I have 2 PC's in my office, and only 1 is networked. Apparently it is against policy to hook up more than one PC to a network jack via a router, hub, or switch. I was also told that they can detect this. I'm scheduled to have a 2nd jack installed, but it won't be for quite some time as it has to wait till the budget allows. However, this got me curious - HOW do they detect a router? A switch or hub I can understand, because they can detect 2 IP addresses on that one port, or 2 MAC addresses, or some other method. But how do they detect a router that is designed to let multiple PC's share a single WAN connection? I was under the impression that a router cannot be detected, otherwise broadband cable & DSL companies would be shutting down ports of people with routers.
How do they detect a router?
- Thread starter GnatGoSplat
- Start date
They can be detected by monitoring and anlyzing the traffic they send. It may only be one IP address but experienced network guys can tell just by looking at the traffic. (specifically application layer traffc). Or if your spitting out a routing protocol.
Also, a misconfigured router on a network can cause havoc with the entire system.
Also, a misconfigured router on a network can cause havoc with the entire system.
They would have to be looking for evidence against you to realize that you have a router under your desk. One thing you can do, if you can change the MAC address on the 'outgoing' port of your router, is change the MAC to be your original PC's MAC and make sure you disable all broadcasts from the router. After that, I seriously doubt anyone will "notice" that you are running two PCs.
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
But how do they detect a router that is designed to let multiple PC's share a single WAN connection?
There's no 100% way to do it that I know of, but most have little things that make them noticable. Like Linux NAT boxes use very high ports for the return port of NAT'd connections, since normal PCs don't usually get that high into the range it's suspicous. Also a normal router will decrement the ttl of the packets by 1 as it passes through, again just a little suspicious.
There's probably more I'm not thinking of right now too.
There's no 100% way to do it that I know of, but most have little things that make them noticable. Like Linux NAT boxes use very high ports for the return port of NAT'd connections, since normal PCs don't usually get that high into the range it's suspicous. Also a normal router will decrement the ttl of the packets by 1 as it passes through, again just a little suspicious.
There's probably more I'm not thinking of right now too.
<< Also, a misconfigured router on a network can cause havoc with the entire system. >>
Like when it starts to proxy arp for an entire network (which basically FUBARs the world)?
Heh...still have a mental picture of that network analyst yanking out the little blue Linksys, placing it on the floor, and smashing it to bits right in front of the perpetrator. I often think of this scene when I need to take a "Zen" moment.
On a more serious note, ANYONE hooking up ANY unauthorized equipment to our network, no matter WHAT the reason, would be subject to immediate termination. Wouldn't matter if it caused any problems or not. Company policy, and we enforce the h*** out of it.
<< On a more serious note, ANYONE hooking up ANY unauthorized equipment to our network, no matter WHAT the reason, would be subject to immediate termination. Wouldn't matter if it caused any problems or not. Company policy, and we enforce the h*** out of it. >>
Network Nazi!
"Free the bits! Free the bits!"
All in fun, btw...Well, no, it's not really network naziism. Some people have lives beyond work.
When some end-(L)user hangs UA gear on the LAN and it does bad things to the LAN, it's not the end-(L)user that ends up staying till the wee hours of the morning, it's the network staff. Someone SHOULD be fired for installing the potential for someone else to be losing part of their life....especially when it's not business related. AND, it's rarely one person that has to do the chasing....frequently it's a couple people....all the worse.
The policies usually don't come about "just because," they're usually put in place because of some event that the company doesn't want repeated.
Play on your own time, on your own network.
FWIW
Scott
When some end-(L)user hangs UA gear on the LAN and it does bad things to the LAN, it's not the end-(L)user that ends up staying till the wee hours of the morning, it's the network staff. Someone SHOULD be fired for installing the potential for someone else to be losing part of their life....especially when it's not business related. AND, it's rarely one person that has to do the chasing....frequently it's a couple people....all the worse.
