I would like to use powerline for a network trunk, but next door is a radio ham. Powerline spills a lot of noise into all the radio ham popular frequencies. There are all sorts of movements against powerline for this.

Is there a way of adding some sort of damper or filter to soak away or block rf emitted from my house circuits, If I were to use powerline? I mean separate to shielding? (who is really going to shield their mains power?)

On a separate but parallel topic, I see powerline signal will leak to the neighbours. there are stories where Someone fits powerline, logs onto their router, settings look different, change one, does not affect home network, 2 weeks later find out they have been messing with the neighbours router. Or even every 3rd house can get your powerline signal since every 3rd house is on the same (of 3) phases as you. I have seen some filters you might put on a line to an electric motor. Could you use one of these between the fuse/junction/consumer box and the circuit to keep powerline signal within the property?

 

Sounds like you are in the land of AUZ with the residential 3-phase power. Really, if it's that much trouble, run TP networking cable.

 

Not knowing your location mains voltage and other details. A Google of mains powerline conditioners or power line filtering should help find you a solution. Here where I am in the US the power line use by hams as you describe is prohibited by law. Anyway, you can try power line conditioning or filtering.

Ron

 

UK, but reading online is international. 'conditioning' and 'filtering'. Got it.

 

Broadband over power line was cancelled in the USA quite a few years ago because in every aspect it is a really poor concept. Not only is it expensive to implement, and a source of interference for many users of the RF spectrum, it is also subject to all kinds of interference. Also, it is not even slightly secure, nor is it reliable. Aside from all of those reasons, why pick a fight with those who can assure that it will be a money-loser investment forever???

 

Not picking a fight. Just filling knowledge gaps.

Gaps filled, no expenditure made.

 

IIRC, @SamR uses a powerline Ethernet solution for a connection to his workshop. He might have some insight.

 

I see powerline signal will leak to the neighbours. there are stories where Someone fits powerline, logs onto their router, settings look different, change one, does not affect home network, 2 weeks later find out they have been messing with the neighbours router.

This would mean not only did his neighbor not change the password on his router from the default but he didn’t either. This is a serious problem in the Internet appliance domain that doesn’t require and unintentionally shared medium to be an issue.

Always change the default, and if you need to use something like this which is susceptible to becoming a party line affair:

1. Change the network from the generic RFC1918 192.168.0.0/16 addressing to some other block in the 10.0.0.0/8 or 172.16.0.0/12* networks. This will be a bit less convenient since autoconfiguration will not put an unassigned device on your network—but that is also the point. You can also allocate a different address space to only the shared link, and not provide DHCP, for a little more protection.
   
   
2. Use DHCP reservations and enable port security. This will prevent devices lacking reservations from accessing the network as they will not be able to get a DHCP assigned address and so be blocked at the port.
   
   
3. Use MAC-based access controls to prevent devices not registered with the router from being able to use the network. Yes, it is a bit of a hassle, but it will make trivial access to your network impossible.
   
   
4. Turn off IPv6 if possible, if you need it, use DHCP6 and not autoconfiguration to assign v6 addresses.
   
   
5. Use a VLAN to isolate the traffic to and from the untrusted network and don‘t bridge the two, only use routing. This will mean the networks are not going to be in the same collision domain but much, if not all of the time \(\mathsf{\small{Security}_{\tiny{INFORMATION}} \ne Convenience}\).
   
   
6. Ultimately, if your hardware (and wetware) support it, use 802.1x and PNAC to require authentication to access the network at all. This is not trivial, and your POIR Plain Old Internet Router) will not support it, necessitating adding a switch with decent Layer 2 features. You will also need an authentication server (probably RADIUS) and a directory service. Fortunately, all the bits and bobs of software needed to implement 802.1x can be found free as in beer as open source and will happily run on a Raspberry Pi Zero or a low end RPi (“real” or clone) which will cost a few dollars.
   
   This last thing is a SHOULD not a SHALL as you might find in a standards document. It is The Right Thing™, but only if you ignore the constraints of ROI for someone who doesn‘t just love doing stuff like this.

The bottom line is even if you find yourself sharing a medium it is relatively easy to protect yourself against casual “hacking” which generally stops at trying a few username/password combinations and unless your neighbor happens to be a competent black hat hacker, and somehow you have managed to secure your wireless network while leaving the powerline segment unprotected, doesn’t nothing to increase the practical attack surface of your network.

 

"y" is totally correct! The level of insecurity was demonstrated to me recently when a printer I was working on for a friend established it's wireless connection with my neighbors home network. The printer's problem was that it's wired connection would not connect with my computer.

 

IIRC, @SamR uses a powerline Ethernet solution

I used TP-Link power over ethernet. TP-Link was mentioned in a recent article as being now banned in the US for being unsecured Chinese manufactured routing devices. I was already no longer using them as they got hot as hell and failed. They never fully failed but became extremely slow and very very hot. I was unable to get a refund but have warranty replacement new unopened boxes in the closet. Changes to the internet modem's house wiring and new Wi-Fi routers and extenders and direct ethernet from modem to my main computer rendered them as no longer needed and a much better solution.

 

Poor designs often overheat and fail. And within a controlled environment, wired links tend towards being more secure, and less subject to interference as well.

 

This would mean not only did his neig.....
.......doesn’t nothing to increase the practical attack surface of your network.

