Calguns.net  

Home My iTrader Join the NRA Donate to CGSSA Sponsors CGN Google Search
CA Semiauto Ban(AW)ID Flowchart CA Handgun Ban ID Flowchart CA Shotgun Ban ID Flowchart
Go Back   Calguns.net > GENERAL DISCUSSION > Technology and Internet
Register FAQ Members List Calendar Mark Forums Read

Technology and Internet Emerging and current tech related issues. Internet, DRM, IP, and other technology related discussions.

Reply
 
Thread Tools Display Modes
  #1  
Old 11-06-2018, 7:07 PM
FalconLair's Avatar
FalconLair FalconLair is online now
Veteran Member
 
Join Date: Apr 2012
Location: Summerlin, NV.
Posts: 2,725
iTrader: 0 / 0%
Default Can someone recommend me a good internet router and modem

currently using the providers modem and paying a monthly fee to rent it

they've admitted to me that their modem isn't really the top of the line system especially for gaming/playstation usage

a friend has recommended that i get an independent modem and router, the internet providers is both a modem and router combined into one unit

the same friend has recommended the arris surfboard #6190 modem and the linksys 2200 router - he admits he hasn't researched anything newer on the market recently

any advice? i can do the research independently, just need to be pointed i the right direction - i'd like to start with the best on the market available and go from there based on cost and actually need

will the already recommended units fulfill what im looking for?

thanks
__________________
Yesterday the Devil whispered in my ear, "You're not strong enough to weather the storm."

Today I whispered in the Devil's ear, "I AM THE STORM."


Quote:
Originally Posted by someoneeasy View Post
I got eager cuz I love me some 20"
Reply With Quote
  #2  
Old 11-07-2018, 5:19 AM
the86d's Avatar
the86d the86d is online now
Calguns Addict
 
Join Date: Jul 2011
Location: Pinko-occupied Commiefornia
Posts: 7,019
iTrader: 3 / 100%
Default

I assume you are on a Cable-Internet pipe, so not sure about Modem,
Regarding Hobbits, I mean routers...
I wouldn't get a Linksys myself. It seems the last Linksys I setup (maw and paw bought for their place) required WINDOWS software to even get functioning. It should always be browser based in my opinion, as if it is factory reset... how are you going to download the software on a new comp...I digress.
Horse-pucky is my thoughts on proprietary software to setup a home router when every one I have ever setup prior were web-interface OOTB.

Asus makes some GREAT routers for regular people.

Netgear Blackhawk series is supposed to be one of the best consumer routers, I understand.

Make sure to get an AC router, not just N, unless you want to buy twice, once again for AC in the future.

I would personally get a separate router, configure it, and just use a separate modem as a bridge (connecting cable-internet to Ethernet), and drop the Ethernet in the WAN/Internet port of the router you select.
Your best bet for reliability is to throw the modem and router on a UPS. I never had Cable-Internet for more than a few days, as coming from FiOS, cable-internet and boxes got taken back to the store in less than 7 days.
__________________
"That's what governments are for - get in a man's way." - Captain Malcolm 'Mal' Reynolds

Last edited by the86d; 11-07-2018 at 5:23 AM..
Reply With Quote
  #3  
Old 11-07-2018, 8:30 AM
Mute's Avatar
Mute Mute is offline
Calguns Addict
 
Join Date: Oct 2005
Location: Diamond Bar
Posts: 6,568
iTrader: 37 / 100%
Default

Get an Asus. I had a Netgear Nighthawk router (AC1900) that worked fine until it got a firmware update, after that, I had constant disconnects. Often I had to reconnect or outright reboot before it would start working properly. Even after I reset the damn thing and tried different versions of firmware the problem persisted. Might be ok if you replace factory firmware with third party, but seeing that you're asking for recommendations, that's probably something you don't want to mess with.

