

so really I could describe a simple way to fix this but even then its not perfect

you tunnel all traffic through your ISP to another ISP and out from there. it works great...just a little bit slower at times.

 

focus... what about GoTrusted? I have not used it but its supposedly a decent IP scrambler/ tunneler - at least from what I've heard

 

Thanks, I appreciate the info. No, I'm NOT going to do this ... unless reading up on focus' suggestion about tunnellng convinces me that it'd be okay.... even with the speed penalty that tunnelling introduces it'd still have to be considerably faster than what I'm using now.

I'm on Clearwire now, but need to drop it - I call 'em "Clearliar"; they advertise 1.5 Mbits, but consistently deliver less than one-third that rate, even with all the "connection quality" lights lit on their Motorola modem.

( Nood, I think I said something like "they're just computer-literate enough to find gambling sites and sites with nekkid females"; I doubt any of them could name a single programming language, if asked. )

I'll look on Google for info on how to set up tunnelling, but if anyone has any links that are especially good on that I'd appreciate that, too. Thanks again for your help and thoughts on this.

 

you can do it pretty easily actually. since all your probably concerned with is web traffic

do this

download putty
find a shell account somewhere(I can sell you one)
configure a dynamic tunnelling port in putty and SSH into the shell account
configure firefox and your IM client and email to use a socks server and point it to localhost:xxxx whatever you set in putty

then enjoy life!
http://www.jonlee.ca/how-to-secure-your-traffic-using-an-ssh-tunnel-with-putty/

 

no offense, but most of the "advice" described so far are nothing but propaganda used by very paranoid persons or persons with dubious intention seeking to conceal their seedy internet activities.

in this day and age, one should worry more about confidential information being stolen by trojans/malware on his computer rather than being intercepted during its journey through the internet. anyones whos used a packet sniffer like wireshark knows there's no way to retrieve https login, which almost every credible webmail/shopping/bank website employ. the most harm one can expect from using a unknown lan is possibly having your webhistory pry into.

overall i wouldnt worry much about losing personal information by using a shared internet gateway. dont use unencrypted logins, manually set dns servers, and if you're really paranoid, use webproxys to hide your surfing history is all you really need to be honest. all this talk of tunneling is assuming the gateway owner knows so much about web security he is able to write custom packet decoder, in which case theres no way to protect from man in the middle attack so its pointless discussing security measure to begin with.

 

want to challange me on that....let me sit between you and your gateway and we will see how comfortable you feel.

and what are you talking about with tunnelling? its super easy to do. did you even look at the link?

and a man in the middle attack can happen at anytime since he does not know what hardware is over on their side.

for example they have a switch with a port mirrored. or even better yet. a hub that rebroadcasts all packets across all ports.

Do you know a thing about network security dude?

 

Wow, good stuff here; thanks! More specifically ...

Bubbleboy: Thanks for the suggestion re GoTrusted. I checked them out, and their service looks like the sort of solution I was hoping for, except it doesn't work with GNU/Linux. Your suggestion, following up on Focus' initially more general ones, were very helpful in themselves, but more so in that they got me looking around the web for info on the overall problem and the various commercial and free solutions offered. I'm still a long way from understanding those ( or, I'm afraid, Focus's detailed instructions, which I nevertheless appreciate ) but the process of trying to has been fun and interesting.

( Off-topic, to Bubbleboy: You of course know that if your friend really did crash his school's grading system and crack the admin passwords as he claimed that he was commiting a felony? And if that's not particularly disturbing to you in itself, please consider that doing the former, at least, was just mean: All he did was cause more work for some underpaid sysadmin and for overworked, underpaid teachers without permanently changing anything. You may feel differently, but I'd probably end the friendship if a friend admitted the same to me. )

There148: Your point re https is well made - that hadn't occurred to me - as are your suggestions re setting your DNS manually and never using an unencrypted login; thanks. But IMO your first paragraph would have been better left out; like your repeated use of the word "paranoid", it's pretty much flame-bait, and prefacing it with "no offense" doesn't make it any less so. IPv6 implements IPSec which, if I understand it correctly ( and perhaps I don't - I've never really thought or learned much about networking before; just never had any reason to ) achieves pretty much the same end result that Bubbleboy and Focus were recommending via the use of tunneling or VPN-related solutions. My point in mentioning that is that there are many others out there who feel differently about web security than you do, enough so that what appears to me to be a similar technology has found its way into the IPv6 standard. In the specific case I originally asked about, though, your more moderate ideas re security might be sufficient, in that the guys I'd be sharing a router with aren't AT ALL likely to have the mojo to initiate any snoopiness themselves, although the sites they're looking at ( gambling sites and nekkid female sites, as I understand ) are more likely than, say, Wikipedia, to harbor viruses and such.

Focus: Thanks for the specific suggestions. As I mentioned (above) to Bubbleboy, I'll need to study up a bit more before I can make proper use of them, but I do greatly appreciate the info. I'm swearing off Microsoft products, something I've wanted to do for a long time, and am hoping one of the GNU/Linux distributions ( looking most closely at Ubuntu, currently ) will have some of what I'm looking for built in or available in a package.

 

Great link, Focus, viz.

www.jonlee.ca/how-to-secure-your-traffic-using-an-ssh-tunnel-with-putty/

now that I've had a chance to look it over some. Jon Lee's site is a great resource, and I'll be looking into puTTY more, as well as seeing what's built into Ubuntu, if anything, to accomplish a similar result. Thanks again!

