Am I Safe?

[Noo]

I don't know anything about networking so I would like to apologize for this dumb question.


To make a long story short, a visiting relative installed a server PC (running windows server 2003) at my house running all kind of services: VPN, Active directory, Web Server, DNS, DHCP, Exchange email, Remote Desktop. Just to name a few. He claimed it is for his business/company since he live outside of the US.

My concern is that since He turned our wireless router DHCP off and make HIS SERVER PC manage all of the household dhcp and DNS services, does this mean that he have a log of everyone's in the house's Internet usage? Since all of our network traffic is now basically has to go through his server pc first before going into the Internet. He can see what everyone has been browsing or typing? Can he remotely view all of our desktop at Any given time?

This scares me. What countermeasure can I do? Other than unplugging the server...

My pc didn't join his domain or workgroup but yet every time I type \\server my pc will ask for his server's name and pAssword.

 

[lif_andi]

Depends on how he set it up. I suspect that he will be able to see DNS lookups, although you can change this on your own computer so that your computer will not use his server for DNS, OpenDNS comes to mind. Network traffic should not be going "through" the server per say, just use it to get out of the network. As long as your computer is not joined on the domain, and your DNS is some other DNS than the server, you should be alright.

If this "closeness" makes you uncomfortable you could get another internet connection seperate from yours for his server and have him pay for it. Keep the computers on seperate networks and not connected together.

Seeing there seems to be a vast difference in knowledge between you and your relative, there is really no telling what he can do and what he has installed, so to be sure, you'd be "safer" on your own connection.

 

[brshoemak]

Yeah that's nuts. If it's for legitimate business purposes and he wants it to be in the U.S. for some reason, he should pay for the server to be co-located - meaning putting the server in a datacenter that provides power/bandwidth/etc.

I would NEVER let someone (relative or not) commandeer my network and the internet I am paying for to run parts of their business out of my house. The fact that they are supplanting your network for their personal convenience is terrible. Tell them to get it out of there and if he won't, just unplug it.

 

[dave_the_nerd]

I'm with brshoemak.

 

[QuietDad]

Realize that anything he does that violates the terms of service with your ISP falls on YOU. Every ISP I'm aware of will NOT allow you to run a mail server on a residential account. If he is running a SPAM server, YOU are gonna loose your service. If he is hosting a porn site, YOU are going to jail. It's just way to risky.

You should put your foot down and let him hook into YOUR network. If it's over your head in setting it up, your internet provider or or even the Geek Squad from BestBuy or something similar can come in, set up the network with passwords and you can have him plug in and set it up on his own subnet and be a seprate network. Sounds like he has that knowledge. Wouldn't happen in my house.

While he set it up to go thru his server, there is no reason your computers need to use his servers. You can go into the TCP/IP settings of your computers and point the gateway to the ISP's router and the DNS address anywhere. Google "Free DNS" and you'll find many sites. There is no reason your computer needs to go anywhere near his servers.

 

[Noo]

Realize that anything he does that violates the terms of service with your ISP falls on YOU. Every ISP I'm aware of will NOT allow you to run a mail server on a residential account. If he is running a SPAM server, YOU are gonna loose your service. If he is hosting a porn site, YOU are going to jail. It's just way to risky.

You should put your foot down and let him hook into YOUR network. If it's over your head in setting it up, your internet provider or or even the Geek Squad from BestBuy or something similar can come in, set up the network with passwords and you can have him plug in and set it up on his own subnet and be a seprate network. Sounds like he has that knowledge. Wouldn't happen in my house.

While he set it up to go thru his server, there is no reason your computers need to use his servers. You can go into the TCP/IP settings of your computers and point the gateway to the ISP's router and the DNS address anywhere. Google "Free DNS" and you'll find many sites. There is no reason your computer needs to go anywhere near his servers.

Here's how the network is set up.

Comcast cable modem is connected to the Dlink wireless router. All the of the household pc is connected to the Dlink wireless router including the server PC. The server pc is managing all DNS and DHCP services b/c he turn the router's dhcp services off. Server ip is 192.168.0.99 and the Dlink wireless router ip/gateway is 192.168.0.1

I don't know if I'm doing this right in order to circumvent his network but it doesn't seem to work.
I've tried changing the ipv4 setting on one of my personal pc to be:
Ip: 192.168.0.10
Subnet: 255.255.255.0
Gateway: 192.168.0.1

Primary DNS: 192.168.0.1

Does that work? I don't think it does because every time I type in \\server it'll take me right to his server and asked me for a username and password. Even thought I'm not using his server as a DNS, somehow I'm still under his network? I've even tried using google 8.8.8.8 and 8.8.4.4 as primary and secondary DNS but I'm still able to type \\server in windows explorer and it'll connect me to his server.