The policies usually don't come about "just because," they're usually put in place because of some event that the company doesn't want repeated.
Play on your own time, on your own network.
FWIW
Scott
Sorry to have offended you. I was just joking, as indicated in my post. In other words, it wasn't serious. Sorry bout that.
<< GnatGoSplat, hook up the router and that 2 PC. If they terminate your service, take your money somewhere else. If they want to be a$$holes about it, take your money to some other ISP. That's my $.02 >>
Gnat's not talking about an ISP. He's talking about his connection at work. Big difference.
I do, however, completely agree with your point. Whatever I want to do on MY network should be MY business.
I would tell ANY service provider who tried to dictate to me what I could and couldn't hook up behind my router to go take a flying leap.
Of course, I also wouldn't burn up their tech support lines if something was screwy until I KNEW it was their fault.
<< Sorry to have offended you. I was just joking, as indicated in my post. In other words, it wasn't serious. Sorry bout that. >>
Scott and many others of us in network admin and management positions who post here are a bit touchy on this subject, among others (requests for info about compromising network security devices, defeating content filters, etc. etc.)
It all comes down to: When you have the responsibility to assure a network's performance and availability, then you MUST have the authority to determine ABSOLUTELY every component of that network. Simple as that.
c3p0
Platinum Member
- Oct 9, 2000
- 2,494
- 0
- 0
OK, my comment was actually directed to HOME use.....not work. I should have read the post a little closer myself. If it's work then you MUST go by th rules of your Network Admins. If it's you home setup.....well that's between you and the people you pay your money to. If you screw something up at home and your breaking the rules of your ISP, fix it yourself. You make your own rules at home. My $.04 now.
If these cable/dsl companies were to start terminating service to anyone with a router, they would loose a hell of a lot of service. You think using a router to hook 2 computres on to a connection is wrong, what about these bills. $35 a month for cable access, $7 a month for a modem. And if I wanted to use it for any more PCs I would have to pay them ANOTHER $7 for a second IP. And then what about the occasional time I wanted to use my laptop on the internet. My router stays.
GnatGoSplat,
If I were you, I would ask these questions first before even trying to hook router to your work environement. Are you absolutely sure that you can slap in a router and use the second computer for Net access ?
1. What are the IP schemes in your company ? I doubt that it will give out Internet IP addresses to workstations.
2. Are these IPs Natted ? Or are they a real IP from the ISP ?
3. What kind of router are you using ? Does it use the 192.168.0.1 address? Are you absolutely sure there are no other router that uses this address in your network ? If so, you can be discovered quickly as you will interupt whatever service that are running on the 192.168.x.x network.
4. How does your company assign IP address? If it is DHCP, you might not need a router, you might get away by slapping a hub/switch and obtain IP addresses from your DHCP server.
5. If your router is set to forward incoming traffic, make sure that it is safe/ running some kind of firewall, or someone might start to suspect there are other source of network intrusion.
6. How do you get out to the Internet ? Are the proxy servers?
Hope all is well. I would really hate to see you get terminated because of running a router. Frankly speaking we network administrator will be pissed of if there are major problems in our network and it is caused by a network component brought in by one of the employee.
eRr
If I were you, I would ask these questions first before even trying to hook router to your work environement. Are you absolutely sure that you can slap in a router and use the second computer for Net access ?
1. What are the IP schemes in your company ? I doubt that it will give out Internet IP addresses to workstations.
2. Are these IPs Natted ? Or are they a real IP from the ISP ?
3. What kind of router are you using ? Does it use the 192.168.0.1 address? Are you absolutely sure there are no other router that uses this address in your network ? If so, you can be discovered quickly as you will interupt whatever service that are running on the 192.168.x.x network.
4. How does your company assign IP address? If it is DHCP, you might not need a router, you might get away by slapping a hub/switch and obtain IP addresses from your DHCP server.
