security

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. B

    How many connection attempts are you getting on your home router while all ports are closed?

    Hi, I'm getting 8 connection attempts per minute around the clock, or about 11500 per day. Is this normal? It seems a lot to me. What about you?
  2. I

    Latest CEVs regarding Asus routers, and what exactly is affected ?

    Hey all, I listen to the Security Now podcast, and on this week's Episode Steve mentioned a 9.8 rated CEV targeting Asus routers. I'll have to go back and listen to the podcast again once it posts, as I like to watch it live. What I'm curious about is, what all do these vulnerabilities affect...
  3. D

    Feature request: Two factor authentication web login. (TOTP)

    Merlin feature request: Two factor authentication web login. (TOTP - Time-based one-time password) I think this would benefit PAM (Pluggable Authentication Modules) authentication the routers use. For those that have no idea what I’m talking about it’s a security feature that requires you to...
  4. sfx2000

    Linksys Velop 6E, Velop Pro 7 - sending credentials to cloud in clear text

    This might be rather uncomfortable for the Linksys folks... Their SmartWifi solution is storing the WiFi credentials in plaintext up in their cloud servers... https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/
  5. sfx2000

    CVE-2024-3094 - XZ Utils Backdoor - addtional info

    This had some traction over in AsusWRT-Addon's thread... I would post there, but the thread was closed. https://www.snbforums.com/threads/backdoor-in-linux-xz-utils-on-linux-distros.89469/ A couple of good write ups and analysis for this CVE are below...
  6. sfx2000

    This one is kind of interesting - Client and AP issues with WPA2/3

    Might have slipped below the radar - but Android and Routers have an issue here... https://www.top10vpn.com/research/wifi-vulnerabilities/ wpa_supplicant: CVE-2023-52160 IWD: CVE-2023-52161
  7. tonymet

    WPA2 Shared Secret Rotation: How to avoid downtime?

    Let's assume you like to rotate your WPA2 shared secret (SSID passphrase) once a year. How do you do it without downtime and with minimal fuss? Is it possible to do it without changing SSID? Here's how I do it: Start with existing SSID `wireless-net` Add new virtual SSID `wireless-net-A`...
  8. sfx2000

    getaddrinfo() on glibc calls getenv(), oh boy

    It's found on go, but this is something of interest to many... https://rachelbythebay.com/w/2023/10/16/env/ Be safe out there...
  9. Yota

    Plans to migrate to OpenSSL 3.0?

    The current firmware is using OpenSSL 1.1.1, which already ends support in September 2023. This means that it is no longer possible to get public security updates since last month. I still remember that it took about a year to migrate from OpenSSL 1.0.2 to 1.1.1 in 2019. I know there's so much...
  10. torstein

    How exactly do IoT smart devices pose a threat to home networks?

    I'm just curious, how exactly does a smart lock, or a light bulb or a smart kitchen appliance pose a threat? If you have your router properly set-up, disabled UPnP, enabled the firewall and no port forwarding, then there's no way some remote hacker can enter my home network through a security...
  11. T

    Merlin Firmware and CVE\Security Patches

    Hi, I need some information about how Security (CVEs) are handled in the Merlin firmware. There is a security advisory from around two weeks ago that ASUS have released to the public saying to patch the routers to the latest version of their original firmware. I have checked the details log for...
  12. C

    OpenVPN on TCP 443 or 80

    Hello all - I have multiple VPNs types going, Wireguard (via raspberry pi not via router), IPSec on RT-AX86U, and IPSec via Instant Guard -- the last two are really just me trying them out and as alternatives to Wireguard. I am running stock firmware. They all work well and as expected. What...
  13. H

    Securing iot devices with limitations and limited budget, well try maintain flexibility.

    Topic iot devices separated from Main devices within the home, but what qualifies as Main and what qualifies as iot and how to separate them when you don't have a switch that can tag packets? I also cannot run to land cables to the router or switches that I need to as each run through the house...
  14. G

    Router VPN / Streaming / Daisy Chain Routers / Security

    Hello, I use my home network which is connected to broadband internet connection for the purposes such as streaming, financial secured web accounts, insurance secured web accounts, and health secured web accounts. More recently it seems that the streaming services that I've used a VPN are now...
  15. K

    Is Anti-Virus Software A Substitute For Firmware Updates?

    A family member recently got a letter from AT&T stating that their AT&T provided Pace 5268AC gateway will no longer receive firmware updates. The letter reads: "Don't worry! Your internet access and speed will not change. However, you will no longer receive the latest security patches...
  16. S

    Best performance and security addons

    Hi, Got an simple and easy question for you guys, what are the addons for optimal performance then best addons for security? Thanks
  17. I

    Is WPS really disabled?

    Hey all, I was curious about AsusWRT, and WPS. The toggle turns off when I set it to off, but there is a section in the configuration that still says enabled. Was curious if it's possible to fully disable WPS, or if this is just a glitch in the UI. Thanks - see attached screenshot. I have...
  18. I

    Three Dumb Routers concept inroduced by Steve Gibson (2016)

    Hey guys, I was poking around and came across an old Security Now episode about the Three Dumb Routers concept. It seems as growing security threats increase, this would be a good configuration to consider. (especially with more smart devices onboard.) In my case, I have three routers I could...
  19. I

    AIProtection vs Built-in Web Browser protection

    Hey all, I was curious as to what the thoughts were of AIProtection vs the built in protection of the web browsers today. I did some reading of some older threads here regarding if people recommended AIprotection, and the main verdict was yes. However, those threads were a year to several years...
  20. R

    Mac filter according to Dhcp reservation?

    Hi, In order to upgrade my security I would like to enable Mac filtering to prevent unknown device from connecting to my network what ever they know my SSID and PSK. I dont like to change my PSK periodic. This would take a lot of time with 30plus devices. Is there a way to enable Mac...
Top