[nil4t]

Today I have received an abuse of service notification from my IPS for copyright infringement. It turns out my sister had a friend of hers remote access her Macbook and set up Bittorrent to download episodes of the TV show True Blood. Obviously this is a serious problem and what I need to know is if there is a way I can prevent anyone from remotely accessing her computer in the future as it is a huge security risk. The Problem is if I were to disable apples remote access feature on her machine she could simply re-enable it allowing her friend access again. My sister knows little about computers herself but she can be instructed by her friend to undo any changes I make to her machine. What I really need to know is if there is anyway I can prevent access from my router. As much as I would like to I cannot just deny her computer access to the Internet. My router is a Linksys with DD-WRT v23 SP2 VPN firmware. No ports are forwarded for any machine other than mine as I have DMZ enabled(only for my machine). Router firewall is enabled. All VPN options are disabled. Any ideas on what could be done?

[temeteus82]

I would tell your sis that she is going to jail and pay huge sums for MPAA if she would not turn the Apple's remote control off. If she don't believe you show her notification from your ISP. Then configure your router so that NAT is enabled and your sis mac gets IP's from the routers DHCP server. And I would get rid of the DMZ there is no need for that... I wonder why you have it enabled in the first place...

[nil4t]

Thank you for the reply. Its not that I'm worried she will be using Bittorrent again it's just I do not like the idea of someone who I do not know being able to gain access to a computer on my network. I realize using DMZ isn't a great idea but my list of forwarded ports became too long from all the games and software I use and it became a pain to manage.

[Liqourice]

Quote:

Originally Posted by nil4t

Thank you for the reply. Its not that I'm worried she will be using Bittorrent again it's just I do not like the idea of someone who I do not know being able to gain access to a computer on my network. I realize using DMZ isn't a great idea but my list of forwarded ports became too long from all the games and software I use and it became a pain to manage.

You shouldn't need to forward ports, if you do then the router isn't setup correctly. For those games and apps that still requires it you should have UPnP enabled. If your router doesn't support that then I'd suggest a new one.

Running a DMZ is not a good idea and it shouldn't be needed either.

[nil4t]

Well I had heard UPnP isn't secure either and when enabled its enabled for all computers on the network. Is that not true?

The way I view it is out of all the people in my family on the network I am the least likely by far to be downloading malicious software onto my computer. So say a family member downloads something that opens up ports to allow an attacker access to their computer. If UPnP is disabled it may be able to open ports on the computers firewall but the routers will remain closed. As for me I may not have my routers firewall protecting me but I do have one on my computer that is less likely to be compromised by malicious software and as for someone getting around it by other means. I feel like if someone really wanted access to my computer and they knew what they were doing they could do it whether I have DMZ enabled or not. FYI I am not a network security expert and this is just the way I understand it. If I am totally wrong please let me know and direct me to some information that could help me.

[temeteus82]

Quote:

Originally Posted by nil4t

Well I had heard UPnP isn't secure either and when enabled its enabled for all computers on the network. Is that not true?

You hear a load of C*****... UPnP is used only inside the network. It is recommend to use NAT and FW to get it secure. I'm using several app's and games and UPnP works like charm.

[nil4t]

So there is no increased risk of malicious software opening ports on my router with UPnP than without?

[temeteus82]

well that depends on your AV software and you to keep your system clean from them. But when your done with the getting rid of DMZ thing and using NAT and UPnP. You could port forward the default port of the Apple's RC system to this IP : 127.0.0.1

[nil4t]

Quote:

Originally Posted by temeteus82

You could port forward the default port of the Apple's RC system to this IP : 127.0.0.1

I thought about doing something like this with OS X's equivalent of windows hosts file but I would need her friends IP address. I'm am not sure how I would do what you are talking about on my router.

My router has a command shell that lets me tell it to do specific things but I have zero experience with it.

In case anyone is curious I decided to learn to use the command shell on my router. It turns out its pretty simple and I just had to add some custom iptables instructions to my routers firewall.
iptables -I FORWARD -s <users ip> -p tcp --dport <port to be blocked> -j DROP
This will simply block the specified users ip to the specified port.