The Asus (RT-AC68U) has been solid, even after a couple of firmware updates.
__________________
NRA Patron Life Member
NRA Certified Pistol, Rifle & Refuse To Be A Victim Instructor

American Marksman Training Group, LLC
Visit our American Marksman Facebook Page
Diamond Bar CCW Facebook Page


Discounted NRA Membership Sign Up
Reply With Quote
  #4  
Old 11-07-2018, 11:36 AM
bigbearbear bigbearbear is offline
Calguns Addict
 
Join Date: Jun 2011
Posts: 5,027
iTrader: 0 / 0%
Default

I use a ARRIS cable modem and it has been pretty stable for me. I think the original design was from Motorola because the "Surfboard" brand was Motorola.

I've also noticed that Motorola is now selling new modems again so something from their DOCSIS 3.1 series might be nice too, like this one: https://www.amazon.com/MOTOROLA-Gig-...A1JCDPLP2335KA

For router, I use a Linksys WRT1900AC, touted as Open Source compatible but I have never used any open source firmware with it. The factory firmware works well enough for me and the router itself is pretty stable.

I work from home so stability is my major concern when it comes to internet connection equipment. So far, the ARRIS and Linksys products has held up.
Reply With Quote
  #5  
Old 11-07-2018, 11:48 AM
71MUSTY's Avatar
71MUSTY 71MUSTY is offline
Calguns Addict
 
Join Date: Mar 2014
Posts: 5,307
iTrader: 16 / 100%
Default

I got an ASUS and even my teenager and all his friends over for gaming doesn't seem to slow it down.
__________________
IF WE EVER FORGET WE ARE ONE NATION UNDER GOD.
THEN WE WILL BE A NATION GONE UNDER.
Ronald Reagan


We stand for the Anthem, we kneel for the cross


We already have the only reasonable Gun Control we need, It's called the Second Amendment and it's the government it controls.
Reply With Quote
  #6  
Old 11-07-2018, 12:28 PM
LTC-J LTC-J is offline
Member
 
Join Date: Aug 2012
Posts: 435
iTrader: 12 / 100%
Default

I went with an Arris modem for Comcast for 6 years and LOVED it.

Specifically this one:
https://www.amazon.com/gp/product/B0...?ie=UTF8&psc=1

I then went with a Linksys WRT modem that I slapped Tomato aftermarket firmware on. I locked that down to MAC addresses only. Pain to add guests but felt secure.

I would do the same setup if I were on cable.

My current router is a Linksys e3200 with DD-WRT firmware on it. Again, locked to the hilt.
https://www.amazon.com/gp/product/B0...?ie=UTF8&psc=1
Reply With Quote
  #7  
Old 11-11-2018, 9:44 AM
the86d's Avatar
the86d the86d is online now
Calguns Addict
 
Join Date: Jul 2011
Location: Pinko-occupied Commiefornia
Posts: 7,019
iTrader: 3 / 100%
Default

Quote:
Originally Posted by LTC-J View Post
...I then went with a Linksys WRT modem that I slapped Tomato aftermarket firmware on. I locked that down to MAC addresses only. Pain to add guests but felt secure...
If someone is going to crack your WiFi, they can just as easily spoof your MACs, as during the process they see all client MACs anyways.
I think you are wasting your time with MAC lockdown, like I used to...
__________________
"That's what governments are for - get in a man's way." - Captain Malcolm 'Mal' Reynolds
Reply With Quote
  #8  
Old 11-11-2018, 10:00 AM
Deedle Deedle is offline
Senior Member
 
Join Date: Jan 2018
Location: America
Posts: 1,023
iTrader: 0 / 0%
Default

Any of the Linksys WRT-XXXX series is fine, and then install DD-WRT.
__________________
"No personal computer will ever have gigabytes of RAM" - Scott Nudds
Reply With Quote
  #9  
Old 11-11-2018, 10:07 AM
Deedle Deedle is offline
Senior Member
 
Join Date: Jan 2018
Location: America
Posts: 1,023
iTrader: 0 / 0%
Default

Quote:
Originally Posted by LTC-J View Post
I went with an Arris modem for Comcast for 6 years and LOVED it.

Specifically this one:
https://www.amazon.com/gp/product/B0...?ie=UTF8&psc=1

I then went with a Linksys WRT modem that I slapped Tomato aftermarket firmware on. I locked that down to MAC addresses only. Pain to add guests but felt secure.