Please help. What kind of security risk am I exposed to by having to go through his server for all Internet traffic? Does this mean that he knows what website you're visiting, your name and password entered? Or worse can he remotely view my desktop at any time?

 

[Fardringle]

Does that work? I don't think it does because every time I type in \\server it'll take me right to his server and asked me for a username and password. Even thought I'm not using his server as a DNS, somehow I'm still under his network? I've even tried using google 8.8.8.8 and 8.8.4.4 as primary and secondary DNS but I'm still able to type \\server in windows explorer and it'll connect me to his server.

If the server computer is actually named "SERVER" then this is perfectly normal even if you are not part of a domain since when you type \\server your computer determines that there is a computer on the network named server and tries to connect to it and then prompts you for a user name and password to access that computer.

Please help. What kind of security risk am I exposed to by having to go through his server for all Internet traffic? Does this mean that he knows what website you're visiting, your name and password entered? Or worse can he remotely view my desktop at any time?

It is possible that he could track your network and Internet activity through that server, depending on what he has set up on the server. But frankly, this is a very small concern compared to the issues that QuietDad mentioned. I would be less worried about him seeing what you are doing and more worried about what he is doing since you are legally and financially responsible for anything that he does on or through that server while it is using your home Internet connection.

 

[SecurityTheatre]

Here's how the network is set up.

Comcast cable modem is connected to the Dlink wireless router. All the of the household pc is connected to the Dlink wireless router including the server PC. The server pc is managing all DNS and DHCP services b/c he turn the router's dhcp services off. Server ip is 192.168.0.99 and the Dlink wireless router ip/gateway is 192.168.0.1

I don't know if I'm doing this right in order to circumvent his network but it doesn't seem to work.
I've tried changing the ipv4 setting on one of my personal pc to be:
Ip: 192.168.0.10
Subnet: 255.255.255.0
Gateway: 192.168.0.1

Primary DNS: 192.168.0.1

Does that work? I don't think it does because every time I type in \\server it'll take me right to his server and asked me for a username and password. Even thought I'm not using his server as a DNS, somehow I'm still under his network? I've even tried using google 8.8.8.8 and 8.8.4.4 as primary and secondary DNS but I'm still able to type \\server in windows explorer and it'll connect me to his server.

Please help. What kind of security risk am I exposed to by having to go through his server for all Internet traffic? Does this mean that he knows what website you're visiting, your name and password entered? Or worse can he remotely view my desktop at any time?

Typing \\server simply does a NetBIOS query for the server's name. This has nothing to do with DNS.

Once you reset your DNS services to use the router (192.168.0.1), it is no longer using the server for DNS or DHCP.

However, if you're all on wireless, it would be easy for him to simply sniff the wireless, and knowing the wifi password, he could still watch all your traffic.

But he won't be "controlling" your network.


However, seriously, you have made yourself liable for whatever stupid crap your family member does. He needs to get his own network, if you ask me.

 

[Noo]

I am 99% sure he is not doing anything illegal with the server as some of you guys suggested (running porn site, spam mail, etc...) I am just worried that the whole purpose of this server is to spy on our household. I mean he already have a server to host his company's site, exchange email, VPN, and everything at his home country, what's the purpose of this server? He said that by implementing a server here along with VPN service, sites like Facebook.com wouldn't be be blocked at home. Which I understand because the government likes to block access to a lot of sites (communist)

So you guys are saying that as long as I change the DNS server in IPv4 to something like google (8.8.8.8) or the Dlink router (192.168.0.1) instead of leaving it to automatically assigned, the server pc wouldn't be able to track our web history? And also, every time I type in my username and password to log into something like gmail, is it logged onto the server pc?

FYI: none of the PC at home are in his network domain. We are all just connected to the same wireless router with the server pc managing all ip and DNS services.

