How to hide some devices from home network?

Ancient

New Member
Messages
7
Location
Australia
Is there a way to hide devices connected to LAN port 4 on a modem-router from devices connected to the other 3 ports? And also in the other direction: hide all devices on ports 1 2 3 from anything attached to port 4 ?

Instead of specifying by LAN port, the white list of things to see each other could be selected by MAC address, as I only have three things I want to see and be seen on my home network.
A black list system is no good because unknown new things might get connected to LAN port 4.

I have an unusual networking situation...

I disabled wireless in my modem-router, so only the 4 ethernet ports work.
I have a desktop (Win 7) a laptop (Win 8.1) and a NAS connected to the router's ports 1 and 2 and 3. They are networked by a password protected homegroup.

I share my internet service with a friend in the next apartment, by one ethernet cable attached to port 4 on my modem-router. Now her friends are staying there while she is away for a few months. They are not easy to negotiate with and I can't ask them to make any changes to their computers.

It seems they have added some kind of switch or hub at their end of that one cable, because I often see two or more strange PCs listed in Windows Explorer networks folder. It even lists the 3 usernames on their PCs.

I shouldn't simply disconnect their ethernet cable, or they won't have internet access, but I don't like how their PCs show up in Windows Explorer. Also I guess my three devices are shown on their computers (but probably none of my folders are actually readable by them)

It seems "network discovery" is not selective about what devices it finds. It is simply on or off, and it must stay on for my homegroup network to work.

Should I try a different kind of networking in Windows, instead of a homegroup?
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    home assembled
    CPU
    Intel Core2 Quad Q9450 2.67GHz
    Motherboard
    Asus P5Q pro
    Memory
    8 GB
    Graphics Card(s)
    NVIDIA GeForce 560 Ti
    Monitor(s) Displays
    one flat panel 24"
    Screen Resolution
    1920 x 1200
    Hard Drives
    INTEL SSDSC2CW240A3 240gb SSD
    Seagate ST2000DX001 Desktop SSHD 2TB (HD+SSD hybrid)
I would take a look at this:
Network Downloads : Proxy /// AnalogX

Tell the people taking advantage of your generosity they can configure their machines to get web,mail etc.. or they can do without. The only drawback is the machine running the proxy server would have to be left on.

I used this way back on Win98 before I had a router. The setup takes 5 minutes. Way simple.

Edit: Oh yeah, and all the AnalogX stuff is free.

Edit2: I'm not sure about the wiring but it likely shows in the instructions. I think I used null modem cable back then(dial-up)
 

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
Thanks for your reply MilesAhead, but it seems that method requires:
- me leaving my PC switched on at all times and not in sleep power saving
- I would have to add an extra ethernet adapter in my PC which their cable would be attached to, instead of attached to a port on my modem-router
- I would have to get them to configure all their programs (email and browsers etc) to use a proxy I specify
- plus other possible setup problems in their machines, such as TCP/IP settings and ports... my mind was befuddled by half way down the documentation page on that website you linked to.

That is definitely not what I am looking for.
I was hoping for a method which only requires modifying some network settings in my own PCs, such as restricting network discovery to a white list of MAC identities.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    home assembled
    CPU
    Intel Core2 Quad Q9450 2.67GHz
    Motherboard
    Asus P5Q pro
    Memory
    8 GB
    Graphics Card(s)
    NVIDIA GeForce 560 Ti
    Monitor(s) Displays
    one flat panel 24"
    Screen Resolution
    1920 x 1200
    Hard Drives
    INTEL SSDSC2CW240A3 240gb SSD
    Seagate ST2000DX001 Desktop SSHD 2TB (HD+SSD hybrid)

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
Edit: $ sign workgroup name hiding.. see paragraph in this link

How to hide my computer in a workgroup network in windows 7? - Yahoo Answers

Of course you would have to change the workgroup name so they can't guess it, I guess.
That would hide my PCs from each other too. It's for when the owner of a PC wants to hide his own PC from all others on the network.
I've always been trying to get stuff visible, not the reverse. :)
Yes that's the more usual problem, PCs that want to find each other so they can network.
I've done lots of searching - read every networking related tutorial here - and in other places too.