I would do the same setup if I were on cable.

My current router is a Linksys e3200 with DD-WRT firmware on it. Again, locked to the hilt.
https://www.amazon.com/gp/product/B0...?ie=UTF8&psc=1
IMO the most important thing is to use WPA2 and require AES, and to host your own VPN and connect to that immediately, always, if the device supports OpenVPN.
__________________
"No personal computer will ever have gigabytes of RAM" - Scott Nudds
Reply With Quote
  #10  
Old 11-11-2018, 1:45 PM
CaliforniaCowboy's Avatar
CaliforniaCowboy CaliforniaCowboy is offline
Senior Member
 
Join Date: May 2015
Posts: 651
iTrader: 0 / 0%
Default

I have always been a fan of ASUS.

Sent from my Z982 using Tapatalk
__________________
Why Brits do not have a 2A.
Reply With Quote
  #11  
Old 11-11-2018, 4:04 PM
xv13tlaclo1x's Avatar
xv13tlaclo1x xv13tlaclo1x is offline
Junior Member
 
Join Date: Jan 2014
Location: San Jose
Posts: 39
iTrader: 6 / 100%
Default

I like Netgear. You can get a good deal on Black Friday such as this one:

NETGEAR Nighthawk X6S AC3000
https://slickdeals.net/f/12171178-co...archBarV2Algo1

For modem, ARRIS SURFboard is the best however the price for them kept getting increase.
__________________
Reply With Quote
  #12  
Old 11-11-2018, 4:52 PM
Satex's Avatar
Satex Satex is offline
Veteran Member
 
Join Date: Feb 2006
Location: San Diego, CA
Posts: 3,433
iTrader: 7 / 100%
Default

Cable modem: pick a DOCSIS 3.X model.
Router: Asus
Reply With Quote
  #13  
Old 11-11-2018, 5:21 PM
Cokebottle's Avatar
Cokebottle Cokebottle is offline
SeŮor Member
CGN Contributor - Lifetime
 
Join Date: Oct 2009
Location: IE, CA
Posts: 32,116
iTrader: 14 / 100%
Default

For cable, I'm using the Ubee provided by Spectrum.
I disabled their WiFi and connected it to my Asus RT-87R AC2400 router.
Never had a problem with it, the thing is a freaking blowtorch and my phone connects when I pull into the condo parking lot.
__________________
- Rich

Quote:
Originally Posted by dantodd View Post
A just government will not be overthrown by force or violence because the people have no incentive to overthrow a just government. If a small minority of people attempt such an insurrection to grab power and enslave the people, the RKBA of the whole is our insurance against their success.
Reply With Quote
  #14  
Old 11-14-2018, 1:24 PM
lordmorgul lordmorgul is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Jul 2016
Posts: 624
iTrader: 11 / 100%
Default Can someone recommend me a good internet router and modem

I have had this modem since 2013 and itís still running great. I recommend it.
NETGEAR DOCSIS 3.0 - High Speed Cable Modem (CMD31T) https://www.amazon.com/dp/B006GDTTM0..._klj7Bb2RE1W1V

Iím having great success with this Trendnet ac1900 router at home. It runs DD-WRT when you get it so thatís a huge plus, lots of confit flexibility. I have about up to 50 WiFi devices running on it, and over 100 managed (manually configured) DHCP served IPs. I have very good WiFi coverage with it and my house has a good number of interferers and dense walls; my previous Wireless-N and BG mixed mode router was a lot less effective.

