A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Any advantage in using private ranges other than 192.168.x.x in NAT router?



 
 
Thread Tools Display Modes
  #11  
Old February 4th 19, 10:58 PM posted to uk.telecom.broadband
Graham.[_3_]
external usenet poster
 
Posts: 295
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

On 04/02/2019 20:49, Nick Leverton wrote:

If people can even see into a private network, the owner has a serious
problem which can't be solved by messing with IP ranges.


Not a lot you can do about that when you need to communicate wirelessly
with vehicles in the yard.


Then they've got the passphrase, or have cracked your WPAx encryption

--
Graham.

%Profound_observation%
  #12  
Old February 4th 19, 10:59 PM posted to uk.telecom.broadband
Nick Leverton
external usenet poster
 
Posts: 100
Default Any advantage in using private ranges other than 192.168.x.x inNAT router?

In article ,
MissRiaElaine wrote:
On 04/02/2019 20:49, Nick Leverton wrote:

If people can even see into a private network, the owner has a serious
problem which can't be solved by messing with IP ranges.


Not a lot you can do about that when you need to communicate wirelessly
with vehicles in the yard.


There is loads you can do about it, starting with securing the Wifi ...

I have known a transport enterprise which put their operational equipment
on a public network, they were lucky they only got accidentally DOSsed a
few times before we discovered what they'd done.

Nick
--
"The Internet, a sort of ersatz counterfeit of real life"
-- Janet Street-Porter, BBC2, 19th March 1996
  #13  
Old February 4th 19, 11:06 PM posted to uk.telecom.broadband
MissRiaElaine[_2_]
external usenet poster
 
Posts: 165
Default Any advantage in using private ranges other than 192.168.x.x inNAT router?

On 04/02/2019 21:59, Nick Leverton wrote:
In article ,
MissRiaElaine wrote:
On 04/02/2019 20:49, Nick Leverton wrote:

If people can even see into a private network, the owner has a serious
problem which can't be solved by messing with IP ranges.


Not a lot you can do about that when you need to communicate wirelessly
with vehicles in the yard.


There is loads you can do about it, starting with securing the Wifi ...

I have known a transport enterprise which put their operational equipment
on a public network, they were lucky they only got accidentally DOSsed a
few times before we discovered what they'd done.


Oh it was well secured, with lots of expensive Cisco Enterprise kit. My
point was just that an IP range outside the usual 192.168.x.x range was
possibly less likely to be chanced upon.


--
Ria in Aberdeen

[Send address is invalid, use sipsoup at gmail dot com to reply direct]
  #14  
Old February 4th 19, 11:47 PM posted to uk.telecom.broadband
Nick Leverton
external usenet poster
 
Posts: 100
Default Any advantage in using private ranges other than 192.168.x.x inNAT router?

In article ,
MissRiaElaine wrote:
On 04/02/2019 21:59, Nick Leverton wrote:
In article ,
MissRiaElaine wrote:
On 04/02/2019 20:49, Nick Leverton wrote:

If people can even see into a private network, the owner has a serious
problem which can't be solved by messing with IP ranges.

Not a lot you can do about that when you need to communicate wirelessly
with vehicles in the yard.


There is loads you can do about it, starting with securing the Wifi ...

I have known a transport enterprise which put their operational equipment
on a public network, they were lucky they only got accidentally DOSsed a
few times before we discovered what they'd done.


Oh it was well secured, with lots of expensive Cisco Enterprise kit. My
point was just that an IP range outside the usual 192.168.x.x range was
possibly less likely to be chanced upon.


It would provide precisely zero additional security, because the first
thing anyone would do after breaking into the network, would be to scan
what traffic was there and what IP addresses it was using. You could
put it on 223.223.223.223 and it would still be blindingly obvious to
any intruder because it would show up in the network traffic on the LAN.

Nick
--
"The Internet, a sort of ersatz counterfeit of real life"
-- Janet Street-Porter, BBC2, 19th March 1996
  #15  
Old February 5th 19, 12:17 AM posted to uk.telecom.broadband
MissRiaElaine[_2_]
external usenet poster
 
Posts: 165
Default Any advantage in using private ranges other than 192.168.x.x inNAT router?