5. If your router is set to forward incoming traffic, make sure that it is safe/ running some kind of firewall, or someone might start to suspect there are other source of network intrusion.
6. How do you get out to the Internet ? Are the proxy servers?
Hope all is well. I would really hate to see you get terminated because of running a router. Frankly speaking we network administrator will be pissed of if there are major problems in our network and it is caused by a network component brought in by one of the employee.
eRr
It's OK, I wasn't offended, I wasn't even mad. I was just trying to point out "the other side" that is frequently overlooked. You might even think the IT/IS trench guys are a bunch of bozos...the situations vary considerably.
The group where I used to work were pretty sharp, knowledgable, good skills & knowledge. Unfortunately, the management team that they worked for gave them very specific marching orders...which often included bizarre and inappropriate processes and configurations (like three & four tier cascades of 10meg switches, bad software configs, etc). Variation from the management-dictated activities & processes would get you in deep doodoo.
Often as not, the folks in the trenches are OK. Sometimes it's policy, sometimes it's management, sometimes it's just one of days where the Dragon Wins....give 'em a break and stop screwing up their network (IT/IS bonuses are frequently tied to the network performance and uptime).
I guess another point that might be worth presenting is that network a couple (or even a couple dozen) machines at home is a completely different animal than trying to keep a network of a couple hundred or a couple thousand nodes afloat. Issues that are trivial on the smaller network are horrendous pains-in-the butt on an enterprise system.
FWIW
Scott
The group where I used to work were pretty sharp, knowledgable, good skills & knowledge. Unfortunately, the management team that they worked for gave them very specific marching orders...which often included bizarre and inappropriate processes and configurations (like three & four tier cascades of 10meg switches, bad software configs, etc). Variation from the management-dictated activities & processes would get you in deep doodoo.
Often as not, the folks in the trenches are OK. Sometimes it's policy, sometimes it's management, sometimes it's just one of days where the Dragon Wins....give 'em a break and stop screwing up their network (IT/IS bonuses are frequently tied to the network performance and uptime).
I guess another point that might be worth presenting is that network a couple (or even a couple dozen) machines at home is a completely different animal than trying to keep a network of a couple hundred or a couple thousand nodes afloat. Issues that are trivial on the smaller network are horrendous pains-in-the butt on an enterprise system.
FWIW
Scott
ScottMac, that's cool. BTW, I used to be an IT peon myself. Sometimes, management's ideas were just bizzare, but we had to do it anyway. God, I still get the shakes when I think about....that....darn....pager.......
<< OK, my comment was actually directed to HOME use.....not work. I should have read the post a little closer myself. If it's work then you MUST go by th rules of your Network Admins. If it's you home setup.....well that's between you and the people you pay your money to. If you screw something up at home and your breaking the rules of your ISP, fix it yourself. You make your own rules at home. My $.04 now. >>
I totally agree. When at work, do as you're told. When at home, you make the rules. If you don't like the TOS of your provider, just junk those suckers and get a quality ISP. In last 4 years I've gone through 5 or 6 providers. As soon as my 1 year ISDN lock is over its gonna be bye-bye BT.
Billing issues aside, shouldn't the use of a router be considered almost standard? I kind of like the idea of having a hardware firewall along with my software FW and V-checker. You can never be too safe in todays world IMO.
Scott, you're going to alienate a lot of users with that attitude.
I'm the end user at a major corporation who has similar network "Policies". They also don't allow cdwriters, and because of certain company "waste" policies you are only allowed 10 diskettes at a time. (And we use computers 7 hours out of the day). We have no central drive system that we can store mission critical documents on, and no way to physically back them up - 10 disks disappear pretty quickly when one file can be upwards of 5 megs.
So I simply opened a directory to write access on a computer in our cube, used a $ to make it invisible, password protected it, then mapped it to the drives of our computers and wrote a batch file that would copy documents we wanted backed up to that computer.