TRENDnet AC1900 Dual Band Wireless AC Gigabit Router, 2.4GHz 600Mbps+5Ghz 1300Mbps, One-Touch Network connection, 1 USB 2.0 Port, 1 USB 3.0 Port, DD-WRT Compatible, IPv6, Guest Network, Parental controls, TEW-818DRU https://www.amazon.com/dp/B00HKEI3DA..._tbj7BbHKNS8T0



Andrew - Lancaster, CA
NRA Life Member, Calguns.net contributor, CGF / SAF / CRPA / FPC / NRA-ILA contributor, USCCA member

Last edited by lordmorgul; 11-14-2018 at 1:27 PM..
Reply With Quote
  #15  
Old 11-14-2018, 1:29 PM
lordmorgul lordmorgul is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Jul 2016
Posts: 624
iTrader: 11 / 100%
Default

Quote:
Originally Posted by the86d View Post
If someone is going to crack your WiFi, they can just as easily spoof your MACs, as during the process they see all client MACs anyways.
I think you are wasting your time with MAC lockdown, like I used to...


Absolutely true, nothing prevents trying all of them while spoofing MACs, itís just time...


Andrew - Lancaster, CA
NRA Life Member, Calguns.net contributor, CGF / SAF / CRPA / FPC / NRA-ILA contributor, USCCA member
Reply With Quote
  #16  
Old 11-15-2018, 7:55 PM
AEW AEW is offline
Junior Member
 
Join Date: Aug 2010
Posts: 37
iTrader: 6 / 100%
Default

If you need parental control, I do not recommend a Linksys. I have an EA9500 and while it is very fast, has strong connectivity, and has been reliable in terms of up time, parental controls do not work. It is a known issue with Linksys. Other than that, it has been a great WiFi router.
Reply With Quote
  #17  
Old 11-19-2018, 10:00 AM
Anonymous_Ghost's Avatar
Anonymous_Ghost Anonymous_Ghost is offline
Member
 
Join Date: Aug 2017
Location: Silly Con Valley
Posts: 169
iTrader: 1 / 100%
Default

Motorola still makes the best radios. Their router/modem combos are rock solid with easy UI. If you want plug and play with no problems, get the Motorola.
__________________
Freedom thrives on the illusion of choice. Slaves feel free when they get to choose a different side of the same coin. This distracts them from the bonds of their economic chains and ensures their allegiance to their captors. ~Me
Reply With Quote
  #18  
Old 11-19-2018, 10:03 AM
Anonymous_Ghost's Avatar
Anonymous_Ghost Anonymous_Ghost is offline
Member
 
Join Date: Aug 2017
Location: Silly Con Valley
Posts: 169
iTrader: 1 / 100%
Default

Specifically, MOTOROLA MG7540 16x4 Cable Modem or Motorola MG7700 24X8 Cable Modem.
__________________
Freedom thrives on the illusion of choice. Slaves feel free when they get to choose a different side of the same coin. This distracts them from the bonds of their economic chains and ensures their allegiance to their captors. ~Me

Last edited by Anonymous_Ghost; 11-19-2018 at 10:06 AM..
Reply With Quote
  #19  
Old 11-19-2018, 10:10 AM
NYT's Avatar
NYT NYT is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Apr 2011
Location: Auburn, CA
Posts: 3,549
iTrader: 31 / 100%
Default

the top rated wireless routers are netgear and google right now.

both can be purchased at costco and are around $300. black friday may get you some deals though.

i have the netgear but i would buy google if i had it to do over again:

https://www.costco.com/Google-Wifi-4...100406436.html

netgear option:

https://www.costco.com/NETGEAR-Orbi-...100318832.html

the linksys velop hasnt been reviewed as highly as these two but i hear its good as well, i just havent played with it enough.

the other option that is less expensive is tplink but their software is a bit more picky how its setup.
Reply With Quote
  #20  
Old 11-19-2018, 10:15 AM
NYT's Avatar
NYT NYT is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Apr 2011
Location: Auburn, CA
Posts: 3,549
iTrader: 31 / 100%
Default

Quote:
Originally Posted by the86d View Post
If someone is going to crack your WiFi, they can just as easily spoof your MACs, as during the process they see all client MACs anyways.
I think you are wasting your time with MAC lockdown, like I used to...
mac spoofing is not easy and its one more layer of protection. if he limits mac addresses, that is still a good way to go.

i am unaware of a residential wap that will prevent mac spoofing, the only thing i can think of is device profile fingerprints working with mac filters which are only available (in my knowledge) on business grade hardware.
Reply With Quote
  #21  
Old 11-19-2018, 11:36 AM
LTC-J LTC-J is offline
Member
 
Join Date: Aug 2012
Posts: 435
iTrader: 12 / 100%
Default

In my case, MAC lockdown is just an additional thing to make my wireless less appealing than the next guy.

