Jump to content
IGNORED

Man, Sometimes This Stuff Is Just Weird...


Jud

Recommended Posts

Randomness and frequent resetting are the best password tactics.  Extremely hard to hit a random moving target.  Also have to be careful your that laptops and other mobile devices don't get contaminated elsewhere and spread problems into your home network when you connect.

 

Hide your SSID if you haven't already.  Create an access control list so only certain MAC addresses can connect.  Frequently reset admin password with something randomized.  Those 3 steps right there should keep 98% of the jokers out of your home wifi net.  Competent hackers will see things like that and move on, there are softer targets.

Link to comment
16 minutes ago, crenca said:

You want a fairly "randomized" password with a mix of letters, numbers, and characters  (such as ^ and !), but you have to be able to remember it.  

 

I've seen articles to the effect that randomization is not as important as sheer length, and that most people don't make use of spaces even when they're allowed.  So for example, you could use as a password a long sentence in your post or in this one, and it would be easily remembered, but tremendously hard to crack.

One never knows, do one? - Fats Waller

The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein

Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature.

Link to comment

Chances are those 30 or so reports are not really a problem. The only way I know of to tell is to look up the IP addresses and see if anything inside your network is accessing them. May be Google or Amazon or some other relatively innocent thing. From there you can make a reasonable judgement of whether you need to find out what they actually are. May be nothing, may be some nusiance malware, or may be a legit program on one of your devices. 

 

This is where home class systems like Orbi (which I also use) are a little limited compared to more robust commercial solutions.

 

If you want to post a few log samples, perhaps in a new topic, We can look em up and perhaps give you a bit if help. 

Anyone who considers protocol unimportant has never dealt with a cat DAC.

Robert A. Heinlein

Link to comment
15 minutes ago, Jud said:

 

I've seen articles to the effect that randomization is not as important as sheer length, and that most people don't make use of spaces even when they're allowed.  So for example, you could use as a password a long sentence in your post or in this one, and it would be easily remembered, but tremendously hard to crack.

 

Yes I have seen that as well. A nice long passphrase sprinkled with random number and character replacements is far superior to a normal password. Simple stuff like “J3$u$L0vesM3” is soooo easily broken today that it will only keep out people who are not much of a threat anyway. 

 

Also, not publishing a SSID does not help much these days. More of a nuisance to the legit owner than to anybody else. 

 

 

Anyone who considers protocol unimportant has never dealt with a cat DAC.

Robert A. Heinlein

Link to comment
1 hour ago, crenca said:

 

The answer to this question is usually/generally "no" given your situation (home network, not running web service, etc.).  

 

 

Yes...unless you have intentionally/accidentally enabled your router's management to be allowed on the public (internet or ISP) facing port.  You can confirm this in the management interface.

 

 

This is always a balance and a pragmatic matter.  You want a fairly "randomized" password with a mix of letters, numbers, and characters  (such as ^ and !), but you have to be able to remember it.  

 

Thanks for the response. As far as I can tell, I haven’t accidentally opened my router to the outside. For sure not on purpose. As far as the password goes, that only applies to keeping out people from the wi-fi network? Like my neighbors? 

Link to comment
1 hour ago, Paul R said:

Chances are those 30 or so reports are not really a problem. The only way I know of to tell is to look up the IP addresses and see if anything inside your network is accessing them. May be Google or Amazon or some other relatively innocent thing. From there you can make a reasonable judgement of whether you need to find out what they actually are. May be nothing, may be some nusiance malware, or may be a legit program on one of your devices. 

 

This is where home class systems like Orbi (which I also use) are a little limited compared to more robust commercial solutions.

 

If you want to post a few log samples, perhaps in a new topic, We can look em up and perhaps give you a bit if help. 

 

I did notice that at least a third of the attacks came from the same IP address but didn’t really pay a lot of attention to it. I’ll go back and dig a little deeper. Thanks. 

Link to comment

Regarding password complexity, I have come up with something that is fun, hard to guess, easy to remember, and pretty secure.

 

Adjective Noun Adverb Verb

 

Like:

 

Silly salamander silently slithers

 

You can dress it up with 3 for e and @ for a, etc.  Sprinkle a little punctuation, and you've got a memorable but un-guessable password.

Link to comment
11 minutes ago, daverich4 said:

 

Thanks for the response. As far as I can tell, I haven’t accidentally opened my router to the outside. For sure not on purpose. As far as the password goes, that only applies to keeping out people from the wi-fi network? Like my neighbors? 