Eventually I discovered a partial solution...

In the tree in Win 8.1 File Explorer, under the "This PC" item I could see a list including every user of their PCs.
Very strange that Microsoft thinks it's sensible to list all the users of their remote devices in my tree under This PC. We are not even in the same workgroup or homegroup (I didn't leave my own workgroup name as the default "WORKGROUP" of course)

If I selected This PC in the tree, the right hand panel listed all their user names in the "Network locations" group, described as "Media Server".
I right clicked each in turn and clicked "Remove Device". Woopeee! they have all disappeared from the tree. :)
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    home assembled
    CPU
    Intel Core2 Quad Q9450 2.67GHz
    Motherboard
    Asus P5Q pro
    Memory
    8 GB
    Graphics Card(s)
    NVIDIA GeForce 560 Ti
    Monitor(s) Displays
    one flat panel 24"
    Screen Resolution
    1920 x 1200
    Hard Drives
    INTEL SSDSC2CW240A3 240gb SSD
    Seagate ST2000DX001 Desktop SSHD 2TB (HD+SSD hybrid)
But have your machines disappeared from their lists?
There must be some standard way to exclude machines from a workgroup. Maybe a network guru will chime in. Or perhaps a switch between the modem and the router. Let them have internet access and nothing else. Someone into network topology would know.
 

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
Yes, I would prefer a solution outside of my PCs, in the router itself.

It seems ordinary all-in-one ADSL modem+routers offer no control over connections between their LAN ports. Maybe more geeky hardware, with a separate router (and the modem in bridged mode) could provide that - the kind of router people use who want better QoS, such as provided by Gargoyle firmware.

Or if even separate routers can't do it (they are actually a better featured router plus a simple LAN switch) maybe it would need a managed switch, before the router.

But buying and connecting 3 things (smart LAN switch > router > modem) instead of the usual 1 thing (modem-router) and then learning how to do the right settings in each of those, would be too much to learn about.

Completely hiding my devices from them is not really essential, as long as they can't read or write to my devices and can only see that they exist. I guess I can trust Windows password-protected homegroup networking to look after that.

Really what annoyed me most was seeing their stuff listed in so many places in my file manager - things I can't access, and don't want to anyway, filling my tree. At least that has stopped now. :)
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    home assembled
    CPU
    Intel Core2 Quad Q9450 2.67GHz
    Motherboard
    Asus P5Q pro
    Memory
    8 GB
    Graphics Card(s)
    NVIDIA GeForce 560 Ti
    Monitor(s) Displays
    one flat panel 24"
    Screen Resolution
    1920 x 1200
    Hard Drives
    INTEL SSDSC2CW240A3 240gb SSD
    Seagate ST2000DX001 Desktop SSHD 2TB (HD+SSD hybrid)
Hiding stuff on the network, ends up causing more headaches, then anything. You can block Network discovery on the machines, or write a GPO for LLTD, to hide stuff, using a Pro edition of windows. But in the end, the router & managed switches if you use any, will start having issues, when you are trying to hide MAC ID's from being seen by those devices, due to they are going to have to know how to route information too and from.

See Hide Computer on Network about using LLTD. Also see Enable or disable the LLTD Mapper I/O with Group Policy Also using Firewall Policies can hide the computer from others seeing or accessing.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
Hmm, you don't specify the speeds of the nics. On my broadband setup once all the machines had gigabit interfaces I connected a gigabit switch to the 100 Mb/s router and connected the machines via the switch. This gave me gigabit file transfer between the machines without the expense of a gigabit router. In my case I would have simply connected the foreign cable directly to the router.