I also have the router locked to only allow wired admin.

As another 'bonus' for security, I'm out in BFE. Nearest neighbor is 300 feet away.

Back when I bought my Arris modem(5 years ago), I hadn't heard much good about DOCSIS. From what I recall, too many resets/drops with the DOCSIS and Comcast. The Arris was rock solid.
Reply With Quote
  #22  
Old 11-19-2018, 11:41 AM
NYT's Avatar
NYT NYT is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Apr 2011
Location: Auburn, CA
Posts: 3,549
iTrader: 31 / 100%
Default

Quote:
Originally Posted by LTC-J View Post
In my case, MAC lockdown is just an additional thing to make my wireless less appealing than the next guy.

I also have the router locked to only allow wired admin.

As another 'bonus' for security, I'm out in BFE. Nearest neighbor is 300 feet away.

Back when I bought my Arris modem(5 years ago), I hadn't heard much good about DOCSIS. From what I recall, too many resets/drops with the DOCSIS and Comcast. The Arris was rock solid.
your arris runs docsis.

docsis is the standard spec for cable internet: "Data Over Cable Service Interface Specification"
Reply With Quote
  #23  
Old 11-19-2018, 11:58 PM
MrFancyPants's Avatar
MrFancyPants MrFancyPants is offline
Member
 
Join Date: Jun 2017
Location: El Dorado County
Posts: 300
iTrader: 1 / 100%
Default

Quote:
Originally Posted by Deedle View Post
IMO the most important thing is to use WPA2 and require AES, and to host your own VPN and connect to that immediately, always, if the device supports OpenVPN.
WTF? Why would you recommend establishing a VPN session in your own home? The overhead will significantly reduce your throughput. Terrible advice. That's like pulling 2 of your spark plug wires off before hopping in your mustang and going hot rodding.

Sent from my SM-G935P using Tapatalk
Reply With Quote
  #24  
Old 11-20-2018, 8:45 AM
Deedle Deedle is offline
Senior Member
 
Join Date: Jan 2018
Location: America
Posts: 1,023
iTrader: 0 / 0%
Default

Quote:
Originally Posted by MrFancyPants View Post
WTF? Why would you recommend establishing a VPN session in your own home? The overhead will significantly reduce your throughput. Terrible advice. That's like pulling 2 of your spark plug wires off before hopping in your mustang and going hot rodding.

Sent from my SM-G935P using Tapatalk
Google KRACK WPA2 and then explain YOUR plan to mitigate future issues like this. Most people have more throughput than they need and are a lot less secure than they should be.

Learn a little before you open your trap and get all insulting.
__________________
"No personal computer will ever have gigabytes of RAM" - Scott Nudds
Reply With Quote
  #25  
Old 11-20-2018, 10:48 AM
NYT's Avatar
NYT NYT is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Apr 2011
Location: Auburn, CA
Posts: 3,549
iTrader: 31 / 100%
Default

Quote:
Originally Posted by MrFancyPants View Post
WTF? Why would you recommend establishing a VPN session in your own home? The overhead will significantly reduce your throughput. Terrible advice. That's like pulling 2 of your spark plug wires off before hopping in your mustang and going hot rodding.

Sent from my SM-G935P using Tapatalk
it depends on whats important to you. if security is important, the extra buffering time while watching porn is no biggie. VPNs shouldnt be new to any computer user who wants to operate in a more secure internet session.

Quote:
Originally Posted by Deedle View Post
Google KRACK WPA2 and then explain YOUR plan to mitigate future issues like this. Most people have more throughput than they need and are a lot less secure than they should be.

