Router traffic monitoring

[L&LD]

12 character password isn't long enough today. Having anyone else 'create' this password for you is not secure either.

 

[TheLyppardMan]

12 character password isn't long enough today. Having anyone else 'create' this password for you is not secure either.

So how long does it need to be and also, what is wrong with using the Roboform password generator?

I've just checked my password on a couple of password-checker sites and although they give different results, they both indicate that it would take a long time to crack the password I have set.

 

[L&LD]

So, now you're typing your password on (random) websites too.

I would make it be as long as the field allows. Created by me.

Those websites have no idea how long it will take to crack a password in H2 2023. Guesstimate, at best, and more than likely, greatly overestimated.


Here's something else to think about:

Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones

BrutePrint requires just $15 of equipment and a little amount of time with a phone.

arstechnica.com

Can't believe it can take as little as a few minutes for fingerprint scamming, huh?

 

[jimmyb2]

I have been using a utility called Networx for some time, to monitor traffic on my network, but unless one only wants to monitor traffic on the computer on which it is installed, there are only two options to get it to work, one being SNMP and the other UPnP. I used to have it set to use SNMP on previous ASUS routers, but for some reason unknown to me, that is no longer an option on the later routers, such as my RT-AX88U and I'm not keen to use the UPnP option for security reasons. I presume that there is no workaround for this, so is anyone aware of an alternative product that would perform a similar function?

Have you ever checked Glasswire @ www.glasswire.com? Not sure if it does what you are looking for.

 

[GHammer]

I did check out the latest version of Networx, but unless I am missing something, they seem to have removed most of the advanced options that were accessible to users of the earlier version that I am using. They have also moved some of the general options onto sub menus, which I also didn't like, so I'm sticking with what I have. One thing that has puzzled me is that looking again at the SNMP version options in the Networx advanced menu, it does have one line that references SNMP version 3, but I have no idea what the value they have added means or how it relates to the options available in the GUI of my router. Morris: At your suggestion, I have used Roboform to create a 12-character complex password for the SNMP Get Community, so thanks for that.

View attachment 50314

You may want to check out this.

ntopng

ntopng High-Speed Web-based Traffic Analysis and Flow Collection ntopng is a network traffic probe that provides 360° Network visibility, with its ability to gather traffic information from traffic…

www.ntop.org

Free with a fairly good community.

 

[TheLyppardMan]

So, now you're typing your password on (random) websites too.

I would make it be as long as the field allows. Created by me.

Those websites have no idea how long it will take to crack a password in H2 2023. Guesstimate, at best, and more than likely, greatly overestimated.


Here's something else to think about:

Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones

BrutePrint requires just $15 of equipment and a little amount of time with a phone.

arstechnica.com

Can't believe it can take as little as a few minutes for fingerprint scamming, huh?

While on the subject of passwords; if I have the Wireless MAC Filter switched on (which I do), do I still need a very strong Wi-Fi password? At the moment it's a symbol and 12 digits (to make entering into new devices relatively easy), but my alternative would be to go for 5 capital letters, followed by 5 lower-case letters, followed by 5 numbers and finally, followed by 5 symbols. I do have a very strong password on my router, 14 characters, being a random mix of those types I just outlined.

 

[L&LD]

With Asus routers, I would not use symbols, spaces, special characters or smiley faces (all, known to cause issues), alphanumeric only.

I also (still) suggest 8 characters for the SSID's and 16 characters for all the username and passwords. Don't use the default 'admin' for the username. Don't use the default port for the OpenVPN servers. Don't use the default for the network LAN.

Using the password 'mask' as you specify makes the passwords easier to crack.

The Mac filter is a waste of time, security wise. Stop using it.

 

[TheLyppardMan]

With Asus routers, I would not use symbols, spaces, special characters or smiley faces (all, known to cause issues), alphanumeric only.

I also (still) suggest 8 characters for the SSID's and 16 characters for all the username and passwords. Don't use the default 'admin' for the username. Don't use the default port for the OpenVPN servers. Don't use the default for the network LAN.

Using the password 'mask' as you specify makes the passwords easier to crack.

The Mac filter is a waste of time, security wise. Stop using it.

Based on your suggestions, I've generated a random 6-digit alpha-numeric name for my SSIDs and added LB, HB or GN as appropriate, to make them 8 characters in total length. I've also generated random 16-digit alpha-numeric passwords for the new SSIDs. I wasn't and never have used the default log-in name for any of my routers.

 

[TheLyppardMan]

Have you ever checked Glasswire @ www.glasswire.com? Not sure if it does what you are looking for.

I'm not keen on Glasswire, but thanks for the suggestion. Now that Networx is working with SNMP, I can continue to use that. It's pretty basic, but I can obtain further information from my router and from "Who's On My Wi-Fi" if I need it.

 

[TheLyppardMan]

With Asus routers, I would not use symbols, spaces, special characters or smiley faces (all, known to cause issues), alphanumeric only.

I also (still) suggest 8 characters for the SSID's and 16 characters for all the username and passwords. Don't use the default 'admin' for the username. Don't use the default port for the OpenVPN servers. Don't use the default for the network LAN.

Using the password 'mask' as you specify makes the passwords easier to crack.

The Mac filter is a waste of time, security wise. Stop using it.

My son, who is studying cyber security to Masters Degree level has just told me that the SSID password should contain special characters to enhance the security and when I passed him your message to look at, his comment was "Well, use of special characters has been around for a long time and it can't be a very good router if it won't accept special characters." In view of that, can you tell me what you mean by "all, known to cause issues"?

 

[L&LD]

No doubt special characters will enhance security. But we're talking about Asus routers here.

Having read the entire forum a decade ago, (and continuing to read every post daily, today), hasn't changed what is experienced for at least some who don't use a long, but strict alphanumeric-only password and/or SSIDs. I use the 16-character limit for the router password (newer routers have changed that limit), and this is what I see gives the best chance of a stable and reliable network experience.