Show Off Your Network!

[wingcom]

Not trying to spoil your fun, but isn't it a bad idea to put all this info on a public forum?

 

I agree... I went through alot of trouble setting things up as secure as possible so sharing it here doesn't seem like a good idea.

 

Allthough my homelan is pretty secure, I prefer it remains a black box for the bad guys. And internal ip or not: What if they find (or already know for that matter) an exploit in this forum and retrieve your ip-adresses then that internal ip address or network architecture is not what you want to give away now is it?

[ianw1974]

All they have is a diagram. That's not going to help them any more than that. Once they've hacked their way through your router or firewall, they will know your internal ip range anyway, and then just have to find machines that are active, and then find open ports and hack them until they gain access to the machines.

 

Also note, they can probably map out your network anyhow themselves once they've gained access to your network!

 

And of course, if you don't want to share it here, then that's OK too :)

 

I have no problem sharing mine.

[Darkelve]

"All they have is a diagram."

 

So basically, you saved them the trouble of figuring out how your network is setup, or am I wrong? I have no problem with you or others sharing their setups here, I'm just echoing my feelings that I suspect this might be dangerous.

Edited February 13, 2007 by Darkelve

[ianw1974]

Well, OK. So they know how my network is set up.

 

But they need the IP information first. Of course, from my profile it shows I'm in UK or Poland. So they've got to try and find me in one two countries.

 

So, if they wanted that, I'd have to give them my IP manually, which is DHCP assigned when I'm at home. Most of the time I post on this board, I'm at work, so if they did manage to hack this board, then all they'd have is my work IP. Or if they are really lucky, then they'd have my home IP, which might be the same unless my ADSL router has reconnected and obtained another IP address.

 

On top of that, my router has a bit of a problem in that I can't gain access to authorised and configured services, let alone ones that are completely secured.

 

They can't connect to the router, because no ports are open, and remote management is disabled. If they managed to find a way through this, I'd be very surprised, but then I guess they're the experts for this. So, once they've gotten through the router, they've then got to work on my firewall.

 

So, they know what it is from my network diagram, but I forgot to put what model. So they've got to figure out which one it is to be able to find a way to hack it. Once they've gotten through this, then yeah, they're in my network, but then there is firewalls on all the machines as well.

 

I think they'd find someone else far more important to hack, since I've got nothing to offer them anyway :)

 

But also, it'd take them a long time I would have though to get through what I've got so far. Even considering they don't know IP details, usernames and passwords, etc.

 

Technically, you can be right. It could be dangerous. But I'm not exactly how sure it could be. I just wanted to explain a bit more about my setup and what they might have to go through to get in, in the first place.

 

The main big problem is the router, because no matter if I open a service, for ftp server for instance, I can't even access it myself normally when everything is configured correctly. So even that it's completely secured, I'm pretty sure it's even harder.

 

Just my opinion :)

[wingcom]

Ok, in your case ianw1974 its probably safe to share it since your router wont even let you in :D

 

But its a good headsup to ppl not to put toooo much detail in it because some members included router-names and types, firewall types, etc etc. It all makes life for the attacker much easier and from the diagram it might also be possible to determine "easy" targets. I don't say this counts for everyone but just think it through before you post.

 

On the other hand: its a forum about hardware and software that ppl are running so there is always good info here if the bad guys really want you :P my ip-ranges can be found here too and sometimes there is no escaping this if you want to be helped ... but a map is giving away all info on a centralized location.

[sjaglin]

I tend to agree with Ian, if someone wants to hack on my system, no problem, just ask I can give you all the info, once you re on my system you ll be able to play Tux racer with me, I can t think about anything more valuable on my system...

 

Just glad we triggered so much activity!

 

;)

[tyme]

Network diagram are only useful when attacking large networks and trying to route your way through various layers of security. If someone is trying to hack your home PC, they probably have no use for a network diagram - as the layouts of home networks are really very simple (compared to say, a corporate intranet).

 

Really, thinking that someone here is going to use my network diagram against me is somewhat misguided (IMHO). There is more useful information already available about me just because I visit this forum and have a website. I could easily get the IP addresses of everyone who visits this forum, without their knowledge, and without using any administrator powers. A simple PHP script that creates an image placed in my signature can easily get me much more useful information than seeing diagrams.

