Router/AP Set Up And Hardware

Recommended Posts

adrynalyne    8,570
6 minutes ago, The Evil Overlord said:

Isn't that kinda what he's doing right now??

Not if he is resisting. 

Share this post


Link to post
Share on other sites
+The Evil Overlord    18,160
1 minute ago, adrynalyne said:

Not if he is resisting. 

I guess, but like most, I started being technophobic, I asked a question, got answers and advice, and once I began to understand, I started asking more. I was working on the assumption mind is doing the same

Share this post


Link to post
Share on other sites
Mindovermaster    987
1 hour ago, The Evil Overlord said:

Isn't that kinda what he's doing right now??

Totally, I am asking YOU for help. You give me answers. I learn them. So gimme information, @adrynalyne

57 minutes ago, adrynalyne said:

Not if he is resisting. 

Where am I resisting?

Share this post


Link to post
Share on other sites
adrynalyne    8,570
11 minutes ago, Mindovermaster said:

Totally, I am asking YOU for help. You give me answers. I learn them. So gimme information, @adrynalyne

Where am I resisting?

By arguing with posters about security. Sounds like resisting to me. 

Share this post


Link to post
Share on other sites
Mindovermaster    987
4 minutes ago, adrynalyne said:

By arguing with posters about security. Sounds like resisting to me. 

@sc302seems to agree with me... And that wasn't necessarily arguing. That was me saying "As a noob to networking, do I need this?"

Share this post


Link to post
Share on other sites
adrynalyne    8,570
1 hour ago, Mindovermaster said:

@sc302seems to agree with me... And that wasn't necessarily arguing. That was me saying "As a noob to networking, do I need this?"

I guess. 

Thats not how this read to me. 

Tell me, since we got our first internet router, gotta be 10-12 years ago, why has no one hit us yet?

 

Anyway, moving on...

 

Share this post


Link to post
Share on other sites
Mindovermaster    987
1 minute ago, adrynalyne said:

I guess. 

Thats not how this read to me. 

Tell me, since we got our first internet router, gotta be 10-12 years ago, why has no one hit us yet?

Hence the "?", you could have explained why...

Share this post


Link to post
Share on other sites
adrynalyne    8,570
5 minutes ago, Mindovermaster said:

Hence the "?", you could have explained why...

Nothing to explain past it’s either been luck or you didn’t know you were hit. That and exploits have increased over the years so you can’t compare 11 years ago to now. 

Share this post


Link to post
Share on other sites
+BudMan    2,998

Nothing to do with "hitting" you ;) 

 

Look at the mess with the wdc nases backdoors and how easy that was/is to exploit..  That box gets compromised, and now your whole network is open..

https://www.csoonline.com/article/3246234/security/hardcoded-backdoor-in-12-western-digital-my-cloud-nas-devices.html

 

The  where/are like 1200 some models of IP camera's with backdoors..   That is compromised.. your whole network is exposed.

https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01

 

That was just the tip of the iceberg with that warning

 

The goahead fiasco from Xmas just a couple of weeks ago

https://gbhackers.com/goahead-servers-vulnerability/

 

Do what you want - but opening up anything into your network form the internet to anything, especially IOT device is asking for it... This has ZERO to do with your wireless security and the kid across the street "hacking" you..

 

Do you ever let strange devices onto your wifi/wired network, like friends phone, laptop/tablet... Or do you only let them use your "guest" wifi?  If you let them onto your 1 flat network - you just exposed every single device you have on that network to whatever might be on that "strange" machine..  The old saying about you are sleeping with everyone that your partner has ever slept with when you don't practice safe ex...  Get my drift...  While I might let my buddies machine onto my guest network - I sure and the F do not his machine anywhere near my iot devices network or my stuff, etc.

 

Sorry that $15 smart switch I got from some china company.. While I don't mind letting it turn on my xmas lights from my phone... I not going to give it open access to everything else on my network..

 

 

Share this post


Link to post
Share on other sites
Mindovermaster    987

@BudManHow do you have your whole house set up? With different VLANs and what does and doesn't go out?

Share this post


Link to post
Share on other sites
+BudMan    2,998

I don't stop anything from going out.. But I do monitor how often and where they go.  Not possible to use that $15 china smart switch if it couldn't go out.. But there is no inbound to any of those devices.

 

But they only go out to internet, they can not talk to any of my other stuff...  If you were a bit more paranoid you could limit where they go even.. I just monitor them for oddness.. They check if internet is there, and then open up connections to AWS..

 

Here is one of their connections

192.168.4.213:50052 -> 54.149.26.246:1883ESTABLISHED:ESTABLISHED9.008 K / 4.532 K362 KiB / 187 KiB

 

;; ANSWER SECTION:
246.26.149.54.in-addr.arpa. 3600 IN     PTR     ec2-54-149-26-246.us-west-2.compute.amazonaws.com.

 

NetRange:       54.144.0.0 - 54.159.255.255
CIDR:           54.144.0.0/12
NetName:        AMAZON
Organization:   Amazon Technologies Inc. (AT-88-Z)

 

Here is what its doing.. Currently... I could sniff when I turn it on and off, etc  How this stuff work and how fast is pretty freaking slick ;)

mqtt.thumb.png.469558dda3b739aa3d60e94e0896cf4a.png

 

Simple mqtt traffic... Those are my too tantan smart switches that used to turn on and off the xmas lights in the den and guestroom windows...  Prob take them off network here in a few days the lights our off, etc.