 

[dave_the_nerd]

I am 99% sure he is not doing anything illegal with the server as some of you guys suggested (running porn site, spam mail, etc...) I am just worried that the whole purpose of this server is to spy on our household. I mean he already have a server to host his company's site, exchange email, VPN, and everything at his home country, what's the purpose of this server? He said that by implementing a server here along with VPN service, sites like Facebook.com wouldn't be be blocked at home. Which I understand because the government likes to block access to a lot of sites (communist)

So you guys are saying that as long as I change the DNS server in IPv4 to something like google (8.8.8.8) or the Dlink router (192.168.0.1) instead of leaving it to automatically assigned, the server pc wouldn't be able to track our web history? And also, every time I type in my username and password to log into something like gmail, is it logged onto the server pc?

FYI: none of the PC at home are in his network domain. We are all just connected to the same wireless router with the server pc managing all ip and DNS services.

No. He could be using a packet sniffer to watch everything you do, whether your computers are going "through" his server or not.

If you want to be "safe" from this guy, his server needs to be not in your house.

Is he paying you for electricity, etc.? If you start charging him rent, leasing a VM or two from Amazon will suddenly seem like a much better idea.

 

[SecurityTheatre]

To repeat myself

However, if you're all on wireless, it would be easy for him to simply sniff the wireless, and knowing the wifi password, he could still watch all your traffic.

If he is on the wire (Ethernet), instead, it is possible to use APR or arp-injection to snoop on traffic in your network via the switch.

If it's on your network, it does have some risk to you.

 

[Noo]

So to sum it up,
anything connected to the wireless Dlink router can be sniffed, and any PC connected to the wireless dlink router via Ethernet cable can be sniffed via arp injection (man in the middle) without requiring any pc to be connected to the server domain or workgroup? Changing the DNS to a public one does little to help of being track and logged?

Is there any firewall software I can use to prevent some if not all of this? Any other countermeasure other than unplugging the server?

 

[dave_the_nerd]

So to sum it up,
anything connected to the wireless Dlink router can be sniffed, and any PC connected to the wireless dlink router via Ethernet cable can be sniffed via arp injection (man in the middle) without requiring any pc to be connected to the server domain or workgroup? Changing the DNS to a public one does little to help of being track and logged?

Is there any firewall software I can use to prevent some if not all of this?

You can encrypt all your traffic by using an external VPN... which is what he's doing with this server, if he's using it to get around some country's firewall. (It's an external VPN for him.)

Any other countermeasure other than unplugging the server?

The CLEANSING PURITY OF FIRE!™.

(The above is sarcasm - do not light your house on fire, just tell your uncle to lease rack space or rent a server from somebody else.)

 

[QuietDad]

Here's how the network is set up.

Comcast cable modem is connected to the Dlink wireless router. All the of the household pc is connected to the Dlink wireless router including the server PC. The server pc is managing all DNS and DHCP services b/c he turn the router's dhcp services off. Server ip is 192.168.0.99 and the Dlink wireless router ip/gateway is 192.168.0.1

I don't know if I'm doing this right in order to circumvent his network but it doesn't seem to work.
I've tried changing the ipv4 setting on one of my personal pc to be:
Ip: 192.168.0.10
Subnet: 255.255.255.0
Gateway: 192.168.0.1

Primary DNS: 192.168.0.1

Does that work? I don't think it does because every time I type in \\server it'll take me right to his server and asked me for a username and password. Even thought I'm not using his server as a DNS, somehow I'm still under his network? I've even tried using google 8.8.8.8 and 8.8.4.4 as primary and secondary DNS but I'm still able to type \\server in windows explorer and it'll connect me to his server.

Please help. What kind of security risk am I exposed to by having to go through his server for all Internet traffic? Does this mean that he knows what website you're visiting, your name and password entered? Or worse can he remotely view my desktop at any time?

Go to http://www.whatsmydns.net/dns/usa/comcast.html and pick the Comcast DNS server closest to you and set your PC's to point at that. No reason to be pointing to the router or his PC. I would also go to each of your own PC's and quietly rename the workgroup each of them are on to something only you know. Then he'll only be allowed to ping your machines and not see anything else without effort.
What I would do in this situation is buy a second router. Hook his server and the router to the linksys, then all of your PC's to the second router. Set the address range of the second router to 198.168.2...... and then your no longer connected.

I don't know what \\Server is, but if it's his server and it is password protected, it won't matter where you point to. Go to www.google.com or something out of the house to test.