 

no problem. the only trick with tunnels like this is the software needs to support it. more often then not you can find common software that supports socks

 

You may want to look at Himachi. Not sure it it will meet your needs since logmein bought them.

http://en.wikipedia.org/wiki/Hamachi

 

Elias: Yes sadly I did know that, but I had no hand in it and only heard of (and verified) it. And all they redid was restart the system so as soon as it was up teachers could export their grades, in the end he changed nothing

 

wouldnt simply buying a second router and putting it between their router and your pc work?

 

It would kuram... but if he wanted to do that the ethernet jack in his room should work anyways.. which if he had no part in it the landlord should fix anyways...

 

A router *behind* a router? I like the sound of that, especially the "simply" part in Kuram's suggestion. Didn't know you could do that, and I'd like to convert the wired access I'm being offerred to wireless, anyway. Would buying a router that implements some degree of hardware encryption do the trick, do y'all think?

( Bubble, I wonder if you might have been thinking of a very similar post by "Methal"? That would be an understandable mix-up, in that I actually replied to that one at some length, so my login appears - as the most recent poster - on that one, too. In my particular case I'd be running a cable between two houses that the same person owns - I rent one, and the landlord's sketchy son lives in the other. He and his low-life housemates have Comcast, and they're neanderthals re computer technology. ( Takes one to know one? ) I'm willing to bet that THEY are no threat in themselves - only the sites they visit - so if I were to use one of their router ports I'd be worrying more about the sites they go to than any harm or data capture that they might be able to cause directly and intentionally. )

Thanks, blue68f100, for the suggestion re Hamachi. I spent quite a while reading up on it, and following related links. My initial impression is that it'd be an excellent choice, and more than adequate for the relatively limited goal I'm hoping to accomplish in this.

Overall, though, I'm getting the impression that if I'm really going to make an informed choice in this I'm going to have to spend considerably more time learning about networks. I've always meant to do that anyway, and this is as good a reason as I'm likely to get to do so.

I've learned a fair bit already, relative to what I knew 24 hours ago, that is, just by reading what people have posted in reply here, trying to understand what they've written, and following the links suggested. Great stuff, and much appreciated.

 

:-X My bad I somehow managed to not pay attention and writei n the wrong one I think

 

I use multiple routers in my setup. But if you don't control the main router it's a mute point. All they would need to do is put a hub in your line (or managed switch), they all packets can be captured. A software FW will do the same function as a 2nd router. Multiple routers are nice in having multiple layers of security. Like having WEP clients on the main and 11g off the second one. So if someone brakes the wep the wpa is still secured behind a router/FW. I setup my second router on a different subnet, my main router supports multiple lans. So all traffic on it will not interfere with my main router/network. And in turn I can not see it's traffic or pc's. Kind of like having a guest wireless for clients why your employees have a seperate network they work off of.

 

Since you're sufficiently worried about your security to be considering all of these machinations, another alternative is to either obtain your own account from Comcast, or get your landlord to obtain a second dynamic IP address for the current account (for which you would then pay the differential - the increase in price due to the second IP), and run it through a second cable modem.

In either case, you would still be running a cable from your rented house to the sketchy-dudes house, but in this case, you'd be splitting the coaxial that feeds all the cable signals onto the property at source, and running a second coaxial line from the sketchy-dudes house to yours instead of running an ethernet cable from your house to the sketchy-dudes' router. Mind you, I suppose the sketchy dudes could still tap your second line, but it'd be a lot more difficult than just playing around with a router they control, and unnoticeable tapping could be minimized by making sure that the split point is outside, up high, and the splitter is sealed against weather (and thus, against unsophisticated prying, as any ham-handed prying would damage the sealing and make tampering clearly evident).

Other than going to your own fully separate account, with a second wire run from Comcast's streetbox (or mainline) down to your rented house, the above seems to be the best way to segregate your internet access from the sketchy dudes.

 

No worries, Bubble; the two threads are quite similar in topic, if somewhat less so in content, and my login was associated visually with both, for a bit.

And Blue, thanks for the more specific info about how you've set up with two routers - makes good sense, and it would never have occurred to me to do that.

And Shyster1, what can I say except ... Brilliant! Absolutely giddy with delight! So pleased with your suggestion that I swung the wife's cat around the room in jubilation! ( Just kidding, but wanted to! ) Makes me downright embarrassed that I didn't RTFM to even know that was possible. Only defense is that it *is* kind of burried in Comcast's site, and I assumed access to that level of technical detail would be available only to current subscribers, i.e. that I'd need to ask my landlord for his account ID and perhaps online password to access that fine-grained a level of technical detail.

Good on you; thanks! I can't do it immediately, but I'll contact Comcast this evening with a specific request about this, about the cost, installation details, if any, and so on.

 

Shyster1 wrote: "Since you're sufficiently worried about your security to be considering all of these machinations, another alternative is to either obtain your own account from Comcast, or get your landlord to obtain a second dynamic IP address for the current account (for which you would then pay the differential - the increase in price due to the second IP), and run it through a second cable modem."

Update: I just completed a "live chat" online with a Comcast rep; the fee here in the States for an additional IP address is $5.00 extra per month. Sweet!

 

That's not a bad price.