Just your daily reminder to secure your router and WiFi. &g

i didnt fall off the turnip truck yesterday. remember the thing with the stockings or something. i have tested you thoroughly and this place is beyond a shadow of a doubt wired up.

>>56916141
>>Change the default administrator username and password of your router. Use a strong password consisting of random upper/lower case letters, numbers, special characters and spaces e.g. z1HG b$%FV6% *O9 !n. If you fear you'll never remember such a password, at least create a password consisting of spaces and upper/lower case characters e.g. Cal I Co Red
meh. i have my ap/switch management on a separate vlan with forwards blocked except from my pc/phone ip. my router has inputs blocked from inside/outside except from specific internal ips

My WiFi password is "correct horse battery staple". Router password is "admin". Why would I change anything?

File: IMG_0043.jpg (46KB, 617x372px) Image search: [Google]

46KB, 617x372px

>not living inawoods where nobody is physically close enough to get your WiFi connection

>>56916362
>A Venezuelan techie apparently has set a new record for longest WiFi link. Networking guru Ermanno Pietrosemoli established a wireless connection between a PC in El Aguila, Venezuela, and one in Platillon Mountain, a distance of about 237 miles, mostly using off-the-shelf equipment and a few hacked parts.

cool

story

bro

File: memritvheisevenworsethanajewhe3754786.png (81KB, 500x379px) Image search: [Google]

81KB, 500x379px

>>56916431

>implying 2.4ghz can travel more than half a mile in the real world
>implying a really strong transmitter on one end of a connection is all you need
>implying you have any idea what your talking abkut
>implying implications

>>56916141
Why the fuck would you allow remote login to your router in the first place?

File: pepe the hacker.png (333KB, 931x554px) Image search: [Google]

333KB, 931x554px

>ssid broadcast disabled
>only allowed macs can connect
>router ui only available over https
I don't even need to use a password for my WiFi or router.

>>56916473
I ssh into my router as a gateway in front of my other systems instead of exposing them all. It's a lot easier and less of a pain in the ass strictly securing one machine than all of them.

>>56916141
>Use WPA2 for your WiFi security encryption.

How about just denying access based on device ID? If a device doesn't have a whitelisted MAC address, it can't establish a connection to your router.

>>56917905
mac addresses can be easily sniffed an spoofed. MAC authentication is absolutely worthless from a security standpoint.

>>56916848
>thinks MAC address filtering does fuck all
You done triggered me good anon.

>>56916362
Yeah if anyone wants to hide in the woods behind my house and fight off coyotes while browsing my internet the honestly I think they earned it.

File: IMG_0227.jpg (801KB, 4939x3292px) Image search: [Google]

801KB, 4939x3292px

>>56916848
well keked friend

>>56917905
pic related

>>56916473
why would you assume people can disable that on their shitty proprietary router software?

>>56916848
SSID broadcast is placebo
MAC is placebo
HTTPS is.. unrelated? I mean not bad for protecting your router password after someone spoofing a mac address breaks into your hidden wifi.

>>56917933
>mac addresses can be easily sniffed an spoofed.

I can't see any of my neighbors being capable of sniffing out the MAC addresses of all of my respective wireless devices, much less even knowing how to change the MAC addresses on their own computers.

I manage a router for my family since we all live nearby, but they're frankly not computer literate enough to deal with the router having any form of wireless security. They somehow always manage to lose the password, then I have to go right back to their houses and "troubleshoot" for them. I've found it's easier just to restrict access to the router based on device ID.

>>56916141
Do you use static NAT entries instead of UPnP?

To be honest I can't really be bothered. As long as UPnP is isn't configurable via my WAN, I don't mind.

>>56916848
You literally listed all the weakest security features in router technology. Well done anon.

>>56917967
>I can't see any of my neighbors being capable of sniffing out the MAC addresses of all of my respective wireless devices


WARDRIVING motherfucker, look it up.

Fuck, I cant stand idiots who claim "my neighbors are too dumb to hack". You know all your neighbors within a couple mile radius?

>>56918061
>237 miles
>>56916431

>>56916848

Wow, you are a goddamn fucking idiot. Anyone can see all your traffic in plaintext, you nimrod.

>>56918139
u so mad at a pepepost

>>56916848
>use WEP
>make password less than 8 characters
>Windows computers literally refuse to connect

Am I doing security right?

>>56918179
See >>56918139

>>56916141
My router is so secure i can't get to it even with correct name and password

>>56916848
kek

>daily reminder

I must've missed yesterday's.

>>56918107

2.4ghz is physically incapable of traveling more than half a mile in the real world. Half a mile would be line of sight mostly. The tests like the one you quote use a different frequency, somewhere around 900mhz. Even 900mhz is only capable of going a few miles in real world scenarios.

>>56918061
>couple mile

Are you retarded by any chance?

>>56919240
>>56918107
>>56916431

Here is a very basic primer on the subject. Anyone who claims that 2.4ghz is capable of anywhere near a mile is a moron.

