Bridging A Wifi Signal?

So, I got a free desktop computer the other day. Problem is, it has an ethernet port, but no WiFi card. I do, however, have an extra router I had lying around. What I want to try and do is bridge the WiFi signal coming from my wireless (host/primary) router to the other router (client/secondary) and use an ethernet port on the secondary router (which will be on the other side of the house with no physical connection) to connect the new PC to the internet.

Now, I have gone into the secondary router's management console and followed a tutorial on how to set it up for bridge mode. From there, I'm not sure what to do. As a hypothesis, I'm thinking I have to muck around in the 'network adapter settings' and change the IP address on the client machine to the IP on the host machine and/or match the subnet mask. I know a bit about networking, but as far as IP address settings and subnet masks, etc, I'm not too incredible knowledgeable.

Any help would be very much appreciated. I love learning about this stuff. And if you need any more info, feel free to ask.

 

I doubt it will work. I've found that some computer parts are just not interchangeable. It will probably cost more to do it that way than to just buy a wifi card or even a new computer! lol

 

Why not just use a longer cable lol. I don't know why you'd wanna do something weird like this. It probably can be done on a decent "real" router. Some ISP leased POS joke "router" probably can't do it. ISP leased routers suck and ought be taken out back and shot with a few .40 S&W rounds.

I spent a lot of time tracking down and thwarting attempted intrusions on my machine the other day (the main culprit was some machine in Hong Kong with no real DNS records). Only noticed the botnet attacks when i decided to dump TCP packet headers destined to, well a specific port. I started to print all the log files, before realizing that there was over 10,000 pages worth of this shit, all mostly failed authentication attempts to log in as root, trying authentication up to 10 or 20 times a second, 24/7 unless my vpn was up or port closed. And that was just the most recent log file, I haven't looked at the older log files. They'll never get in, and I thwarted that shit cuz it's logfile spam that eats disk space ... my machine is pretty secure but I have an ISP leased "router" ... but the only reason I can thwart it is because my machine is secure. A REAL router would let you ban their ass right there and they wouldn't be able to make it any further than that. They could randomize their IPs ... but then they wouldn't be able to receive the reply back lol. They'd never figure my password though, it's too complex, and I disabled logging in from root, so they could only try to log in as a regular user and wouldn't be able to do much. They could try to crack my password with my own machine, but even my 8-core machine couldn't brute force it in less than the age of the universe and I'd definitely notice the 100% cpu load. They could read some pdfs, listen to some music or watch some movies but anything important is encrypted, so I doubt it would be very profitable.

Counter attacks aren't effective on botnets, and ISPs don't give a shit if you get hacked, they only care about whether you torrent shit. I'd love to know what they'd have to say about the 2+ terabytes of music and films I've torrented but they have no clue about that And it was a long time ago that I did it, i don't do it anymore, I promise. If I did they would know about it with their spying eyes kek.

These botnets scan large blocks of IP address ranges, like entire /8's or maybe even a /24 if it's a big botnet. It takes literally an entire day to scan and run scripts against an /8 which is only 255 hosts, but when you've got thousands or millions of malware infested machines doing the dirty work for you can scan the entire internet if you want and who cares how long it takes.

Better pick a good password, because once they get ownership of a privilaged account you won't see anything in any logs, they'll most likely delete them, or just edit out anything that looks suspicious so it looks like nothing ever happend. Or they could just brick your computer if they felt like it I guess too but they'd probably rather just get your credit card numbers and bank account info, maybe read your swap file for memory pages that might contain passwords or other valuable info, then schedule your machine to run scripts that launch the same attacks, basically becoming a zombie machine, making your performance poor and network throughput appear to be very poor, and maybe even get your ISP pissed off at you.

tsk tsk ...

