Re: My Network Places

You're using "provider" in a different sense than how it's usually used. It sounds as if you are in a community living arrangement (RV park or apartment building, etc.) where the management provides WiFi Internet access. Usually, in a situation like that, the owner of the router that is actually connected to the Internet (via DSL, cable, T1, etc), configures the router so that each individual users is isolated from the others. That's how your typical WiFi "hotspot" at your local Starbuck's or airport lounge works. It sounds as if your "provider" either doesn't have equipment that can do that or doesn't know how to configure it.

I'm not sure why you are using a bridge and separate wireless router rather than merely wirelessly connecting direct to your "provider's" router, but there is a definite plus: because you have your own wireless router, you can effectively isolate yourself from the other users on your provider's router. (Presumably, you have your own wireless router on a different channel and using a different SSID than your provider's wireless router.)

You will have to reconfigure your wireless router.

Disconnect your router from the Bridge and connect your computer to one of its 4 LAN ports. Access your router's configuration utility.

In the basic Setup screen, change the "Internet Connection Type" to "Automatic Configuration - DHCP." On the same page, change your router's Local IP address to use a different subnet. That is, assuming that you're at the Linksys default settings, your router's Local IP will be set to 192.168.1.1. Change the third number so that it becomes, for example, 192.168.2.1. Re-enable your router's DHCP server.

As soon as you click the "Save Settings" button, you will lose your connection, because your computer will now be on a different subnet. Assuming that your computer is set to get its own IP address automatically via DHCP, either re-boot your computer or "repair" your LAN connection. If you use static IP addresses, you'll have to change them to match the new subnet.

Go back to your router's configuration utility. Note that you will now have to reach it with the new local IP address you set, so it's a good idea to write that down and tape it to the top of the router. Confirm that the "Starting IP address" for your router's DHCP server now has the same first 3 blocks of numbers as the router's local IP address.

Now connect the Bridge to the router's WAN or "Internet" jack.

At this point, there will be two separate Network Address Translators between you and the Internet: one in your router and one in your provider's router. The second of these NATs isolates you from the computers connected directly to your provider's router.

For another description of the foregoing procedure, including pictures, see MVP Jack's description of "Network Segregation" - http://www.ezlan.net/shield.html

In Jack's picture, your provider's router is the "Front router," the other users are on the "Front Network," your wireless router is the "Shield Router," and your computers are on the "Segregated Network."



mortini wrote:
Lem...
Thanks for the reply, most helpful.
Here's what I found out or changed.

1. Yep, it's WEP... gotta use it, cause that's what my provider uses.

2. Yep, I was not broadcasting MY SSID from my router. So, I changed that to broadcasting per you recommendation.

3. You describe my setup correctly.... and, as it turns out, the computer I can see is also connected either wirelessly or otherwise to the same Local Network.
Actually, when I go to Microsoft Windows Network I have displayed 2 workgroups. One is the workgroup that I set up with a unique name for my use, the other is called Workgroup, and inside this folder are displayed 3 other users. Turns out, I can only go inside one of these computers, so I'm assuming the other 2 are not sharing files. When I return to the Status screen of my provider's Router, I actually see 4 computers that are active and many more inactive. As I stated earlier I can see 3 of the 4 in the Workgroup. I'm assuming the other most likely has no Workgroup assigned? Does that seem correct?

4. When I go inside My Router to the Status-DHCP Client Table, I see nothing. Most likely it's cause I have the DHCP server function disabled?

5. My Bridge is connected to My Router thru Port #1 on the back of the Linksys Router.

Well... all this is quite interesting. Not as secure as I thought I was.

Thanks again for you lengthy reply, and I await any further reply to this message.

Rob


"Lem" wrote:

First of all, WEP encryption is close to worthless. It's like locking your front door and leaving the key on top of the welcome mat.

Second, if by "non-broadcasting mode" you mean that you have set your wireless router to not broadcast its SSID, that too is a bad idea. It does not provide any security and it may cause problems, including dropped connections.