Thanks for posting. Please forgive me, that's a fair amount to get my head around (I am of course keen to do so). I sort of get most of the terms in principle. I have trouble finding them all on the router, lots of fancy terms in the web manager on the router that may or may map to some service partly wrapping some of these configuration options. Is there some resource or diy project that you might recommend for really grokking this?

 

"y" is totally correct! .....
...... The printer's problem was that it's wired connection would not connect with my computer.

Similar, mine likes wireless even though it is wired, I can't turn the wireless off. I can see all the neighbours devices, no neighbour has sent to my printer yet.

 

Broadband over power line was cancelled in the USA quite a few years ago

A system I've spent some time poking around with was developed by (W) in the early 1980s, and which was used by utilities for automated reading and demand response. That system was then continued in development by two succeeding outfits until recently. When I visited one utility that I knew once used this system, I was told they had since migrated to a RF-based solution. I wonder if that system was impacted by the decision to cancel broadband over powerline?

 

A system I've spent some time poking around with was developed by (W) in the early 1980s, and which was used by utilities for automated reading and demand response. That system was then continued in development by two succeeding outfits until recently. When I visited one utility that I knew once used this system, I was told they had since migrated to a RF-based solution. I wonder if that system was impacted by the decision to cancel broadband over powerline?

The meter reading system was never "broadband", nor was it the high data rate that requires broadband. Probably the change to the RF based technology was because it cost less to implement. The big problem with BPL is that it is expensive to connect to power wires. And there is no way around that.

 

You have a point; I think the meter reading system operated at something like 72 baud.
On the transmitter or repeater side, the line coupling was through an impedance transformer to the common point of several high-voltage capacitors connected to the distribution system conductors. On the receiver side, a capacitive divider was used to pick the signal off the incoming 240/120V conductors on the endpoint.

 

Thanks for posting. Please forgive me, that's a fair amount to get my head around (I am of course keen to do so). I sort of get most of the terms in principle. I have trouble finding them all on the router, lots of fancy terms in the web manager on the router that may or may map to some service partly wrapping some of these configuration options. Is there some resource or diy project that you might recommend for really grokking this?

I actually don’t. I‘ve never looked for material on these things but I expect you would find some information on YouTube which would, one hopes, provide links back to written material.

Here is what I can compile quickly that could be helpful:

RFC 1918
This refers to an IETF Request for Comment, number 1918 entitled “Address Allocations for Private Internets” which you can find—along with all other RFCs here. RFC’s are the way stadards for the Internet are proposed, described, and promulgated.

For an informative and entertaining read there is RFC 1000 by the venerable Jon Postel. In it, he and Joyce Reynolds describe the events leading to the name of RFCs and the beginnings if the Ineternet. Definitely something every nerd should read if they want to deserve their nerd appelation.

Subnets, Supernets, and CIDR
The /nn at the end of an IP address denotes a CIDR Block. Classless Inter-Domain Routing (RFC 1519) is a method developed to avoid the limitations of the orginal class-based adressing system used for IP routing.

In RFC 791 “DoD Standard Internet Protocol” , the original classful routing scheme is described. It works by dividing the types of IP addresses into three classes: a, b, and c. The high order (first) bits of the 32-bit address determines its class:

bits	class	network bits/host bits
0	a	8/24 (255 networks/16.7m hosts each)
10	b	16/16 (65535 networks/65532 hosts each)
110	c	24/8 (16.7m networks/253 hosts each)

The class of the address indicates the network mask that should be applied in routing tables. A network mask, or ”netmask” does what it sounds like. It is a bitwise string that “masks” the network bits of an IP address. Network bits are indicated by ones and host bits by zeroes. In this way, it can be determined if the address resides on the local network, and so an ARP (Adress Resolution Protocol) packet should be broadcast to get the MAC (Media Access Control) address (hardeware) of the host, or if the host must be reached by using a gateway to another network.

IP addresses and netmasks are strings of 32 bits. The are not numbers, even though for convenience we manipulate them mathematically. Because the can be represented as numbers they are notated in a variety of ways. We never see them written in binary outside of technical descriptions but dotted decimal notation is very common.

In DDN, the 32 bits are divided into four 8-bit bytes, which are then converted to a decimal (base 10) number from 0–255, separated by ”.”. So, a Class C netmask, which is a bit string of 11111111111111111111111100000000 would be written 255.255.255.0—a much more functional notation for human beings.

Unfortunately, this also leads to a lot of confusion since the simplicity of what it represents is lost. If we have a Class C address of 192.168.1.100, using the netmask 255.255.255.0, look at this:

192.168.1.100
255.255.255.0

11000000101010000000000101100100
11111111111111111111111100000000
|        network       || host |

As you can see, when using binary representation the function and operation of the netmask is trivially understood, so the tools we use to simplify data entry (DDN, CIDR Blocks) make understanding this much harder.

In the case of the CIDR block, the number after the forward slash (/) is the number of network bits. So a class c network would look like: 192.168.1.0/24.

I need to stop writing for the moment but I will try to return to this when I have the chance. I would recommend, on the practical project side of things, to get yourself a computer—it can be very minimal—and install Linux on it. Then, make it into a router, and you can experiment with all of this. You can create a firewall that can serve as the solution for isolating your network, but plan on wiping and installing the OS many times before you put it in “production”. Even a Raspberry Pi would be a good option, and for your learning, you can buy the least expensive configuration. Good luck, and I will try to return to writing more.