Help with Home wireless network privacy please

By kenaki
Mar 23, 2009
Topic Status:
Not open for further replies.
  1. Dear all,

    First of all, I apologize if this thread shouldn't be here as I don't know under what category I should address my question.

    I have a privacy concern regarding internet browsing at my home network that I need you to help me with.

    I am accessing internet through wireless LAN network that is shared with 5 other people in the house. My landlord has the access to the router. Since we are sharing the same network, I am wondering whether he would still be able to monitor my website traffic even though I have my Comodo firewall turned on ?

    Is there a way to prevent anybody from monitoring my internet browsing at all if I shared the same internet connection wirelessly ? especially from one who has access to the router ? . If there is , besides the firewall, what else can and should I do ?

    Thanks for your advice..


    Ken
  2. jobeard

    jobeard TS Ambassador Posts: 13,278   +280

    you can avoid anyone from reading the content ONLY if you use an SSL (ie https://)
    or a VPN connection.
    The DOMAIN portion of the URL however, will still be logged (if so configured) by the router (wired or wireless connections).

    if the url was http : // www.website.com / thisDir / somepage.aspx
    then the Router will log
    allow www.website.com aaa.bbb.ccc.ddd date time​
    where aaa.bbb.ccc.ddd is your lan ip address.

    If that's some naughty content, then the log will give that away.
  3. kenaki

    kenaki Newcomer, in training Topic Starter Posts: 54

    Thanks for your quick reply Joe.


    you can avoid anyone from reading the content ONLY if you use an SSL (ie https://)
    or a VPN connection.
    The DOMAIN portion of the URL however, will still be logged (if so configured) by the router (wired or wireless connections).


    So you are saying that there is NO way I can guard my self against anyone who has access to the router ? Because even if I have VPN connection and using the https , the domain will still be logged.
  4. jobeard

    jobeard TS Ambassador Posts: 13,278   +280

    YES! The whole point to router logging is to monitor which endpoints are being accessed.
    The PC (client) side seldomly has a domain-name associated with it
    (unless you're in a corporate network), but the remote end almost always has a
    domain-name and the router resolves the IP->Domain-name to make the log more readable.

    Welcome to the Internet, where privacy is a fallacy!

    Only other choice *might be* to google for anonymous surfing, but I fear
    that only hides who YOU ARE from the website you accessed --
    and you appear to want the reverse.
  5. kenaki

    kenaki Newcomer, in training Topic Starter Posts: 54

    Then your post put an end to my question then.
    I supposed if I want a privacy then I should have my own router and my own internet connection
    just for myself and no more sharing it.

    Thanks for your info.
  6. kenaki

    kenaki Newcomer, in training Topic Starter Posts: 54

    One more question before I close this subject. What about My Network Places ?
    When using windows explorer and clicking on My Network Places, I was able to see some of my landlord's files. I didn't intend to peek on him, it's just occurred in my mind that if I can see some of his files through this shared network then he can also see mine even more ? Or is there any limit to what one can see ?
  7. jobeard

    jobeard TS Ambassador Posts: 13,278   +280

    [a]Unless the setup is very naive, you should not get access to those shares.
    • This is the result of MS Computer Master Browser. One system on the net keeps a list of systems and shared resources.
      This does not mean that just anyone has access to those resources however.
      NTFS and network authentication (! both !) control whether or not the \share will open to you.

    • Also try View Entire Network-> click on MS Windows Network -> one or more workgroup names
      expand the [+] on a WGN and you will (should) see all systems on the network which are booted and online
      expand [+] on the system name and you get the list of \Shares or Printers which are shared.

      NOW Clicking on a \Share should prompt for a user/password or immediately give you access to the directory.

    You have just arrived at an Epiphany that not everyone comes too!!
    Shared Internet access < > Share resource access.

    Briefly:
    I have Cable-->modem--router---a switch-- my systems (3)
    Also hung off the router are two connections to roommates.
    I use the router to fix ip addresses of my(3) into x.y.z.{2-10} and force all else
    x.y.z.>10. Now my firewall rules allow sharing ONLY to systems in the range 1-10 :)

    z.11 and above SEE NOTHING of my systems nor the shared resource thereon;
    Can't even PING!​
    The router log is the only means to know that the roommates are even online!
    (and we've come full circle).

    *YOU* can't make the router perform like this for you, but you could
    • implement static IP address for your system(s)
    • add firewall rules depending upon address ranges
    Assuming naive admin at the router, the ip addresses will be in the low side of the
    subnet, like 192.168.x.1-->x.15
    You create all your IP addresses above 192.168.x.128
    now DENY in src-addresses 192.168.x.2->192.168.x.127
    and allow in src-addresses 192,168.x.128-192.168.x.254

    DENY out dest-addresses 192.168.x.2->192.168.x.127
    allow out dest-addresses 192,168.x.128-192.168.x.254
    (always allow 192.168.x.255 in both directions)

    you need a better firewall that the XP/SP default
    see Comodo and/or Sunbelt Personal FW 4(my favorite)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.