On 04/02/2019 22:47, Nick Leverton wrote:
In article ,
MissRiaElaine wrote:
On 04/02/2019 21:59, Nick Leverton wrote:
In article ,
MissRiaElaine wrote:
On 04/02/2019 20:49, Nick Leverton wrote:

If people can even see into a private network, the owner has a serious
problem which can't be solved by messing with IP ranges.

Not a lot you can do about that when you need to communicate wirelessly
with vehicles in the yard.

There is loads you can do about it, starting with securing the Wifi ...

I have known a transport enterprise which put their operational equipment
on a public network, they were lucky they only got accidentally DOSsed a
few times before we discovered what they'd done.


Oh it was well secured, with lots of expensive Cisco Enterprise kit. My
point was just that an IP range outside the usual 192.168.x.x range was
possibly less likely to be chanced upon.


It would provide precisely zero additional security, because the first
thing anyone would do after breaking into the network, would be to scan
what traffic was there and what IP addresses it was using. You could
put it on 223.223.223.223 and it would still be blindingly obvious to
any intruder because it would show up in the network traffic on the LAN.


Ok, if you say so. I disagree, but there you go.


--
Ria in Aberdeen

[Send address is invalid, use sipsoup at gmail dot com to reply direct]
  #16  
Old February 5th 19, 12:22 AM posted to uk.telecom.broadband
Invalid
external usenet poster
 
Posts: 140
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

In message , Nick Leverton
writes
In article ,
MissRiaElaine wrote:
On 04/02/2019 21:59, Nick Leverton wrote:
In article ,
MissRiaElaine wrote:
On 04/02/2019 20:49, Nick Leverton wrote:

If people can even see into a private network, the owner has a serious
problem which can't be solved by messing with IP ranges.

Not a lot you can do about that when you need to communicate wirelessly
with vehicles in the yard.

There is loads you can do about it, starting with securing the Wifi ...

I have known a transport enterprise which put their operational equipment
on a public network, they were lucky they only got accidentally DOSsed a
few times before we discovered what they'd done.


Oh it was well secured, with lots of expensive Cisco Enterprise kit. My
point was just that an IP range outside the usual 192.168.x.x range was
possibly less likely to be chanced upon.


It would provide precisely zero additional security, because the first
thing anyone would do after breaking into the network, would be to scan
what traffic was there and what IP addresses it was using. You could
put it on 223.223.223.223 and it would still be blindingly obvious to
any intruder because it would show up in the network traffic on the LAN.

Nick


One downside of the 10.x.x.x range is that BT Retail use if for the
public WiFi mode on their Home hubs. On the domestic version you can't
use 10.x.x.x.The DHCP setup pages will not take those addresses.

On the Business hubs, if you enable Public WiFi you can't set the router
DHCP to the 10.x.x.x range. If you disable the public WiFi you can.
--
Invalid
  #17  
Old February 5th 19, 03:57 AM posted to uk.telecom.broadband
+++ATH0
external usenet poster
 
Posts: 18
Default Any advantage in using private ranges other than 192.168.x.x inNAT router?

On 2019-02-04 10:29, Woody wrote:
10.x.x.x is nothing about putting the address out of the way. It is a
designated Class A address that is never used in the outside world -
only for internal networks. Being Class A it can provide a huge number
of networks and addresses behind a common NAT wall, many many times more
than using 192.168.x.x which is Class C.


Classful networking has been irrelevant for 25 years, but people
continue to trot out this old rubbish.

These networks have been called 10.0.0.0/8 and 192.168.0.0/16 (note! Not
a "Class C" network despite being in the old and now completely
irrelevant Class C range) since before the mid-1990s.
  #18  
Old February 5th 19, 09:24 AM posted to uk.telecom.broadband
Chris Green
external usenet poster
 
Posts: 195
Default Any advantage in using private ranges other than 192.168.x.x in NAT router?

+++ATH0 wrote:
On 2019-02-04 10:29, Woody wrote:
10.x.x.x is nothing about putting the address out of the way. It is a
designated Class A address that is never used in the outside world -
only for internal networks. Being Class A it can provide a huge number
of networks and addresses behind a common NAT wall, many many times more
than using 192.168.x.x which is Class C.


Classful networking has been irrelevant for 25 years, but people
continue to trot out this old rubbish.

These networks have been called 10.0.0.0/8 and 192.168.0.0/16 (note! Not
a "Class C" network despite being in the old and now completely
irrelevant Class C range) since before the mid-1990s.


