You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
If you could spare a minute could you do me a favour and check what default gateway your home PC is showing? Looking for the default settings from your broadband provider so if you're a techy who has customised your network then, politely, thanks but no thanks!
Easy way (in Windows) is to open a "Command Prompt"
..then type IPCONFIG and press enter
Look for the line like this :
Default Gateway . . . . . . . . . : 192.168.1.1
If it's not 192.168.1.1 could you post yours along with the name of your broadband provider?
I'm not aware of this posing any security risk but please don't post if you have any concerns.
Really appreciate your help.
Why do you want to know?
It's a bit like asking where is your fuse box... (In the downstairs bathroom)
I'm trying to make something that plugs into the back of home routers (to provide a 'safe' wireless connection) and it depends on the default gateway.
192.168.1.2 - Plusnet
Fuse box is in the kitchen.
That would usually be supplied by dhcp when it gets its ip.
^ hacks Bear's puter and finds fancy dress photos 😉
Thanks bearnecessities
It's on its own subnet, own DHCP etc - that's why it's important.
192.168.1.254 - Plusnet
Just to possibly complicate matters a little!
Out of curiosity, how is the gateway relevant? And given you can already buy Wireless access points, how is your product going to be different?
254 on BT
Thanks scotroutes
Idea of product is that it forces anyone connected to use DNS filtering to avoid inappropriate web sites. DNS settings on device are ignored - unlike setting this up on a standard access point.
DNS settings on a device will override those supplied by dhcp.
Some OS' are shopping with local DNS servers to avoid some of the trust issues with mitm attacks on untrusted networks.
Your children can just set the dns on their pc to bypass what you are doing, unless you're going to use iptables to block dns traffic.
A four the gateway address, you can just get a dhcp lease which has everything you need.
You're inventing OpenDNS?
Pretty much every home router I've ever seen has a default internal IP of either 192.168.0.1 or .1.1. But it could be [i]any [/i]private IP address, there's usually nothing to stop a user from changing it from the default. If your "product" relies on a hard-coded unique IP you're going to struggle.
DNS settings on a device will override those supplied by dhcp.
That's what my 'thing' stops, it overrides them.
How?
If your "product" relies on a hard-coded unique IP you're going to struggle
You're right - going to need to work on that, all three tests I've done with people had the same IP so I was hoping it would be consistent.
That would be telling - It's taken many late nights of geeky nonsense to find a way!How?
Over many years of different modems/routers for my self and family members, the most common has been 192.168.0.1, but 192.168.1.1 is common, as is 192.168.x.254. I've also seen a 10.0.0.1, but never a 172.16.x.x ISP will only be relevant if using their supplied modem, and that changes every year.
Who is it you are tying to stop?
How does it stop VPNs?
How about TOR?
How about local DNS servers?
What about bypassing the network by wired connection?
What about mobile data? (A prepay sim with more than enough data to access sites is in pocket money territory)
What about mobile data to WiFi?
What about access at other locations?
If the attacker is your children, it might be best to talk to them about what sites they are visiting and why.
Who is it you are tying to stop?
Appreciate your input - I realise it's not a particularly secure approach and isn't going to stop anyone with a bit of technical ability. It's not aimed at that market.
Thanks for all the replies - clearly the gateway isn't consistent so back to the drawing board I think..
I think you could do something pretty convincing with a few well chosen iptables rules Provided people can't just bypass the device physically. A raspberry pi would be perfect.
In a big-ass environment, I'd be thinking about using IRDP or something smart with IP redirects (maybe in tcl?). but I don't know if many domestic routers support this.
But more importantly, I can't 'see' how your device can communicate with any network without you knowing the local subnet in advance. If you're not on this subnet, nothing will happen. The standard DHCP-issued networks can vary from provider to provider too; they're not always 192.168.1.0/24. This would need to be addressed, couldn't be hard-coded.
If you are on the right subnet- why not just get your 'device' to run a series of pings at startup, looking for the commonly-used gateways? When it knows that, get it to run a trace to something external to verify that its got the correct IP. That would work, and is fairly easy?
Actually, DHCP would do all you need- that and some scripts.
I knew I wouldn't get away with just asking for a few examples of Gateways! You guys...
Thanks for all the input, do appreciate it. I know there are lots of things to consider (everyone has just one more for me!) but I hope I can get something off the ground which appeals to an average Jo who just wants something to provide some protection for children.
Sounds like you are inventing something like unifi - they have wifi points that connect into the router and you can program the sort of thing you are after
How do you plan on updating the dns filtering or are you just passing it to your monitored/ safe dns ?
Thing is, unless I've misunderstood completely, what you're trying to do is already possible. You need a router which will let you set DNS to something like an OpenDNS account and block port 53 (DNS) so that you can't override it at the client. Most high-end routers (rather than the bottom-feeder crap provided by the ISP) will give you this level of control. Problem solved, wireless and wired connections. The only way round that then would be if your router was compromised / replaced. In fact, I've not looked as I have no need of such things, but I'd be shocked if such a product (preconfigured router) didn't exist out-of-the-box. And if it doesn't, that might well be a tappable niche in the market.
The other option would be a local proxy server. Configure your firewall to only accept connections from the proxy, and use DHCP to set client DG / DNS to the proxy. That way you have absolute granular control over your LAN's Internet access, you could blacklist / whitelist whatever you like, and have full logging as to who's accessing (or trying to access) what. If I had kids, it's what I'd do. £20 for a Raspberry Pi and a chunk of Linux frobbery, Robert's your mother's brother.
If you are on the right subnet- why not just get your 'device' to run a series of pings at startup, looking for the commonly-used gateways? When it knows that, get it to run a trace to something external to verify that its got the correct IP. That would work, and is fairly easy?
Theoretically, the DG is available information anyway - DCHP gives it out. So you could make a DHCP request, analyse what comes back and then you've got the local subnet's DG IP. Hell, 99 times out of 100 the source IP of the DHCP server will be the DG anyway.
Quite how you'd analyse that traffic I don't know (pcap?); but presumably if you've got the nouse to build this device then you've got the nouse to do that. Maybe.