>>56919361
https://en.m.wikipedia.org/wiki/Long-range_Wi-Fi

>>56916141
>doing all this to secure your wifi
>someone just taps directly into your cable

File: 22-39-28_350602.jpg (113KB, 740x740px) Image search: [Google]

113KB, 740x740px

>>56919378
>m

>>56919552

>not shitposting while shitting

>>56917987
Of course. How many ports do you honestly need exposed to the world?

>>56916431
that was done with big ass antennas, and probably some kind of signal amplification

wifi will works ok at 1000 feet at most, unless you use directional antennas

>>56919849
>shittingposting

>>56920597
the longest link on the wikipedia page about long range wifi is 304KM /unamplified/

of course these kinds of setups will require good, directional antennas that aren't surrounded by walls and 5 feet off the ground

>>56919361
funnily enough, this 304KM link is 5.765GHz (802.11ac)

>>56920695
shit/posting, or as i've recently taken to calling it, shit + posting

>>56916467
It's light, it doesn't stop travelling at any point.
Why is it so hard to believe this is possible when femtophotography is also possible?

>>56921042

>radiowaves are light

>>56921105
radiowaves are light

>>56921042
You are a faggot. Sure it doesn't stop traveling, but trees will attenuate the signal so severely, you're gonna need a goddamn Arecibo to practically extract any data. Although someone could just fly above innawood's property and get much less attenuation


>>56919361
No, you're a faggot. Guess what the Voyager space probe uses for comms? S-band specifically 2.3 GHz to earth and 2.1 GHz from earth. Voyager is 135 AU from earth right now.

>>56916141
>>Check your routers settings to see if ‘Allow Incoming ICMP Echo Requests" is enabled. If it is, then disable it. Keep in mind to turn this back on should you need ISP tech support so they can find your router for testing.
Hah. I remember turning that off. In response, my ISP turned off my internet.
I also filter MAC addresses and only permit only the ones I know.

>>56922377
>Hah. I remember turning that off. In response, my ISP turned off my internet.
wtf
to ISP that shitty even exist?

>>56922416
Considering it also provides cable TV and is ISP's property, I can see why. It's also noted in the agreement which I signed.
Security in general is just placebo. It's only a matter of time before it gets broken and all your CP funneled to the internet. I do agree that you still have to take precautions, but all that seems to be mundane once you realize that you're the weakest link in security.

>>56916141
I used to connect to their wireless and print to their printer a page that would tell them how to secure their wireless and how the next guy may not be as nice as I am.

But sometimes I'd just print a lot of black pages.

Depends on the mood.

>>56916141
Fuck off faggot were not stupid.

>>56921105
>>56922164
Radiowaves aren't light, just when you go to high frequencies they do behave like light, for example any object can create a shadow for the signal

>tomato has all everything defaultly off

niiice

>>56916141
>disable upnp

nah, fuck off, I need that. I'm constantly moving between two places with different internet connections and I need to my torrent game to be top notch port open baby.

>>56919240
>2.4ghz is physically incapable of traveling more than half a mile in the real world.
>>56919361
>Anyone who claims that 2.4ghz is capable of anywhere near a mile is a moron.

itt fags who only use consumer grade shitboxes

http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/product_data_sheet09186a008008883b.pdf

>>56925399
Shit nigga, I can do 3 miles with MikroTik boxes.

>>56916141
Lol, what's the worst that could happen?
You nerds need to tone your paranoia down a few notches.

>>56916141
>disable upnp
wtf is wrong with upnp?
for me it's the best way to stream stuff to my shit TV

>>56916141
my router's safety mechanism is its ability to restart itself randomly several times a day

any would-be hacker will surely get so frustrated she'd give up

>>56922377
>MAC filtering

holy shit might as well hide your ssid for another false sense of security

fucking idiot

>>56928366
because your tv with its default root password and vulnerabilities have now conveniently forwarded the well known port on your public ip

>>56916141
Do you even use pfSense with CaptivePortal, pleb?

>>56923247

>Many Internet connection IP addresses are associated with a DNS machine name. (But yours is not.) The presence of "Reverse DNS", which allows the machine name to be retrieved from the IP address, can represent a privacy and possible security concern for Internet consumers since it may uniquely and persistently identify your Internet account — and therefore you — and may disclose other information, such as your geographic location. When present, reverse DNS is supported by Internet service providers. But no such lookups are possible with your current Internet connection address.


Step up niggas

>>56916848
>ssid broadcast disabled
>only allowed macs can connect

I know you're baiting but there are people who seriously believe that shit protects them.

>>56916141
Retard who saw this from the front page: Is the default bad if it comes with a random username and password? I have a Verizon router, the kind with the user and password printed on a sticker on it, with a pretty long password. Should I change it anyway?

>>56918061
>You know all your neighbors within a couple mile radius?
>having neighbours at all
it's like you didn't even buy all houses near yours so you could have *some* privacy

>>56930095
Yes, because why not? Also follow the OP, fios stock routers come unsecured.

