Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How can I avoid making an unintentional bridge?

With most mobile equipment like laptops and tablets coming with a wide
range of network connection options built-in, eg. 10/100, dial-up modem, 802.11
a/b/g and the ability to also add cellular modem capabilities to them as well,
it opens the possibility of having more than one connection at any one time.
For instance I could be connected with my 10/100 network card and at the same
time be connected to another network via the dial-up modem or cellular modem or
802.11. This creates a huge security hole for corporate networks. Is there any
utility that I could install on a laptop or tablet that would prevent these
multiple connections from occurring? I don’t have any issue with someone making
a connection via any one of these network adapters, one at a time. I just want
to prevent any possibility of bridging two or more network

I immediately thought of my laptop with ethernet, WiFi, infrared, dialup and
BlueTooth. Quite the range of possibilities.

But preventing cross-talk? That’s an interesting question.

Become a Patron of Ask Leo! and go ad-free!

A “bridge” in the networking sense is a connection between two networks.
Anything that gets communicated on one network is reflected on the other and
vice versa.

Windows XP explicitly supports bridging network connections. Have a look at
your network connections in Control Panel, and you may or may not see a type
of connection labeled a bridge. (They’re apparently set up by default in some
wireless network configurations, though I’m not sure why.)

And that brings us to at least one obvious thing to do: check your network
connections for explicit bridges. If two of your network adapters are bridged,
then they are effectively connected to each other through your machine.

So the good news is that if you have no explicit bridges, then at least
you’re not an open conduit between the two networks.

But both adapters are still functional. And there’s nothing that I’m aware
of that would prevent a piece of software, perhaps malicious, from “acting
like” a type of bridge. Or selectively listening to one adapter, perhaps
connected to a corporate network, and slurping up sensitive data to send out
another adapter, perhaps connected to the internet.

I’m starting to understand why so many IT departments resist wireless
networks or personal/non-standard computers.

I’d love to hear about additional solutions, but in the meantime, the best
I can offer is to explicitly disconnect or disable the network adapter that
you’re not using if it would otherwise connect in a way that might compromise
you. And as always, be careful the software you install and scan for malware
and viruses regularly.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

3 comments on “How can I avoid making an unintentional bridge?”

  1. Hi!
    The best way to do this, is to install a firewall and to see the wireless part as unsafe. A hardware/firmware firewall might be best for this…

  2. OK i did not read the full article but my 2 cents.

    There is no way to accidentally bridge two network connection in any OS. When you are connected to different networks you may get ip conflicts in the following forms:

    – dhcp adressing issues – this means that your ip address on one network is similiar to in range or is exactly the same as your ip address on the other network connection. e.g you are and on your two network connections and your subnet is thereby meaning that both ips are in the same range so when you reach out for a network resource your computer does not know which network to use and may go to the unintended network where the resource might be non existent or not what you intended to get to. e.g is my network printer on network 1 and on network 2 it is my fileserver. when i try to reach out to my fileserver it might go to my printer and give me an error statig file not found or resource unavailable.

    – gateway errors – these happen when gateway precedence is not set properly. with multiple NICs the ip range the comes first is polled first for resource and if the resource does not exist on that network some Os will return errors while others will poll the second network before returning errors.

    the easiest way to do avoid these problems are :

    a) have distinct ranges for each network e.g my lab uses 10.x.x.x for internet enabled network. 192.168.x.x for my lan and 169.254.x.x (please do not use this range unless you know what you are doing) for unsecured devices. each range has its gateway defined and when any resource is requested the OS are able to make a call on the closest option for the right path based on past routes, DNS and lookup.

    b) binding applications or processes to certain network cards. This ensures that your application only uses that interface for communication. e.g my DLNA broadcast from my media server is bound to NIC1 with ip of 192.168.251.x now any device int his range can see my device and play videos from it but the other NIC 10.10.10.x cannot see any DLNA traffic from this computer so any device on my media server’s NIC2 cannot see or play my media server’s videos.

    the binding option are very easy to find in windows 7. vista will require google help and windows xp with the help of virtualization or other apps. but solutions for each of these methods exist for all OS including MAC, linux, unix bsd etc.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.