Local network security

[LuDaCriS66]

Running a wireless network with a WRT54GL and dd-wrt firmware. I know that dd-wrt has SSH and OpenVPN capabilities. I'm not a networking pro in the slightest which is why I'm here to ask which of these options, if any, would be ideal for me to secure my http + aim/live messenger traffic from other users on the same network.

I know you're probably wondering why I would need to do this. Well, I probably don't and it's partially paranoia and partially because I want to learn about ssh and vpn. It's also because my network is shared with some people that we rent a room out to that I don't really know.

So, I was wondering if either of these would actually help me secure my traffic using just the WRT54GL. I was thinking if SSH tunneling back to the router itself would do the trick. All the guide's out there pretty much only explain how to SSH tunnel from a remote location. Does doing it locally work as well?

Thanks for any info

 

[sonoma1993]

i'm not sure if this will do it, but you could try setting up a vlan. other than that, mostly going to come down to configuration settings on your computers, running a good firewall.

the ssh, it usually use for when your doing remote access into other computers.

 

[n0cmonkey]

SSH tunnels might work. It'd probably be slow though, and I'm not sure how well the device would handle it. Give it a shot, let us know how it works out.

The OpenVPN option might be better, but I still don't know how the crappy little box would handle it.

 

[LuDaCriS66]

Originally posted by: sonoma1993
i'm not sure if this will do it, but you could try setting up a vlan. other than that, mostly going to come down to configuration settings on your computers, running a good firewall.

the ssh, it usually use for when your doing remote access into other computers.

I guess I need to do some reading on vlan's as well.

I know SSH is usually for remote access but I've read it can also serve as a SOCKS proxy

 

[LuDaCriS66]

Originally posted by: n0cmonkey
SSH tunnels might work. It'd probably be slow though, and I'm not sure how well the device would handle it. Give it a shot, let us know how it works out.

The OpenVPN option might be better, but I still don't know how the crappy little box would handle it.

I actually gave SSH tunnelling a shot once and I was able to route the traffic using putty. Whether it was actually secure or not, I wasn't sure. I know about DNS leaks using this method as well. Haven't found a definite answer as to being able to route those through the proxy as well.

OpenVPN, I still have to learn how to configure and how it works.

 

[LuDaCriS66]

anyone know how I would setup putty to tunnel dns requests through privoxy so that dns requests don't leak?

 

[nweaver]

buy a second router, and put internet->router1(with you) -> router2 (router for other people) and then they won't see your traffic. If you cannot trust a network so much that you are trying to proxy DNS requests over SSH, then you shouldn't use that network.

 

[MercenaryForHire]

Originally posted by: nweaver
buy a second router, and put internet->router1(with you) -> router2 (router for other people) and then they won't see your traffic. If you cannot trust a network so much that you are trying to proxy DNS requests over SSH, then you shouldn't use that network.

Word. If you're that paranoid, you need to isolate them.

Other than the hardware route above, if your router supports it (should, since it's a GL) you could use DD-WRTs VLAN feature - you could also set up a rule that simply goes "block all traffic between MY_PC and OTHER_PC" until this point.

But really, if you're this paranoid, you need to isolate them from the network.

- M4H

 

[LuDaCriS66]

heh, I'm not really that paranoid but this is something I wanted to figure out how to do. It's like a poor man's VPN .. security wise anyway