>>56917940
it can stop incompetent scriptkiddies with shit tools :^)

>>56929804
>captiveportal
>in a home network
why?

>>56928418
Why would anyone allow their TV to access any network?

>>56923150
All electromagnetic radiation is light. Do you even science?

>>56916141
why turn off icmp? how else are you gonna control your internet messages.

>>56931172
it's just ping

>>56930877
Streaming files from your NAS? Watching Youtube/streams?

Holy shit Grandpa it's not 2004 anymore, do you burn a CD with a Divx file and take it downstairs whenever you want to watch a movie?

>>56916141
>ctrl+f "openwrt"
>not even ONE mention

>/g/ - Technology

Don't have a router. Straight from the modem. No fuss, no Problem.

>>56916141

Do you or anyone recommend DD-WRT?

or is it just a meme.

I'm running a newer netgear router right now, I forget the model off the top of my head.

I'd like to secure my shit.

Also what is UPnP access and why should i disable it.. it's a protocol right?

I know WPA2 is one of the strongest wifi password methods atm. using any other one and some skid with kali can crack it.

>tfw isp supplied router has an engineer login account
Do they think this is a fucking game?
Lets not let the user access the actual config menus lets just supply our own on top with 1/3 the options, that'll do.
If i didn't get the real menus showing up i would've chucked the thing, contract be damned.

>>56916141

your password means nothing if you disable remote access

also OpenWRT pretty much blocks all this shit by default and my autistic lastpass created 64 character password and WPA2 + AES is safe enough

there's a bunch of tests on Leo's website

Hi /g/ is Sophos UTM any good?

>>56932887
>your password means nothing if you disable remote access
it does though
https://www.youtube.com/watch?v=Zazk0plSoQg
things have changed since then, but with WebRT it should be even easier

>>56916141
>to ensure only known devices are attaching to your network
I set up a MAC address list for all WiFi devices allowed in my household to connect to my Internet. Is this good?

>>56933236
easily circumvented

>>56933247
FUCK!
WHAT SHOUDL I DOOOOOOO?

>>56932887
>trusting lastpass

>>56933256
use a good password+wpa2
>>56932887
>64 characters
assuming it's all random, 20 is more than enough

>>56932706
I like Tomato.

>>56933297
>use a good password+wpa2
I think I do this too.
Can't check since I'm away, but still.

>>56933297
>use a good password+wpa2
I think I do that too.
Can't check since I'm away, but still.

>>56933317
>>56933401
Now, this is strange.

>>56933435
just a normal double post, happens

>>56933452
Yes, but over 10 minutes apart.

File: 1388290983182.png (2MB, 2000x2000px) Image search: [Google]

2MB, 2000x2000px

>>56916848
>Not having cryptographically hashed passwords rotating every 3 hours

bumping for interest

>>56916141
sure, it even has wifi built in

>63 character WPA2 passphrase generated by /dev/urandom | tr -dc
>using dd-wrt
>have a stateful firewall which drops all inbound connections
>no web interface, ssh or telnet from outside
>logging, with log analyzer to spot and categorize threats
>personal blacklist from sketchy IPs added to firewall blocklist to prevent inbound and outbound connections

>>56916141
Why would I disable echo? I need to ping my router bruh

What can I do to someone's Wi-Fi if I am logged into their router admin account? These retards never change the password.

>>56934080
>tr -dc
That doesn't seem useful to filtering urandom into a password unless you fed it a list of every invalid character that could come out of urandom

Why don't you just use openssl rand instead?

What is wrong with UPnP?

>>56919849
>>56920695
>>56920908
PAJEET MY SON

>>56930659
>google "bypass mac filtering"
>use Kali and tool x, y, z
No, it does shit.

>reduce transmit power so only useful within my home
How can someone crack what they don't even have?

>>56918061
You don't even have to do wardrving yourself anymore. There are websites were people share the results of their wardriving in an easy to use map interface. You can get a map of every unsecured or easily hackable access point in your city in under a minute.

File: 1474882568850sp.jpg (33KB, 640x354px) Image search: [Google]

33KB, 640x354px

>disable upnp
I don't want to manually forward ports or add firewall rules though.

>Look at this thread
>Everyone using premade routers and wifi routers.
>All these random ass configurations from No password to MAC whitelisting.
>No mention of having a Router a Firewall and then a network mentioned.


Wew lad none of you are safe.

>>56937451
>tripshit thinking his opinion matters
holy shit kek

File: d6f25ad6fe5343baf20db7134febdd70.jpg (49KB, 550x550px) Image search: [Google]

49KB, 550x550px

I highly doubt any of my neighbors are able to get into my router's WiFi!

My wifi password is 114d0bef9e

Is this secure enough

>>56930931
Light is defined as radiation in the visible wavelenght you can't call all ranges of wavelenghts light

>>56916141
Please excuse my ignorance here, but couldn't you also setup a system where each of your devices has a key file, and that key is used to authenticate your device to your router?

What about also having a certificate on your router so your wireless can be automatically authenticated and encrypted?