Thread: Network-Parents can watch meh

If you use a secure VPN, your connection will be encrypted, thus your parents can't see what you're doing, though they can see that you're doing something.

I suggest you learn how your router works before he does. There's not really much else you can do.

Well, there are programs you can get to be able to control computer on your network right.
(We works at a buisness that dose this)

Yes, this kind of software is usually on a router. My own router can log internet activity for specific IPs for example. Setting up some kind of program on a computer, is a little bit more complicated, however not impossible. This is called network-sniffing. If the host-computer has administrator status on the network, there's not much you can do really, except encrypt your connection.

Encrypt my own seperate connection?
I use a network snifer, Wireshark.
And would they know that its encrypted?

Yes, encryption means that all the data they sniff from your connection, will be a big jumble of code, that they can only understand if they have the decryption key, a key which only you and the receiver have. The best way to go about encrypting your connection, is setting up a VPN connection.

Still, I doubt your parents will log your internet activity, that sounds extreme. Do you have some trust issues?

Originally Posted by Marvo

Yes, encryption means that all the data they sniff from your connection, will be a big jumble of code, that they can only understand if they have the decryption key, a key which only you and the receiver have. The best way to go about encrypting your connection, is setting up a VPN connection.

Still, I doubt your parents will log your internet activity, that sounds extreme. Do you have some trust issues?

Well, Not really anymore, but there very very nosy.
Is there some kind of program I could us to encrypt my connection?
I use ubuntu 8.10 Maybe theres something in the package maniger I could use?

Setting up a VPN connection is somewhat simple, you just need a remote receiver.

www.relakks.com provides a pretty good service, however they cost money. Any reliable VPN service that provides a fast connection costs money.

WOW, can this also stop ISP from seeing what your downloading?

Yes. They can just see that you're doing something.

On top of this I would suggest talking to your dad about how you would feel uncomfortable about him checking your internet activity. Assure him that it's not because you're doing anything wrong, but just because you feel it's a violation of privacy and personal space that you should be allowed to have at your age.

Why would your father sniff your network anyway?

Securing against untrusted users on your LAN can be tricky
all depending on how far you want to go

with a normal LAN setup, anyone on the LAN can potentially spy on anyone else



Bad user can see what other 3 are doing

The poor man's solution is to rearrange the network
making your machine the "router" for the others
(you'll need 2 network cards in your machine)


Bad user can only spy on what he can "see"
and he cannot see communication between eth1 and the internet

But this has serious downsides
not least, your machine will have to be on 24/7, else no-one else will have an internet connection
also, as he has physical access to the network nodes, there's nothing stopping him from plugging his machine in between yours and the router

The proper solution is indeed a VPN (or proxy)

Buy a shell account on a hosting server
setup your machine so it tunnels all traffic through the server

Black = unencrypted traffic (spy-able)
Red = Your traffic, encrypted (only your server can decrypt)
green = your traffic, unencrypted

Oh this helped Thanks Ynot! Did you make those images?
Ynot, would this also stop m ISP from seeing what I am downloading?

Why would your father sniff your network anyway?

Because he is a douche and "Cares" for me, so he cares by taking away privacy.

On top of this I would suggest talking to your dad about how you would feel uncomfortable about him checking your internet activity. Assure him that it's not because you're doing anything wrong, but just because you feel it's a violation of privacy and personal space that you should be allowed to have at your age.

Tried it, they said at my age I should be heavily guarded. wtf? I know lol.

Yes, using a proxy also stops your ISP from being able to see what you're doing. ISPs can only log your internet activity, if the police tells them to/you live in Great Britain.

Once again, your ISP can only see that you're doing something.

In the USA, thanks to the Patriot Act, the police can illegally log anything that they want legally. However, the odds of this happening are slim to nill if you are white.

Originally Posted by magical mike

Oh this helped Thanks Ynot! Did you make those images?

yeah, I've got a stock set of images I use for network diagrams etc.

Originally Posted by magical mike

Ynot, would this also stop m ISP from seeing what I am downloading?

Yes,
think of it like SSL encryption for secure websites
Can your ISP view credit card info when you buy something online? no.

Only you, and the server you are communicating with can decipher the communication
one-one in between can view the communications

Originally Posted by Ynot

think of it like SSL encryption for secure websites
Can your ISP view credit card info when you buy something online? no.

True, but that's a secure system. The public key cartography system is really good.

Most websites/downloads don't go through the hassle of SSL encryption. If you're using Limewire, the ISP can see and log whatever you're downloading. They most likely aren't, unless you are on the terrorist watch list (have an arab sounding name, are a registered democrat, or a legitimate terrorist)

Oh. so private trackers are ok to be on.
its not like I download popular music.
Or that I even download, I just wanted to know.
I think I will do this then.
Is there a way to do it free?