Learn a little before you open your trap and get all insulting.
krack allowed people to break into WPA2 networks, decrypt, replay and forge some frames. VPNs allow for secured transmissions but dont protect the local network and use a diff encryption. LANs would still need some sort of encryption in motion/rest, network segmentation, etc to build a more secure enviro.

mitigation requires updating firmware of your networking hardware and staying abreast of exploits.
Reply With Quote
  #26  
Old 11-20-2018, 11:51 AM
Deedle Deedle is offline
Senior Member
 
Join Date: Jan 2018
Location: America
Posts: 1,023
iTrader: 0 / 0%
Default

Quote:
Originally Posted by NYT View Post
krack allowed people to break into WPA2 networks, decrypt, replay and forge some frames. VPNs allow for secured transmissions but dont protect the local network and use a diff encryption. LANs would still need some sort of encryption in motion/rest, network segmentation, etc to build a more secure enviro.

mitigation requires updating firmware of your networking hardware and staying abreast of exploits.
Remediation requires new firmware, using a VPN mitigates the risk by making the data required for any useful exploit very difficult to collect, to the point that the researchers (at the time I read up on it) couldn't successfully compromise a node running traffic over a VPN. In my LAN, all my wireless traffic (except for endpoints that can't support it, those I treat differently) is in a VPN tunnel until it exits the VPN server on a copper wire. That's pretty decent.

As a bonus, I get the same protection everywhere, not just at home. I can't force everyone to update their firmware. It's good to note that KRACK wasn't even a software bug, it was an issue of a different sort.


Here is the paper: https://www.krackattacks.com/
__________________
"No personal computer will ever have gigabytes of RAM" - Scott Nudds

Last edited by Deedle; 11-20-2018 at 12:09 PM..
Reply With Quote
  #27  
Old 11-20-2018, 12:20 PM
Deedle Deedle is offline
Senior Member
 
Join Date: Jan 2018
Location: America
Posts: 1,023
iTrader: 0 / 0%
Default

Quote:
Originally Posted by NYT View Post
it depends on whats important to you. if security is important, the extra buffering time while watching porn is no biggie. VPNs shouldnt be new to any computer user who wants to operate in a more secure internet session.
I run my server on a VM that's hosted on modest hardware, and I get around 80 megabaud throughput both ways on copper via the VPN, which is a lot slower than the WAN but still OK, and I don't normally do that anyway.

I just checked my ping and throughput on my phone via WiFi, ping is 3ms naked, 5ms via VPN, and the VPN seems to cost a little bit on throughput, maybe 5% or so. That hardly seems a dealbreaker to me and aligns with what I found when I was initially benchmarking this.


EDIT: I just rechecked via copper, 93mbps down, 101 up, and 2ms ping. But I don't see any use in using the VPN this way except for performance tuning the server.
__________________
"No personal computer will ever have gigabytes of RAM" - Scott Nudds

Last edited by Deedle; 11-20-2018 at 12:23 PM..
Reply With Quote
  #28  
Old 11-20-2018, 2:29 PM
NYT's Avatar
NYT NYT is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Apr 2011
Location: Auburn, CA
Posts: 3,549
iTrader: 31 / 100%
Default

Quote:
Originally Posted by Deedle View Post
Remediation requires new firmware, using a VPN mitigates the risk by making the data required for any useful exploit very difficult to collect, to the point that the researchers (at the time I read up on it) couldn't successfully compromise a node running traffic over a VPN. In my LAN, all my wireless traffic (except for endpoints that can't support it, those I treat differently) is in a VPN tunnel until it exits the VPN server on a copper wire. That's pretty decent.

As a bonus, I get the same protection everywhere, not just at home. I can't force everyone to update their firmware. It's good to note that KRACK wasn't even a software bug, it was an issue of a different sort.


