What's new

[Security] - reminder to stay secure

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I am thinking that if you have RMerlin's firmware you could use IPTables to prevent such hacks by blocking on the input chain except for hosts that you need such as your DNS server or the router's VPN destinations. And also use VPN to access internal services.
 
A secure jump box is always a good approach - port forwards are always a risk, but a jump box can minimize things, and reduce the risk to the Gateway/Firewall...

Something like a Pi can be all that's needed...
 
an idea might be to have smb shared dir and then openvpn into the network

I have Samba enabled on the remote server. However, I cannot see the remote computer under "Network" from file explorer. I also tried //192.168.2.1/data but nothing returns.

If I do http://192.168.2.1, I can assess the admin page of the router.
 
I am thinking that if you have RMerlin's firmware you could use IPTables to prevent such hacks by blocking on the input chain except for hosts that you need such as your DNS server or the router's VPN destinations. And also use VPN to access internal services.
The remote router is a NT-56U... There is no RMerlin firmware..
 
I have Samba enabled on the remote server. However, I cannot see the remote computer under "Network" from file explorer. I also tried //192.168.2.1/data but nothing returns.
The syntax is with back slashes, try: \\192.168.2.1\data
 
The reason why i suggested RMerlin's firmware was because of the inclusion of IPTables which lets you intentionally drop packets on the input chain which helps to secure your router.
 
The reason why i suggested RMerlin's firmware was because of the inclusion of IPTables which lets you intentionally drop packets on the input chain which helps to secure your router.
I agree. I am using it for my home router. My next project is to dissect my home network to three segments; 1) full internet and local assess, 2) local assess only and 3) internet assess only. 1) is the default behavious. I can get 2) to work. I still need to figure how to setup 3). Any advice? Thanks in advance.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top