Of course, the network guys found out about it eventually. They came in ranting and raving and called me in front of my boss to accuse me of opening "security" holes in the network.
When I pointed out that my method was the same method they used for the corporate wide network for things like budgeting and financial statements (far more critical than our manufacturing and print information), only on a smaller scale, their response was basically "yeah well.... you can't anyway, so there." My boss saw the idiocy in that and basically ignored them, but to this day we have no backup system and would lose literally years of work if one of our hard drives was to crash.
I can't think of a single job in the world that is in as "closed" a system as you would like. I do see alot of people getting very upset when told that they can't even back up their data without the "Net God's" personal ok.
I'm the end user at a major corporation who has similar network "Policies". They also don't allow cdwriters, and because of certain company "waste" policies you are only allowed 10 diskettes at a time. (And we use computers 7 hours out of the day). We have no central drive system that we can store mission critical documents on, and no way to physically back them up - 10 disks disappear pretty quickly when one file can be upwards of 5 megs.
So I simply opened a directory to write access on a computer in our cube, used a $ to make it invisible, password protected it, then mapped it to the drives of our computers and wrote a batch file that would copy documents we wanted backed up to that computer.
Of course, the network guys found out about it eventually. They came in ranting and raving and called me in front of my boss to accuse me of opening "security" holes in the network.
When I pointed out that my method was the same method they used for the corporate wide network for things like budgeting and financial statements (far more critical than our manufacturing and print information), only on a smaller scale, their response was basically "yeah well.... you can't anyway, so there." My boss saw the idiocy in that and basically ignored them, but to this day we have no backup system and would lose literally years of work if one of our hard drives was to crash.
I can't think of a single job in the world that is in as "closed" a system as you would like. I do see alot of people getting very upset when told that they can't even back up their data without the "Net God's" personal ok.
<< Scott, you're going to alienate a lot of users with that attitude. >>
I don't really think Scott has anything to worry about in the "attitude" department. You should know that if you 've spent any time on this forum (lurking or otherwise). You're darn lucky n0monkey hasn't weighed in on this one, 'cause he can be brutal (we still love ya n0c!)
We're not defending any lack of mental capacity at a management level, which in most cases is the determining factor for the kind of scenario you describe.
I do agree that BACKUP of corporate data, no matter what it is, should be a priority for your system administrators. The fact that it doesn't seem to be is lamentable.
However, if you would take the time to READ this thread, the issue here is NOT data backup at all.
Personally, if I saw a peer share on my network, I would trace it, find out what the user needed it for, and discuss a centrally administered share for them, primarily so that it would be backed nightly by the central backup systems.
If however, I saw that they were using it for NON-CORPORATE data, then the appropriate action would be taken, up to and including dismissal.
In most cases, however, it is unreasonable user expectations that are at fault. Someone who is a self-proclaimed "expert" who decides to circumvent the central authority of the organization usually causes more harm than good, and I can GUARANTEE you that person won't be there in the middle of the night trying to t-shoot why the network is having sporadic disruptions.
Think about it another way: Let's say I work for a refinery. Even tho I don't work in a production role, I know a good bit about pressure valves, condensation methods, etc. etc. (maybe I even worked in the production side at a previous job) and other folks (who also aren't involved in the production process) even think I am the King of Pressure Valves from the way I can discuss the subject in passing. While going about what I'm actually hired to do (lo, and behold, I work in IT for the refinery). I happen to notice some gauge readings that look completely wrong to me, and decide to modify the valve settings because I think it's the right thing to do.
Now let's assume there's no explosion from my actions. Should I be disciplined? Should I lose my job?
At least one scenario or suggestion like this involving IT subjects has occurred EVERY working day for the 8+ years I've been working in IT. No lie.
In short, I don't tell other people how to do their jobs because I wouldn't begin to assume I know everything (or even anything) about that job, and EXPECT the same kind of respect in return.
