!DzDQEGffiXneamKckA:matrix.org

OpenWrt

785 Members
openwrt.org - in case of spam, ping mods or in #banhammer:systemtest.tk, unofficial community +mesh:matrix.org #meshes:matrix.org networking, free space propagation, open source, Linux, routers, communication hardware, acceleration, bufferbloat, gigabit wifi, wireless mesh, radio propagation simulation, unlicensed spectrum management, WISP, see also: Freifunk, FunkFeuer, Althea, Yggdrasil, Tomesh, WireShark, dd-wrt, BattleMesh, IRC: openwrt.org/contact124 Servers

Load older messages


SenderMessageTime
27 Sep 2022
@kandre:ak-online.beklaernieRe 3: That depends on the vulnerability of the extenders/switches. If they can be broken by data simply passing through them, you might. If one can install custom software on them and connect back out to the internet, you have a problem. If these devices don't even have an IP address you're probably okay12:03:54
@luke1433:matrix.orgLuke1433
In reply to @kandre:ak-online.be
Re 1: As long as OpenWRT is doing proper routing and firewalling between the two networks you're good

Are openWRTs default settings proper? I set its Wifi up with the isolate networks option enabled.
But I do see I'm able to connect to the 5Gs backend via my laptop when it's plugged into the openWrT routers lan port.

Does this mean the 5G router can see and access my LAN devices?

12:19:15
@kandre:ak-online.beklaerniethat's two different directions12:31:18
@kandre:ak-online.beklaerniethe NAT on openwrt allows you to talk with each and every device on the WAN side of openwrt12:31:52
@kandre:ak-online.beklaerniebut that does not imply, that every device on the WAN side may talk to the LAN side12:32:18
@kandre:ak-online.beklaerniefor that there either needs to be an open connection (only the reply packets make it throught)12:32:41
@kandre:ak-online.beklaernieor an explicit port-forwarding12:32:51
@kandre:ak-online.beklaernieor a 1:1 mapping of an IP on the WAN side to an IP on the LAN side12:33:08
@kandre:ak-online.beklaernie(the last one is usually "sold" as DMZ host by consumer router stock OSes)12:34:00
@kandre:ak-online.beklaernieso unless you disable the NAT entirely and start to just do plain routing, all is good12:34:31
@bkil:grin.hubkil
In reply to @luke1433:matrix.org
#Q

Questions about router security&privacy.❓

1. If you have a 5G router running outdated firmware (unable to update) that connects via LAN to router running updated OpenWRT.
Are devices connecting to the OpenWRT router still at risk because of the outdated 5G router?

2. If you have a fibre connection, in my country they provide a interface that receives the fibre signal and outputs it to a LAN cable that connects to your routers WAN port.
Is that fibre interface vulnerable? Does it too need updates and does it compromise your devices connected to your router?

3. If I have a secure up to date router connected to the internet, but it's connected to out of date extenders/LAN switches, am I compromised, or is the secure router the first line defense still?
What do you mean by 5G router?
13:13:10
@bkil:grin.hubkilOn Android handsets, we have seen such exploits that even work fully isolated and offline (by propagating through WLAN beacons). It would be more productive if you could just give us a part number.13:14:17
@bkil:grin.hubkil * On Android handsets, we have seen such exploits that even work fully isolated and offline (by propagating through WLAN beacons). It would be more productive if you could just give us a part number / model number.13:14:26
@bkil:grin.hubkilThere were many HGW exploits in the past that could reach your device over its WAN management interface as well.13:15:47
@bkil:grin.hubkilMillions of HGW are deployed over here that are vulnerable to well documented DDoS.13:16:14
@luke1433:matrix.orgLuke1433
In reply to @bkil:grin.hu
What do you mean by 5G router?
A router supplied by the ISP that houses their 5G sim card
14:16:37
@bkil:grin.hubkilBy 5G SIM card you mean 4G SIM card, right? 🤷15:02:42
@bkil:grin.hubkilI mean, how could a 5G device already be unsupported...15:02:59
@bkil:grin.hubkil * By 5G SIM card you mean 4G (LTE) SIM card, right? 🤷15:03:26
@_neb_rssbot_=40bkil=3amatrix.org:matrix.orgRSS Bot [@bkil:matrix.org] OpenWrt Wiki docs:
Ad blocking - added some forum links, more info, clarifications, etc.
16:37:43
28 Sep 2022
@cypherpunks0x:matrix.orgCypherpunks0x #Cypherpunks0x:matrix.org changed their display name from Cypherpunks0x to Cypherpunks0x #Cypherpunks0x:matrix.org.00:29:52
@cypherpunks0x:matrix.orgCypherpunks0x #Cypherpunks0x:matrix.org set a profile picture.00:56:18
@harold99:matrix.org@harold99:matrix.org
In reply to @bkil:grin.hu
I mean, how could a 5G device already be unsupported...
5G routers exists already
11:30:35
@harold99:matrix.org@harold99:matrix.org left the room.11:30:48
@stokito:matrix.orgstokito set a profile picture.12:09:06
@mhnoyes:matrix.orgmhnoyes
In reply to @luke1433:matrix.org
A router supplied by the ISP that houses their 5G sim card
What 5G cellular vulnerability are you trying to address? First, check for an upgrade of your vendor supplied CPE. Next, evaluate double nat, firewall, remote access, etc. for security concerns related to your vendor supplied CPE.
15:32:22
@mhnoyes:matrix.orgmhnoyesFinally, run an external scan against your public ip (e.g. ShieldsUp), and run https://www.cloudflare.com/ssl/encrypted-sni/15:35:16
@mhnoyes:matrix.orgmhnoyeshttps://www.cisa.gov/5g <-- 5G security15:43:18
@mhnoyes:matrix.orgmhnoyesWAX638E https://www.netgear.com/business/solutions/residential/wifi/15:45:21
@mhnoyes:matrix.orgmhnoyes * New hardware: WAX638E https://www.netgear.com/business/solutions/residential/wifi/15:45:39

There are no newer messages yet.


Back to Room List