Originally Posted by ninja9578

Most websites/downloads don't go through the hassle of SSL encryption. If you're using Limewire, the ISP can see and log whatever you're downloading.

Exactly,
which is why you setup your own encrypted proxy

instructions assume Debian based linux distro (inc. Ubuntu)

1) Personal Proxy Server

Rent a shell account on a server somewhere (can be in another country if you're really paranoid)

Most good server renting companies will offer fixed bandwidth tiers, with unlimited usage
Eg. http://www.positive-internet.com/zhosting.html
that's £10 / month
(you can team up with a few people to cut the cost further)

just as an example, lets say your rented server is located at
server123.rent-a-shell.com
and you can log onto it, using username tony

Code:

ssh [email protected]

will ssh into your server


2) Port Forwarding

Lets forward outgoing traffic, from your machine, on port 3333 to your new server

Code:

ssh -ND 3333 [email protected]

put this in with the other startup scripts in /etc/init.d/
so it'll execute automatically when you log in

Just for clarity,
all connections made on your machine to port 3333 will be piped (fully encrypted) via SSH to the server
The server will then "execute" the communication, and pipe back (fully encrypted) via SSH the responses to your machine


3a) Using the proxy

Most network-centric apps have native support for proxies
web browsers do, as do most good email clients and torrent clients

edit your global network settings, and specify a socks5 proxy
proxy address: localhost:3333

(remember, all traffic that hits your machine on port 3333 will be piped through to the server)

Don't alter per-app settings
edit your global system wide network settings
now all apps that support proxying will proxy


3b) Using the proxy (part 2)

however, some apps have no native support for proxying
this is where a wrapper library is needed

Install tsocks

Code:

sudo apt-get install tsocks

tsocks is a transparent network forwarder
(similar in operation to wine, or pulseaudio in how it overloads core OS functions)

configure tsocks to forward all connections to localhost:3333

Code:

sudo gedit /etc/tsocks.conf

alter tsocks config to match

Code:

server = localhost
server_port = 3333

To proxy through the server with an app that doesn't natively support proxying, call the app with the tsocks library

Code:

tsocks application

as I said, similar to wine or pulseaudio in the way it intercepts raw system calls

Code:

wine application

Visual Example:

You have setup everything as above

What the end-user experiences

- In firefox, you navigate to www.dodgy-website.com
- Dodgy website loads in your browser

from the end-users perspective, it's no different than having a direct connection to the website

What actually happens

You


- Firefox proxy's the request to localhost:3333

- localhost:3333 is tunneled via SSH to your rented shell account - Red line

- Server "reads" network request and acts on it (server sends request to retrieve html page from www.dodgy-website.com) - Green line

- Dodgy website sends html page to server - Green line

- Server sends back retrieved communication, via SSH to your machine - Red line

- Dodgy website loads in your browser

Why can't people just use Windows? Takes 3 seconds to setup a VPN on there.

this isn't a VPN....
this is tunnelling all TCP connections through SSH

VPN is completely overkill for just anonymous network traffic for one user

VPN, as I said, shines when you have a number of satellite offices needing shared resources (file, print, intranet, IM servers) using the internet for physical connections

tunneling through SSH is just a bit cheaper than a VPN

This is £10 / month
you post costings for a VPN setup

*edit*
plus, to setup a client on an existing VPN network indeed "takes 3 seconds"
but have you ever setup the actual VPN server?
I'm guessing not
LDAP & Kerberos are pains in the arse to setup, and extremely time consuming and fiddly to do right

I posted in here I thought.
I said Thanks Ynot you are a god!!!!!! lol.
I will do this when I get some money on paypal.
Also, is there a free way of doing this?
Like this
http://ubuntuforums.org/showthread.php?t=827506
would changing my IP work also? But I would have to change it like everyday right?
Are there any programs in the package maniger that would do this Ynot?

I don't see what changing your IP would do in your case

from looking at the blurb for that program, I think this is for people hopping between home & work with a laptop, and having to manually change configs depending on where they are
(but this is what DHCP is for)

*edit*
as for a free way,

you need to separate yourself from your dad, network-wise
You need access to a 3rd party machine to proxy things through that your dad cannot access (or monitor)
this means paying for an external host
I don't see any other way to do it

Ok, thanks for the help Ynot, I will end up doing what you suggested.
Would using this be easier?
www.relakks.com
Then I wouldn't have to worry about commands would I?
And what is the deal with VPN?