<<
<< Scott, you're going to alienate a lot of users with that attitude. >>
I don't really think Scott has anything to worry about in the "attitude" department. You should know that if you 've spent any time on this forum (lurking or otherwise). You're darn lucky n0monkey hasn't weighed in on this one, 'cause he can be brutal (we still love ya n0c!) >>
I see what I get for waking up today!
Anyhow, if your IT dept has some stupid policies (and some can be stupid) talk to them or your manager about it. Do not get huffy, do not talk down to them, but speak calmly and intelligently (I think management/sales can do this on occassion, but Im not sure). If you can give them 1. a good reason for things being the way you want them and 2. an estimate of how much your changes will cost you have a good chance of converting them *IF* what you say is actually worth it. In the case of the backup story a few posts ago, a central machine with a tape backup would be a great thing to have. It would also be pretty cheap, especially if you compared it to the cost of the downtime (or whatever a crash would cause you).
Other than that, yeah, maybe it is a bit of network nazi-ism. But who is the poor sucker that gets to get out of bed at 3am (or sober up *REAL* quick at midnight on a Friday) because some sales guy (read moron) decided they knew more about networking than IT just because they use Win2k at home and have their machine networked with their son's so they can play counter strike? *deep breath* We are. So to keep from having to tell our "bartenders/friends/significant others/partners for the night/whatever" that we have to leave whatever the heck it is that we are doing on our "time off/weekend/vacation/time to effing sleep/whatever" because some Luser wanted to hook another machine up to the network and didnt bother to ask us about it, we make these rules. We make sure out Lusers (that we all know and love or something) follow them. If our rules are broken there are consequences. We have enough to worry about with cheap POS hardware and stupid PHBs, we dont need to worry about another Luser thinking he is 31337. *gasp heartattack die*
- Oct 25, 1999
- 29,552
- 429
- 126
My Grandparents, Aunts, and Uncles lost their life due to the Nazi activities. I resent that this term is invoked (few times already) in such a debate.
I see this silly post keep ballooning. However most of the said not really relevant.
Broadband vendors have three ways approaching this issue:
1. Don?t care what you do.
2. You are not allowed to change or add anything to their installation.
3. Do what you want to do, but we will not support.
The Majority of the Vendors belong to category 3.
When you order you sign a contract. Don?t like it don?t sign.
Any action against the contract is a legal violation. Whether you like it or not.
Tapping into a Network that does not belong to you without having permission, is not different from:
Connecting your phone to some body else line.
Connecting your electrical system to some body else line.
Taking gas out of your neighbor car gas tank.
And so on.
BTW: Isn?t it interesting that most of the outrage remarks is made by people with disabled profile.
I see this silly post keep ballooning. However most of the said not really relevant.
Broadband vendors have three ways approaching this issue:
1. Don?t care what you do.
2. You are not allowed to change or add anything to their installation.
3. Do what you want to do, but we will not support.
The Majority of the Vendors belong to category 3.
When you order you sign a contract. Don?t like it don?t sign.
Any action against the contract is a legal violation. Whether you like it or not.
Tapping into a Network that does not belong to you without having permission, is not different from:
Connecting your phone to some body else line.
Connecting your electrical system to some body else line.
Taking gas out of your neighbor car gas tank.
And so on.
BTW: Isn?t it interesting that most of the outrage remarks is made by people with disabled profile.
<< BTW: Isn?t it interesting that most of the outrage remarks is made by people with disabled profile. >>
Jack, I hope you are not referring to me! I already apologized for the joke about the network Nazi. It was, please understand, a joke!
And I guess I don't understand what having a disabled profile has to do with it? Are you suggesting I am some sort of troublemaker?
** EDIT ** Also, this thread has nothing to do with broadband subscribers. It has to do with someone asking about connecting a router up at work.
** EDIT (again) ** Enabled my profile.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 384
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
Facebook
Twitter