 

[lif_andi]

Essentially if he's on your subnet, or has a route to your subnet from inside your network, with enough know how, he can do almost whatever he wants. This just depends on how tech savy he is.

While I can understand the situation you are in, this being a relative, and he may have explained things in a nice way, the fact that you are here, tells me you don't trust his intentions 100%. In this case, it is by far more secure for him to send you money and you can pay for some rack space somewhere else for him to use, providing he is not also restricted in this sense.

Bottom line is, if he knows how to, there is nothing stopping him from doing what he wants, because he is on your subnet, within your network and free and has time to look around. This is not to say that he does these things, but he can.

EDIT: Also what QuietDad says. Seperating the subnets is a first step towards isolating his system from your network.

 

[VirtualLarry]

Jack, a link to EZLAN "shield" might be in order here.

Basically, OP, get a second router, connect it's WAN port to a LAN port on the first router, and change the default LAN subnet of the second router to be different than that first.

Then plug all of your PCs into the second router.

 

[John Connor]

Why on earth would you allow someone to install a server on your network? I run a few servers on a thin client, but not a damn E-mail hosting service or website. That's just BS.

 

[Noo]

Jack, a link to EZLAN "shield" might be in order here.

Basically, OP, get a second router, connect it's WAN port to a LAN port on the first router, and change the default LAN subnet of the second router to be different than that first.

Then plug all of your PCs into the second router.

How do I change the default subnet of the second router? Is that like changing its IP address? (Usually 192.168.1.1) so do I just change the IP address of the second router to something like 192.168.3.1 and then plug everything to its LAN port and ill be good to go?

 

[VirtualLarry]

pretty much. that doesn't take away the possibility of the server sniffing your traffic 100%, but should isolate your computers enough that the server won't be able to actively attack or interfere with them.

 

[SecurityTheatre]

I would also go to each of your own PC's and quietly rename the workgroup each of them are on to something only you know. Then he'll only be allowed to ping your machines and not see anything else without effort.

Don't do this. This is COMPLETELY MADE UP. The workgroup setting of your Windows machine has absolutely ZERO to do with the ability to access data on the network, or really anything else regarding network and port security.

In fact, the workgroup setting on your machine has really nothing to do with anything in a modern LAN, except for the automatic of NetBIOS names in the Network Places browser.

 

[Noo]

pretty much. that doesn't take away the possibility of the server sniffing your traffic 100%, but should isolate your computers enough that the server won't be able to actively attack or interfere with them.

Even with traffic sniffing, are my usernames and passwords safe for websites? Traffic sniffing doesn't work like key logging right?

 

[smakme7757]

I doubt that he is snooping on what you're doing.

My primary concern would be what he is doing. I mean, if he starts downloading kiddie porn (as an example..bare with me lol) and the police rock up at your house. Then you are caught red handed with a dedicated server hosting child porn.

Not good.

You say a relative did it and they will just laugh in your face. You will have to row pretty hard to get out of that one!

 

[QuietDad]

As long as your all on the same network, he can see everything you do if he's got the tools. Don't even need the knowledge. There are plenty of network sniffers out there that can capture packets and reassemble transmission.

 

[QuietDad]

Don't do this. This is COMPLETELY MADE UP. The workgroup setting of your Windows machine has absolutely ZERO to do with the ability to access data on the network, or really anything else regarding network and port security.

In fact, the workgroup setting on your machine has really nothing to do with anything in a modern LAN, except for the automatic of NetBIOS names in the Network Places browser.

While this doesn't totally protect the systems, it prevents the ability to just map a network drive and browse for shared drives/and folders. It's easier to get into a PC if you can see the server name. Just adding a step.

Everything mentioned here so far only adds a step. Until that server is out of the house and off the network, there is NO WAY to totally protect the PCs. Every single security system out there has been hacked, given enough time and talent.

 

[brshoemak]

I don't really understand why this is still being discussed. You're looking for (and unfortunately getting) technical answers to a non-technical problem.

There is absolutely zero, zip, nada, zilch reason he should be taking over your network and installing a server at your personal residence for business purposes. He's getting what he wanted and all you will get are higher electric bills and insane legal liability.

OP is way more accommodating than I would be to a family member who decided to come into my house, drop off a 'black box', and then proceed to completely change my network for their requirements. If that doesn't sounds sketchy I don't know what does.