[wingcom]

Well you are right and I AM being awefully paranoid but I like to think thats why I'm still pretty sure no one is watching my traffic, viewing my home through a webcam, intercepting my bank account details, get into my coorporate network through me or watching me play tux racer for all I care they should not see how bad I am at that game :)

 

About that coorporate network: let's say you work for IBM. Your mail adress is somehow linked to your real name which is found on the website of IBM. They cant get in the normal way so they start to search for employees who work there. What do they see? A network diagram that states: Coorporate Laptop hooked to router1 of type blahblah with ip blahblah. You have just become an interesting target cus they now know for sure that you hook your work-computer into your own network which has far less security.

 

Paranoia again I know... But is it impossible? Decide for yourself if this situation is applicable to you.

 

But I agree that for most home networks a diagram is not very usefull and the information can be obtained by other means.

 

btw: correct me if I am wrong but the php-signature would only show the ip address to whoever displays it in his browser doesn't it? So as far as I know this wouldn't give ME the ip address of the user that views my signature?

[ianw1974]

What do they see? A network diagram that states: Coorporate Laptop hooked to router1 of type blahblah with ip blahblah. You have just become an interesting target cus they now know for sure that you hook your work-computer into your own network which has far less security.

 

They see Corporate Laptop connected to a network that has an internal IP which is common across most networks. If you publish your IP address assigned by your ISP or your static IP assigned by your ISP, then you are very foolish. However, this hasn't been done here, for obvious reasons.

 

However, no public IP has been published here, so the chance of them finding you is very impossible. They can't find you by private IP range, as they're not accessible from the internet.

 

So, even as you suggest. Someone works for IBM, and their name is on the IBM website, they still don't have a corporate network diagram. They have your private one and no information on how to connect to you or even find you!

 

This is only applicable if you publish your public IP address assigned by your ISP, as I mentioned earlier. Not enough information for someone to go from to find you and obtain your info.

[iphitus]

To compromise a network, a machine must be compromised. Once that happens, *you* have already screwed up. A network diagram won't help that occur.

 

Be it your linux based router, or your computer, it doesnt matter whether they have a network diagram, you've been compromised. The network diagram won't help them compromise that machine. And if it does, then you havn't practiced basic security and deserve to be compromised.

 

Don't rely on keeping your network "secret" to keep yourself secure, because it won't. Instead ensure you have a solid firewall on any internet facing machines, and practice basic security such as solid root passwords. If you do this, you should be fine.

 

ianw: If someone has a static IP, then I wouldnt be surprised if they have a domain, in which case... it's as simple as resolving the domain to find an IP.

 

Corporate networks? If anyone tried, they could get a lot of information about corporate networks. Take my uni's network, there's plenty of information on their website including ip ranges. That's because getting local access isnt overly difficult, the difficulty is in protecting the important assets. It's not hard to steal a computer at the library, or socially gain someone's password.

 

Anyway, if anyone cares, my desktop's local ip is 192.168.1.23. My laptop is 192.168.1.21. That's not going to help you do sweet bugger all, and if you compromised my router, you'd be able to read it all in the dhcpd lease tables.

 

James

Edited February 14, 2007 by iphitus

[ianw1974]

I understand if someone has a domain name, that there's a static IP address there. Similarly, if they are using dynamic DNS. Of course, they'd need to know you were linked to that domain. And even then, it's not always guaranteed that it's going to lead to your network. Could lead to your ISP who's hosting your website. Although, I do realise, it could lead to your network. I'm not being naive. I work in a Network Security department.

 

But, I was talking about private networks, without bringing in the domain name equation ;)

[sjaglin]

Ok,

:ph34r:

It s now time to reveal myself!

:ph34r:

I now have all the info to infiltrate your network, he he he!

 

This in fact was a poll and the winner is

£

£

£

£

£

£

£

£

£

£

£

£

£

£

£

£

£

££

IPHITUS!

You have been elected the worst "wall-paper in his bedroom" of the month. I ve hacked your webcam and showed different wall-papers to all my girlfriend who yesterday evening (after an exhausting valentines day) elected one Linux Geek's wall-paper.

 

Beware! It s not the end, tomorrow we will decide on who's the messiest pc-room! So take out your dusters and roll-on!!

 

LOL!

 

[ianw1974]

I've unplugged my webcam, so you got no chance :lol:

[Mhn]

If you could get my webcam to work in linux, I'd only be happy!

[iphitus]

I don't have a webcam

 

and my wallpaper isnt that bad!