• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

D'oh, unmanaged apartment network, need suggestions

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

Albuquerque

Member
Joined
Mar 26, 2003
Location
North America
Ok guys, here's the deal. My apartment complex (a large collection of townhomes, not the usual box-of-boxes building) provides "free" high speed internet access to all the people in the community. Each townhome comes with a handful of RJ45 jacks in the wall to plug in your 10/100E card and go to town.

From multiple traceroutes, reverse traceroutes, port scans and some sniffing I have ascertained that the main office has a single Insight (Cox) business cable connection that is "shared" out on a hubbed network. It's done so by a seemingly cheap Windows box that's acting as a software router and software firewall. There's a few ports left open for remote administration from the WAN side, and some simple DHCP services with no DNS.

Ok, that's the basic design. The problem here is that the download speeds have been going down and down and further down until now even surfing a simple webpage such as the OC takes a minute or more to fully download -- transfer rates in excess of 1.1kb/sec have become the "norm".

A little more creative sniffing has found that multiple users on this single subnet (standard 192.168.0.x windows-sharing setup) are infected with MSBlaster or Welchia virsuses (among tons of others) and are broadcasting junk at full-tilt onto the internal network. I have my own DMZ that filters all that crap out, so none of the actual viruses are affecting me... But all the stinkin virus traffic is jamming up the WAN connection.

I called the complex to complain, but they only offer "best effort" support. The person that duct-taped this thing together was someone's "smart" grandson or something who doesn't really support it. Pay him $100 and he'll "sell" you a PCI nic (NE2000 compatible POS that cost $5 I'm sure) and install it for you... Big whoop.

So, for the good of my connection, and the good of everyone else's connection, what are some things I can do specifically to those eight or nine machines (I have MAC's and IP's) to get them to stop squaking on the network?

I thought about putting up a Win2003 server on the network and forcing it as a DHCP server with an incorrect gateway address. That way the machines could broadcast crap all they want but wouldn't plug up the WAN gateway. Unfortunately, that breaks everyone in the complex that doesn't hard-code their gateway connection.

I don't want to break everyone, I just want to shut those eight or nine machines up. Can I hand-create a big-assed overflow packet in SMS NetMon 2.1 and plug up their IP stack? Something else I'm not thinking about? Maybe this question is a bit too "hackerish" for this forum, maybe not the best place to ask. If so, my apologies and I'll delete it.
 
My suggestion is the low tech approach. Call a meeting of all the people using the network and explain in layman's terms why the network is slow and what it takes (on their end) to fix it: anti-virus software, software firewall.

You could offer to install freeware that would at least improve the situation. And/or you can give them information about more robust applications that they may be able to afford.

The reason I say this is that the apartment owner has no financial incentive to fix the problem the right way.
 
I like your suggestion, and I needed to include that in my original post...

I actually did create a simple flyer, made about 200 copies (at the office, *cough*) and asked the complex owner if they could hand these out to everyone. She told me she'd need her staff to go over it, and it actually went out three days later (everyone on my little street had the flyer in their door)

No luck there either, a month later and nothing has been fixed :(
 
Then why dont u go door to door, explain the problems and offer to fix it for a small fee ;). You'll be able to use the net again and have made a few pennies in the process
 
What I sugest is get off the net and pay the $55 a month to get cox to come in and get your own line, cable modem. Even better if some other ISP is available and you get off that trunk.Its not worth the trouble because I doubt you will ever get anything close to the percentage of users to comply that would lower the BW. And no matter what you are going to get a big bump with your own services.
 
Could be ***hole and call contact cox and give them the info on the mac addy's that are causing the problems and tell them what.s going on and let them deal with these people.
 
skab said:
Could be ***hole and call contact cox and give them the info on the mac addy's that are causing the problems and tell them what.s going on and let them deal with these people.

Yeah, i'm sure that COX has some kind of obligations to maintain quality of service, and if some computers are sucking up enormous amounts of bandwidth, they might be able to coax some users into fixing the problem.
 
Yeah if I were you I'd seriously think about turd's suggestion. Pay and get your own line put in. Sometimes a little extra money going out is far better then putting up with the hassle and stress for something free.

Otherwise maybe see if you can work out some sort of deal with the manager or whatever to administrate the network. Then you could throw a linux box in there running a firewall and nat. Plus you could run a bandwidth limiter to those who refuse to comply and clean up there PC's. Cutt there bandwitdth down so it does'nt take from others. Heck if they will not do anything see if you can just cutt them off totaly. Seeing as there getting this service for free. They should be obligated to take some responsibility for there own PC's eating up bandwidth do to virus's and worms. Then they should be cutt off.

But if your manager or whatever does'nt like this idea go and get your own service.
 
Well, I like the suggestions that I received. Getting my own cable modem is definately something I looked into... The price is a little higher than I expected (64.95, eek) but it's 3mbit and at least I'd have some method of getting things fixed if bandwidth started tanking again.

I also spoke in-person with the management about the state of their current network and how I could help, It seems they may be interested in that too, as they are currently a little put-off by the guy who's supposed to be taking care of it.

I have all these great ideas of ways I could clean this place up; if I had a budget of about $1000 I could really make the place fly. Switching equipment that I could hunt down MAC's or IP's down to their individual port and chop them off if they misbehave, a good Linux router/firewall/bandwidth monitor box with better security (and likely better performance) than our current setup...

Yeah, don't think any of that's gonna happen :p As soon as xmas is over with, I'll be calling Insight and getting my own connection. The benefit to that? I can start hosting my own services again :D (Anyone up for Tradewars? hehe...)
 
If you know what you are doing, and could convince them to let you play with the server, you could block the outgoing virus traffic (welchia, blaster, nachi all use one set of ports).

Furthermore, depending on the gauge of control they give you, you could block all traffic from their IPs until they fix the problem.

If they are reluctant, there are several things you can use as leverage:
- Liability: they knew it was going on, but made no move to stop it from infecting people or causing damage on the local network or internet.
- Did they state a minimum service level in the contract? Are they breaking it by letting this happen? Are there any useable clauses in the contract that would force the individual users to clean up the virus?
- Bandwidth limitations / fair use: are individuals given a maximum usage number per month? If so, the infected machines are easily going to break that number. Does Cox limit bandwidth monthly? if so, then I bet their bill will be pretty high if this continues.

I wouldn't do anything forcibly in that situation, but if I did, I would create a webserver on one of my boxes, with no webpage, and set the file not found error message to be a page saying that they were infected with a virus, and provide a copy of a free downloadable virus scanner hosted on the server. Then I would poison the arp caches of the infected machines, so all of the evil and all of their requests on the internet would only get them that webpage. Then just remove them when they clean out the virus. This may get you in hot water with management and the kid running the LAN, but would get something done about it. I do not recommend it, due to the possible liability and general badness that could happen.
 
If you know the systems that are infected and the ports that are being used why not go in yourself and clean the offending systems?.. it appears you know what your doing and while it may be illegal it would be welcomed by all. Just dont let anyone know you were the one who hacked :D
 
Back