Here is the paper: https://www.krackattacks.com/
remediate is to remedy, to fix the issue. krack showed us just the tip of the iceberg and it hasnt been fixed, its only been mitigated through patching and firmware updates. that is why network engineers are moving to wpa3 right now. wpa3 OWE ( opportunistic wireless encryption) will encrypt all internal network traffic without the need for encryption in transit solutions.

vpn and lan are two diff things. vpns terminate typically at the FW or AP, krack was attacking the actual lan where there is no vpn tunnel with encryption present.

if youre running vpn servers and not running the vpn on the AP or FW, you have more security problem areas.

icmp traffic is not a way to test throughput if you want to test the differences.
Reply With Quote
  #29  
Old 11-20-2018, 3:01 PM
Deedle Deedle is offline
Senior Member
 
Join Date: Jan 2018
Location: America
Posts: 1,023
iTrader: 0 / 0%
Default

Quote:
Originally Posted by NYT View Post
remediate is to remedy, to fix the issue. krack showed us just the tip of the iceberg and it hasnt been fixed, its only been mitigated through patching and firmware updates. that is why network engineers are moving to wpa3 right now. wpa3 OWE ( opportunistic wireless encryption) will encrypt all internal network traffic without the need for encryption in transit solutions.

vpn and lan are two diff things. vpns terminate typically at the FW or AP, krack was attacking the actual lan where there is no vpn tunnel with encryption present.

if youre running vpn servers and not running the vpn on the AP or FW, you have more security problem areas.

icmp traffic is not a way to test throughput if you want to test the differences.
Actually my VPN server runs inside my LAN, on copper, if that wasn't clear. It's a VM on a locally hosted VM farm.

My understanding is that KRACK can try to decrypt WPA2 and recover a key based on repeated known text, so for instance it's possible to reroute traffic or, if the traffic is unencrypted, it's possible to dig deeper. However in the case of a VPN tunnel the same traffic will not result in the same plaintext at the WPA2 level, so while an attacker using KRACK can attack the encapsulating packet data, potentially rerouting it or preventing delivery, I've never seen a demonstration of a vulnerability that would allow such an attack to do more than log encrypted data or deny service. Not super cool, but there are far easier ways to deny WiFi services.

It's also my understanding that KRACk wasn't a software bug, but a specification bug, which is interesting but hardly surprising given these clowns track record.


If I'm wrong I'd like to learn how.
__________________
"No personal computer will ever have gigabytes of RAM" - Scott Nudds
Reply With Quote
  #30  
Old 11-24-2018, 1:28 PM
MrFancyPants's Avatar
MrFancyPants MrFancyPants is offline
Member
 
Join Date: Jun 2017
Location: El Dorado County
Posts: 300
iTrader: 1 / 100%
Default

Quote:
Originally Posted by Deedle View Post
Google KRACK WPA2 and then explain YOUR plan to mitigate future issues like this. Most people have more throughput than they need and are a lot less secure than they should be.

Learn a little before you open your trap and get all insulting.
Pretty humorous how you leftards go from zero to butthurt in a fraction of a second. I didn't insult anybody, just called you out on bad advice when you clearly know very little about a truly effective solution to a real world problem.

As far as "learning a little", I've been an IT professional for many years. I'm a Cisco certified network engineer and have designed, configured and deployed numerous campus wired and wireless networks throughout my career. How many multi-site networks have you deployed? I currently administer a datacenter environment with several hundred Windows and Linux VMs across several VMware clusters, so if you really want to poke at my technical expertise, you better bring a big *** stick.

As far as your question about mitigating the WPA2 vulnerability, my solution is to not use WPA2 authentication. As a matter of fact, using any PSK authentication method is a bad idea. Using 802.1X or certificates for authentication is much more secure, however most (probably all) consumer wireless routers do not support those methods, largely because most consumers don't have the technical ability to configure them, not all endpoints support them, and they require a more advanced infrastructure. It's a trade-off for using an easy to use and configure consumer wireless router, they're just much less secure.