I don't know if it would then be easy to segregate the foreign machines but they would be on the slow side of the network in any case. :)
 

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
...
See Hide Computer on Network about using LLTD. Also see Enable or disable the LLTD Mapper I/O with Group Policy Also using Firewall Policies can hide the computer from others seeing or accessing.

Both of those links provide ways to hide the computer completely from everything on the LAN, by disabling LLTD. The first tells how to do it in Vista, the second tells how to do it in Windows Server, .

I am not running Vista or Server.
In Windows 7 or 8 I can achieve the same result, totally isolating my computer, simply by switching Network Discovery off.
Or I could unplug its ethernet cable.

But I do NOT want to hide my computers from each other.

Maybe delving into Windows Firewall rules would enable selectively letting each of my computers send to and receive from each other and the router but not anything else on the LAN.
Something to explore on a rainy weekend...
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    home assembled
    CPU
    Intel Core2 Quad Q9450 2.67GHz
    Motherboard
    Asus P5Q pro
    Memory
    8 GB
    Graphics Card(s)
    NVIDIA GeForce 560 Ti
    Monitor(s) Displays
    one flat panel 24"
    Screen Resolution
    1920 x 1200
    Hard Drives
    INTEL SSDSC2CW240A3 240gb SSD
    Seagate ST2000DX001 Desktop SSHD 2TB (HD+SSD hybrid)
Regardless about the Vista or Server, it still applies to any Windows edition. LLTD is what controls Network discovery. Personally again as I stated before. You start hiding machines from others on the network, you are going to run into problems. Your best way to not allow access into the machine, is with the Firewall Policies.

There really is no reason to hide a machine on the Network, unless you are going to use it as a Packet Sniffer or Honeypot. Then you would be using Linux to do that, not Windows. It is easier to hide a Linux machine on a network, by not using Samba server on it.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
Regardless about the Vista or Server, it still applies to any Windows edition. LLTD is what controls Network discovery. Personally again as I stated before. You start hiding machines from others on the network, you are going to run into problems. Your best way to not allow access into the machine, is with the Firewall Policies.

There really is no reason to hide a machine on the Network, unless you are going to use it as a Packet Sniffer or Honeypot. Then you would be using Linux to do that, not Windows. It is easier to hide a Linux machine on a network, by not using Samba server on it.

Thank you for sharing your opinion.
It makes no sense to me that hiding my machines from some others is vaguely scary in some way you don't specify.

My machine is invisible to theirs when it is turned off. Blocking it by an intermediate switch would have the same effect. It simply doesn't exist for the remote PC.

A managed switch would have no problems being told to not send their PC's Network Discovery enquiries (or anything else from them) to my PC. That's one of the jobs it's designed to do.

And their PC would be unaware of it happening. Those handshaking packets don't have a specific address, they are broadcast. That's the whole point of sending them - the sending PC doesn't know who is out there. Many devices don't receive them or don't reply.

It's kind of similar in principle to how the firewall in a modem-router should be set to not send incoming ping requests from the WAN to a PC on the LAN. It receives a constant storm of them from hackers on the internet and just drops them. You should set it to not send a return ping, so your LAN is invisible to hackers or seems to be switched off.

Or if you set the router's firewall to allow incoming pings through to the PC, but set the PC itself not to reply, that doesn't worry the router either. There is lots of junk you don't reply to.

Handshaking attempts are the only thing that would be sent in either direction, between their machines and mine, and it's very common for them to be dropped if there is no apparent destination, or if the intermediary device is instructed to drop them all.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    home assembled
    CPU
    Intel Core2 Quad Q9450 2.67GHz
    Motherboard
    Asus P5Q pro
    Memory
    8 GB
    Graphics Card(s)
    NVIDIA GeForce 560 Ti
    Monitor(s) Displays
    one flat panel 24"
    Screen Resolution
    1920 x 1200
    Hard Drives
    INTEL SSDSC2CW240A3 240gb SSD
    Seagate ST2000DX001 Desktop SSHD 2TB (HD+SSD hybrid)
Back
Top