 

If that was some IP in china, then I would be a bit worried... And pay more attention to what it was talking about, and how and would prob even do mitm on it if need be to sniff any encrypted traffic, etc..

 

I currently have 7 different vlans/networks used for devices, a couple more for a transit to downstream router playing with, etc..  Now that unifi has mac based dynamic vlans working on non enterprise networks, ie psk networks and you can assign a iot device a vlan dynamically based upon its mac address vs the ssid it connects too I will be breaking them up a bit more.  Where different types of iot devices will not be on the same network.  No reason for my tp-link smart lightbulb to be on the same network as the tantan smart switches or my nest thermostat, etc.  But didn't want to fire up so many different ssids, But now that can do dynamic vlans for devices that do not support wpa-enterprise can run just 1 psk for them all and assign them their own different vlans based upon type and function, etc.

 

Network is always in a bit of flux since is not just my home network, its also a lab where I play with stuff and duplicate setups to help other users, etc.

 

Not expecting you to jump into the fire and segment everything like I have, etc.  But it would be a good idea since your setting up the network to get equipment that will "allow" you move forward....  Don't buy the $30 non vlan switch when you can same price for switch that can do vlans..  If you don't set them up then the switch is just dumb out of the box, etc. etc..

 

https://www.amazon.com/dp/B008ABLU2I

Smart version 8 port gig $31.55

 

Dumb version

https://www.amazon.com/dp/B000BCC0LO

8 port gig $29.99

 

Why would you not get the smart version?  Even if you do not vlan it will let you check for errors on a connection, hard code the speed of interface, etc.. Shoot I have seen the smart versions cheaper than the dumb versions sometimes..  But if your going to be running wire to all over your house, your going to more than likely need a slightly bigger switch for your closet where everything runs.. Say maybe 16 port or 24 port... Nice thing is those would give you more features then the entry level 5 and 8 port smart, etc..

 

If you decide to go with say those unifi inwall AP units, then you prob want to go with 1 of their poe switches, etc.  For entry level person a setup with say their USG 3p as your router, one of their switches and then their AP... You would be very happy and more than a bit surprised most likely with the information the dpi info can give you.. Even if mostly eye candy when your use to running stuff like ntop..  But wow will it will move you to the next level if you want to go for very budget friendly setup to be honest.

 

Be happy to get you neowin discount for the usg 3p that is sitting on my shelf.. I might set it up in my lab area but if it could go to a good neowin home vs sitting on my shelf for a few months until I get around to playing with it again.  I would be up for that... Your close so shipping would be cheap - shoot I am even going to be in Milwaukee in March - taking the wife to see Andy Grammer at Pabst..  Your up in the Milwaukee area are you not?  Somewhere in WI I thought..

Share this post


Link to post
Share on other sites
Mindovermaster    987
3 hours ago, BudMan said:

Be happy to get you neowin discount for the usg 3p that is sitting on my shelf.. I might set it up in my lab area but if it could go to a good neowin home vs sitting on my shelf for a few months until I get around to playing with it again.  I would be up for that... Your close so shipping would be cheap - shoot I am even going to be in Milwaukee in March - taking the wife to see Andy Grammer at Pabst..  Your up in the Milwaukee area are you not?  Somewhere in WI I thought..

How much would you sell that for? I'm in Racine, south of Milwaukee. But surely on your way. :)

Share this post


Link to post
Share on other sites
+fusi0n    1,642
3 hours ago, BudMan said:

https://www.amazon.com/dp/B008ABLU2I

Smart version 8 port gig $31.55

 

Dumb version

https://www.amazon.com/dp/B000BCC0LO

8 port gig $29.99

 

 

Thanks for posting this! I have an old 48 Port Quantum 10GBe switch that flooded the market years ago (dubbed white van switches). I've been looking for a small switch I can do a VLAN with.. I'll see if that have something a little bigger as I am downsizing my home lab, thanks, AWS.

Share this post


Link to post
Share on other sites
+BudMan    2,998

The usg 3p...

 

I bought it for $113, plus tax.. So 120

order.thumb.png.fad69002e243c47b818f5515d2d03a77.png

 

I could let you have it for $100 going to drop it off on the way up to Milwaukee ;) I will put the latest and greatest firmware on it before I bring it or ship it.. Currently firmware is at 4.4.18, while mine is at 4.4.14dev I think.. That won't be til end of march.. I still have the original box and everything that came in it, etc.  I was actually hoping to return it back to amazon - but the shipment of sg-4860's didn't come in til after the return date :(

 

We could meet at a place on the way up... Have a quick beer ;)

 

I have 2 smart switches that work, the tp-link doesn't do vlan correctly so wouldn't give that to anyone.. But they are suppose to be fixing it - we will see..  But have the a netgear and dlink.. 8-port gig smart let you have for $20 for the dlink and 30 for the netgear..  Don't have the boxes for those.  The dlink is the model I linked too.. Netgear is a https://www.amazon.com/gp/product/B00M1C0186

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.