My home network rivals many small business networks. My internal devices sit behind 2 Cisco ASAs, 4 Cisco routers, and while I currently use a consumer wireless N router, I'm about to install a Cisco Aironet AP which supports the advanced authentication methods I'll use. What's funny is it's far more capable and secure, and cheaper than the top of the line consumer wireless routers. My VPN endpoint is my network edge ASA, which sits right behind my modem. VPN has a good use case for encrypting egress and ingress Internet traffic, and while it may encrypt internal wireless traffic, unless your public facing interface is secure, your whole network is compromised. You'd be surprised how much I can learn about your internal network by simply knowing your public facing IP address, which really isn't hard to find.
Reply With Quote
  #31  
Old 11-24-2018, 1:30 PM
the_tunaman's Avatar
the_tunaman the_tunaman is offline
Member
 
Join Date: Dec 2012
Posts: 431
iTrader: 0 / 0%
Default

Quote:
Originally Posted by xv13tlaclo1x View Post
I like Netgear. You can get a good deal on Black Friday such as this one:

NETGEAR Nighthawk X6S AC3000
https://slickdeals.net/f/12171178-co...archBarV2Algo1

For modem, ARRIS SURFboard is the best however the price for them kept getting increase.
Another vote for the Netgear... big fan always of the brand, and the Nighthawk is top of the stack.
__________________
MAGA - drain the swamp^D^D^D^D^Dcesspool!
Proud deplorable wacist!
#NotMyStateGovernment!
Just remember BAMN - there is no level too low for them to stoop!
Reply With Quote
  #32  
Old 11-24-2018, 7:03 PM
Deedle Deedle is offline
Senior Member
 
Join Date: Jan 2018
Location: America
Posts: 1,023
iTrader: 0 / 0%
Default

Quote:
Originally Posted by MrFancyPants View Post
As far as your question about mitigating the WPA2 vulnerability, my solution is to not use WPA2 authentication.
I had a comment but I'm probably just being grouchy from being sick the last week. Glad things are working out for you.

Also, nothing close to being a leftist, FYI.
__________________
"No personal computer will ever have gigabytes of RAM" - Scott Nudds

Last edited by Deedle; 11-24-2018 at 7:37 PM..
Reply With Quote
  #33  
Old 11-24-2018, 8:12 PM
local_nobody local_nobody is offline
Member
 
Join Date: Dec 2012
Posts: 198
iTrader: 0 / 0%
Default

Quote:
Originally Posted by the_tunaman View Post
Another vote for the Netgear... big fan always of the brand, and the Nighthawk is top of the stack.
same here....arris surfboard+netgear n900 router (got on clearance). haven't tried staying with the latest and greatest gear, but netgear has done very well in my experiences.
Reply With Quote
  #34  
Old 11-24-2018, 9:51 PM
the86d's Avatar
the86d the86d is online now
Calguns Addict
 
Join Date: Jul 2011
Location: Pinko-occupied Commiefornia
Posts: 7,019
iTrader: 3 / 100%
Default

Quote:
Originally Posted by LTC-J View Post
In my case, MAC lockdown is just an additional thing to make my wireless less appealing than the next guy.

I also have the router locked to only allow wired admin.

As another 'bonus' for security, I'm out in BFE. Nearest neighbor is 300 feet away.

Back when I bought my Arris modem(5 years ago), I hadn't heard much good about DOCSIS. From what I recall, too many resets/drops with the DOCSIS and Comcast. The Arris was rock solid.
Cantenna: Capable of reaching up to 2 miles.

MAC spoof is as easy as "ifconfig wlan0 hw ether <your:MAC:in:HEX>" depending on the distro wlan0 could be called something different.
One could then just route all traffic through that.

I do login to my router quite frequently, and have MAC reservations with custom names (in the router, like descriptive name) for weird stuff like my son's chromebook, but still I can't keep up with MACs, it is too troublesome. If I see something weird, I disable it, and wait for a family member to beotch, then plug a descriptive name...
__________________
"That's what governments are for - get in a man's way." - Captain Malcolm 'Mal' Reynolds

Last edited by the86d; 11-24-2018 at 10:01 PM..
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -8. The time now is 6:12 AM.




Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Proudly hosted by GeoVario the Premier 2A host.
Calguns.net, the 'Calguns' name and all associated variants and logos are ® Trademark and © Copyright 2002-2018, Calguns.net an Incorporated Company All Rights Reserved.
Calguns.net and The Calguns Foundation have no affiliation and are in no way related to each other.
All opinions, statements and remarks made by Calguns.net on this web site and elsewhere are solely attributable to Calguns.net.