OP here. I can never remember what the 'proper' annotation is anyway
which is why I tend to write things like 192.168.x.x and 172.16,y,y :-)

Anyway I'm having quite enough hassle with a DNS issue without
adding to the melée by changing the LAN's IP range. :-)

--
Chris Green
·
  #19  
Old February 5th 19, 10:57 AM posted to uk.telecom.broadband
Martin Brown[_2_]
external usenet poster
 
Posts: 139
Default Any advantage in using private ranges other than 192.168.x.x inNAT router?

On 04/02/2019 21:36, Woody wrote:
On Mon 04/02/2019 19:56, Bob Latham wrote:
In article ,
*** Woody wrote:

The advantage of using 192.168.a.b where a is not 0, 1, or 2 is
that you can then put fixed addresses into your domestic system
behind the NAT wall so that DHCP is not used for non-visiting
equipments. The main advantage of such is using a fixed address
for, say, a networked printed which otherwise could get a
different IP address every time it is switched on depending which
order of items being powered up.


I don't understand this at all.

A device can have a fixed IP address on your own Lan either by using
DHCP reservation on the router or by setting a static IP on the
device. It doesn't to my knowledge make any difference at all if the
value of 'a' is 0 or 56. The only difference is how unusual you wish
to be which *may* confuse a hacker a little.

Unless of course, you know something which I've never come across
before.

Please explain further.



Sorry Bob, I realised after I had posted it that I had made a mess of
what I was trying to say.
Two things anyone (with the knowledge) should do is to change the router
SSID as they often give away the make and thus the default
username/password (which you should also change) and secondly to change
the IP range. Whilst it won't stop the real nasty types it will slow
them down a bit. Anyway anyone who would want to crack a domestic system
must be bored stiff.


A bit like the routers that advertise their weaknesses in their default
SSID many hacker tools come preconfigured to attack subrange 192.168.0.*

The other bit about the printer: when you set up a network printer in
Windoze it must have a fixed address. If it doesn't and relies upon DHCP
then it could have a different IP address every time the printer powers
up and Windows won't be able to find it if it has changed from the one
in the printer setup file. It is better to use a fixed address which
could of course be written into the printer config but then there is
always the risk of DHCP having already issued that address unless the
prefixed address is outside the DHCP window. I found it easier to enter
it into the reserved address table in the router - and if you are doing
it for one it makes sense to fix everything. At least you know what
address to enter into your browser if you want to talk to something.

Now someone will correct me no doubt?


You can usually tell the router in its DHCP table settings somewhere to
always give this specific device the same IP address next time. It used
to be a problem in the distant past but not really an issue any more.

--
Regards,
Martin Brown
  #20  
Old February 5th 19, 01:50 PM posted to uk.telecom.broadband
Chris Bartram
external usenet poster
 
Posts: 13
Default Any advantage in using private ranges other than 192.168.x.x inNAT router?

On 04/02/2019 14:54, Chris Green wrote:
Is there any advantage to be gained security-wise in using a
'non-standard' private IP range in a NAT router. E.g. either
172.16.x.x or 10.x.x.x. I suspect not but I suppose there might be
some gain in the 'security by obscurity' direction.

... any other advantages, except the obvious one of bigger sub-nets if
you happen to need them?

Only advantages I cvan see are as you say a larger range, and if you're
planning to VPN tunnel to someone else, it's obviously no good to have
the same IP range behing both routers. Otherwise, no advantage. There's
no security thorugh obscurity; if they've breached your router in any
way (be it the router itself or a device behind it) something will be
advertising the IP range, even if there isn't DHCP willingly handing out
addresses.
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot logon to router using 192.168.1.1 me uk.comp.home-networking (UK home networking) 3 September 21st 05 10:58 PM
Any benefit by changing 192.168.0.1? Barrie uk.comp.home-networking (UK home networking) 13 March 2nd 05 12:03 AM
Wireless subnets 192.168.0 and 192.168.1 Alfie uk.telecom.broadband (UK broadband) 7 October 31st 04 07:49 PM
Can't get WHOIS for 192.168.100.1 David Wood uk.telecom.broadband (UK broadband) 0 October 1st 04 08:14 PM
Can't get WHOIS for 192.168.100.1 will kemp uk.telecom.broadband (UK broadband) 0 October 1st 04 08:05 PM


All times are GMT +1. The time now is 12:19 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright ©2004-2019 BroadbanterBanter.
The comments are property of their posters.