Third, as you've discovered, Windows XP does NOT require computers to be in the same workgroup in order to share files. The notion of "workgroup" is merely an administrative convenience.

If you can see someone else's files as you describe, it means that they are on the same LAN as you -- not the same ISP, the same *local* network -- and they can see your files. The problem with this is that even if you have a firewall, almost *all* home users have their firewall configured to permit traffic from any local computer. In other words, that other computer is *inside* your firewall. Until you have corrected this situtation, be sure that you are not sharing any files or printers.

If you are connecting to the Internet from your bridge (which is connected to another wireless router which in turn is actually connected to the Internet via cable, DSL, or other means), the most likely scenario is that the other computer also is connected to that router, either wirelessly or wired. Alternatively, someone may have cracked the WEP encryption on your own wireless router.

Which port on your router is connected to your bridge?

Log in to your own router's configuration utility and go to
Status > Local Network
and click the "DHCP Clients Table" button. What do you see?

Do you have access to the wireless router at the other end of your bridge? If so, log in to that router and check its DHCP Clients Table. What do you see?


mortini wrote:
Jack.....

Thanks for your reply, but I don't believe this to be the problem.

I'm WEP enabled on my wireless router for all my LAN wireless access( we have a wireless laptop).

and... I'm set to non-broadcasting mode as well. I don't have a wireless connection in the PC-box itself, so I don't believe the upgrade your referred me to would pertain to my setup.

BUT...
somehow I am seeing and having access to a neighbors computer via My Network Places.

They are not a part of my WORKGROUP (i've changed the default workgroup).
I'm hoping they can not view my shared folders, but am not sure.

In any case...

How is it that I can see them? And have access as well.
Could it be we are perpahs using the same Wireless ISP and this somehow allows me to see their computer files.

thanks again for your reply.
Rob

"Jack (MVP-Networking)." wrote:

Hi
If you can see another Wireless Connection it means that both yours and the other are not encrypted.
So make sure that your Wireless security in On and problem Gone.
From the weakest to the strongest, Wireless security capacity is.
No Security
MAC______(Band Aid if nothing else is available).
WEP64____(Easy, to "Brake" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
WPA-PSK__(Very Hard to Brake ).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).
Note 1: WPA-AES the the current entry level rendition of WPA2.
Note 2: If you use WinXP and did not updated it you would have to download the WPA2 patch from Microsoft. http://support.microsoft.com/kb/893357
The documentation of your Wireless devices (Wireless Router, and Wireless Computer's Card) should state the type of security that is available with your Wireless hardware.
All devices MUST be set to the same security level using the same pass phrase.
Therefore the security must be set according what ever is the best possible of one of the Wireless devices.
I.e. even if most of your system might be capable to be configured to the max. with WPA2, but one device is only capable to be configured to max . of WEP, to whole system must be configured to WEP.
If you need more good security and one device (like a Wireless card that can do WEP only) is holding better security for the whole Network, replace the device with a better one.
Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html
The Core differences between WEP, WPA, and WPA2 - http://www.ezlan.net/wpa_wep.html
Jack (MVP-Networking).


"mortini" <mortini@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:977E2DD2-7892-4118-BF83-2BC67937B08C@xxxxxxxxxxxxxxxx
Hello...

I am using XP-Pro with latest patches/fixes.
I am hardwired to a Linksys Wireless Router which is hardwired to my Linksys
Bridge/Range-extender. I receive my internet connection wirelessly thru the
Bridge.

I just noticed that there are some folders displayed in My Network Places
that are from another computer that is not a part of my WORKGROUP. I can
access these folders and download from them. This is a huge security risk
for the owner of this computer.

I am wondering WHY i can see these folders, and if there is a possibility
that others might see my shared folders as well.

I'd like to understand what's going on and inform the owner (if I can locate
them) of this other computer of their security risk and help them solve it.

thanks in advance
rob


--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm



--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
.