I thought this was interesting: http://pastebin.com/JBsZYYVB

especially this part:
remarks: *************************************************************************
remarks: Unresolved Spam complaints to Auto-responder spam@apnic.net.
remarks: Unresolved Network Abuse issues to Auto-responder
remarks: abuse@apnic.net.
remarks: *************************************************************************

and this:
remarks: Comment: This IP address range is not registered in the
remarks: Comment: ARIN database.
remarks: Comment: ** IMPORTANT NOTE:
remarks: Comment: IPv6PC do allocate IP addresses as one of the
remarks: Comment: Internet registries, but we do not have any
remarks: Comment: responsibility for any actions taken from the
remarks: Comment: IP addresses we allocate to the service providers.
remarks: Comment: The service providers receiving allocation are
remarks: Comment: in responsible for the allocated IP address space.
remarks: Comment: Therefore, regarding abuse claims for this IP
remarks: Comment: addresses range we would like to ask you to
remarks: Comment: directly contact the service providers which
remarks: Comment: have received allocations from IPv6PC.
remarks: Comment: Moreover, the IP addresses within this range
remarks: Comment: which are not on the above database are the
remarks: Comment: addresses which have not been allocated to any
remarks: Comment: organization. Thus, they should not be existing
remarks: Comment: in Internet and thought to be feigned.

yeah ...fuckin' right

 

Possibly. There are many router you can install open-wrt on. If you have that, you can probably bridge the wireless connection.

If you google the brand of router and dd-wrt, you should be able to see if it's possible.

 

yeah, I've already googled. Seems I'd have to drop about $200 for anything decent. Right now I'm just using fail2ban to issue temp bans on IPs that try attacking me, and so far i havn't seen any more "intrusion attempts" or strange packet headers like syn packets that don't complete the handshake. If they try too many times they get banned. I also forwarded a different external port to the port they were attacking, because most of them only try one port, because scanning all ports takes too long.

it's worth noting that it's not in APNIC either, says it was transferred ... lol

I'd like a "real" router though, so I can implement stuff like that in the router and protect the entire network (of course I would also secure my own box as well as an extra layer of protection).

Bring it on script kiddies, teach me so I can make my security better

 

a friend who has manages networks for many clients deals with such attacks all the time. They are looking to steal business info much more than personal info.
He uses a Sonicwall router at home and it logs everything. He has logged over 250,000 attempts in little over an hour before, all originating from China, but he is registered as a business and runs his own e-mail server, so it appears differently than the average home user and more prone to attack.

 

yeah, its a pretty common thing really. it does fill up logs quickly, but the bruteforce zombies will never get in cuz the password is too complex. The fact that they're doing it over a network with a pretty high round trip delay limits the rate at which they can try passwords. The temp bans thwarts it even further, they can only try a few times and then get banned ... this also keeps them from filling up my log files which eventually could get pretty big and deplete all my disk space (like I said, I was going to print a months worth of logs ... and then realized it would have taken over 10,000 sheets of paper, that's 20 reams of paper!) Even if they were in my physical machine and could utilize my beastly CPU to do the bruteforcing trying thousands of passwords per second it would still take them a very very long time (like probably forever) if the password is complex and long enough. This is a good reason to pay attention to your CPU load ... if you see it pegged at 100% load then there's probably something going on that shouldn't be, but my load average is like 0.12%.

I guess there's enough machines out there though that can be broken into easily that this is somehow worth it to them. It usually comes from china because service providers in certain regions basically just don't give a fuck so that's where they go.

 

subnetting is basically how many bits of the IP address are used for the subnet / host part, i.e a class C network is an /8. 192.168.1.0/8 is just another way (the newer) to do subnet masking is is the same as the subnet mask 255.255.255.0, that is in both cases, the first 24 bits of the 32bit IP address are used for the network, and the last 8 bits are used for the subnet, and addresses from this range are what will be allocated to hosts on that subnetwork.

the newer way is more convenient, because it's simply to tell how many bits are used for more complicated subnetting, i.e. if you wanted a /4 subnet or two /4's out of an /8, it's easier to quickly figure out in your head than it is to figure out the subnet masks 255.255.255.15 and 255.255.255.240 respectively (which you'd probably need a calculator, as converting from binary to hex isn't hard, but converting from binary to decimal is a PITA)

IP addresses are 32 bit binary integers, and the subnet mask in binary for an /8 (255.255.255.0) is:

Code:

1111 1111 1111 1111 1111 1111 0000 0000

 

+1


I knew what this thread was going to be about as soon as I saw the title. Truly a classic problem... Always a pain in the ass but good for a chuckle once you've figured it out and get to tell the story.