Helping people with computers... one answer at a time.

It's possible to accidentally create a connection or a bridge between two networks. We'll look at how, and what you can do to avoid it.

With most mobile equipment like laptops and tablets coming with a wide range of network connection options built-in, eg. 10/100, dial-up modem, 802.11 a/b/g and the ability to also add cellular modem capabilities to them as well, it opens the possibility of having more than one connection at any one time. For instance I could be connected with my 10/100 network card and at the same time be connected to another network via the dial-up modem or cellular modem or 802.11. This creates a huge security hole for corporate networks. Is there any utility that I could install on a laptop or tablet that would prevent these multiple connections from occurring? I don't have any issue with someone making a connection via any one of these network adapters, one at a time. I just want to prevent any possibility of bridging two or more network connections.

I immediately thought of my laptop with ethernet, WiFi, infrared, dialup and BlueTooth. Quite the range of possibilities.

But preventing cross-talk? That's an interesting question.

A "bridge" in the networking sense is a connection between two networks. Anything that gets communicated on one network is reflected on the other and vice versa.

Windows XP explicitly supports bridging network connections. Have a look at your network connections in Control Panel, and you may or may not see a type of connection labeled a bridge. (They're apparently set up by default in some wireless network configurations, though I'm not sure why.)

And that brings us to at least one obvious thing to do: check your network connections for explicit bridges. If two of your network adapters are bridged, then they are effectively connected to each other through your machine.

So the good news is that if you have no explicit bridges, then at least you're not an open conduit between the two networks.

But both adapters are still functional. And there's nothing that I'm aware of that would prevent a piece of software, perhaps malicious, from "acting like" a type of bridge. Or selectively listening to one adapter, perhaps connected to a corporate network, and slurping up sensitive data to send out another adapter, perhaps connected to the internet.

I'm starting to understand why so many IT departments resist wireless networks or personal/non-standard computers.

I'd love to hear about additional solutions, but in the meantime, the best I can offer is to explicitly disconnect or disable the network adapter that you're not using if it would otherwise connect in a way that might compromise you. And as always, be careful the software you install and scan for malware and viruses regularly.

Article C2108 - July 9, 2004 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
Anton
July 16, 2004 11:23 PM

Hi!
The best way to do this, is to install a firewall and to see the wireless part as unsafe. A hardware/firmware firewall might be best for this...
Regards,
Anton

sohel
September 30, 2004 11:24 PM

great

Morpheus Exegis
January 4, 2012 12:43 PM

OK i did not read the full article but my 2 cents.

There is no way to accidentally bridge two network connection in any OS. When you are connected to different networks you may get ip conflicts in the following forms:

- dhcp adressing issues - this means that your ip address on one network is similiar to in range or is exactly the same as your ip address on the other network connection. e.g you are 192.168.156.1 and 192.168.156.10 on your two network connections and your subnet is 255.255.255.0 thereby meaning that both ips are in the same range so when you reach out for a network resource your computer does not know which network to use and may go to the unintended network where the resource might be non existent or not what you intended to get to. e.g 192.168.156.3 is my network printer on network 1 and on network 2 it is my fileserver. when i try to reach out to my fileserver it might go to my printer and give me an error statig file not found or resource unavailable.

- gateway errors - these happen when gateway precedence is not set properly. with multiple NICs the ip range the comes first is polled first for resource and if the resource does not exist on that network some Os will return errors while others will poll the second network before returning errors.

the easiest way to do avoid these problems are :

a) have distinct ranges for each network e.g my lab uses 10.x.x.x for internet enabled network. 192.168.x.x for my lan and 169.254.x.x (please do not use this range unless you know what you are doing) for unsecured devices. each range has its gateway defined and when any resource is requested the OS are able to make a call on the closest option for the right path based on past routes, DNS and lookup.

b) binding applications or processes to certain network cards. This ensures that your application only uses that interface for communication. e.g my DLNA broadcast from my media server is bound to NIC1 with ip of 192.168.251.x now any device int his range can see my device and play videos from it but the other NIC 10.10.10.x cannot see any DLNA traffic from this computer so any device on my media server's NIC2 cannot see or play my media server's videos.

the binding option are very easy to find in windows 7. vista will require google help and windows xp with the help of virtualization or other apps. but solutions for each of these methods exist for all OS including MAC, linux, unix bsd etc.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.