 

There are at least two passwords you should have configured (assuming a standard wifi/router and/or ISP router):  

 

1)  one for end users to be be able to access your wifi broadcast (i.e. obtain an IP address via DHCP)

2)  one for the management interface itself, which you access from the private (i.e. non routable IP address space) network on your side (opposite the web/ISP facing port), usually with a browser.  Many of these routers (most?) also allow you to manage the router itself from the web/ISP port as well, but this is a risk and not usually recommended.  If you have turned this turn it off.

 

edit:  If it is not obvious, don't have these two passwords be the same!

Hey MQA, if it is not all $voodoo$, show us the math!

Link to comment
Just now, mansr said:

They'd be even harder to guess if you didn't tell everybody on the internet the pattern you use to generate them.

 

I just use the name of the club that won the premier league last year.  This forces me to change it every year, which I probably would not do being lazy and all...

Hey MQA, if it is not all $voodoo$, show us the math!

Link to comment
8 minutes ago, crenca said:

 

There are at least two passwords you should have configured (assuming a standard wifi/router and/or ISP router):  

 

1)  one for end users to be be able to access your wifi broadcast (i.e. obtain an IP address via DHCP)

2)  one for the management interface itself, which you access from the private (i.e. non routable IP address space) network on your side (opposite the web/ISP facing port), usually with a browser.  Many of these routers (most?) also allow you to manage the router itself from the web/ISP port as well, but this is a risk and not usually recommended.  If you have turned this turn it off.

 

edit:  If it is not obvious, don't have these two passwords be the same!

 

I just checked and remote management is turned off which is what I think is what you mean by the web/ISP port. Yes, the two passwords are different. 

Link to comment
On 4/28/2019 at 9:45 PM, Jud said:

Explaining the beta features of the eero system: https://blog.eero.com/introducing-eero-labs-building-future-home-wifi/

 

The other couple of beta features have always worked great (along with all the standard ones).  Most of the time the DNS caching works just fine, but there've been a couple of times in the past year I've used it that it's caused a problem.  I'm guessing we're dealing with a software bug here.

Did the change to disable DNS caching require a restart of the router?

 

Can you enable it and disable this feature and cause / fix the issue at will?

Founder of Audiophile Style | My Audio Systems AudiophileStyleStickerWhite2.0.png AudiophileStyleStickerWhite7.1.4.png

Link to comment
1 minute ago, AudioDoctor said:

I will share a tip with all of you.

 

1PassWord

 

Use one master password, and it will create completely random passwords and remember them for you, fill them where needed. Including your router. It's definitely worth the small fee.

 

While this one is popular, I prefer a solution that is cross platform, does not use a web browser, and does not store passwords in the Cloud.  In my experience, it's just not a good security practice to use a browser-based password vault.

Link to comment
1 minute ago, Samuel T Cogley said:

 

While this one is popular, I prefer a solution that is cross platform, does not use a web browser, and does not store passwords in the Cloud.  In my experience, it's just not a good security practice to use a browser-based password vault.

 

 

It is cross platform
it's a standalone app (at least for Mac)
It doesn't store passwords in the cloud, in the open...

https://1password.com/security/

No electron left behind.

Link to comment
1 hour ago, daverich4 said:

 

Thanks for the response. As far as I can tell, I haven’t accidentally opened my router to the outside. For sure not on purpose. As far as the password goes, that only applies to keeping out people from the wi-fi network? Like my neighbors? 

 

If you registered on the Netgear site, you actually do have secure remote access to manage your system if you want it. The login is different than your local login (orbilogin.net) and it is handy when you are away from home. Only works, so far as I know, from the iPhone or iPad app though. 

 

It's nice when your family has an issue and you are not there to personally cuss at the offending hunk of hardware or software. 😁

Anyone who considers protocol unimportant has never dealt with a cat DAC.

Robert A. Heinlein

Link to comment
28 minutes ago, AudioDoctor said:

I will share a tip with all of you.

 

1PassWord

 

Use one master password, and it will create completely random passwords and remember them for you, fill them where needed. Including your router. It's definitely worth the small fee.

 

There are a few of these apps. I use LastPass. You want to look at how securely they hold your information, since they make quite tempting targets.

One never knows, do one? - Fats Waller

The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein

Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature.

Link to comment
22 minutes ago, AudioDoctor said:

 

 

It is cross platform
it's a standalone app (at least for Mac)
It doesn't store passwords in the cloud, in the open...

https://1password.com/security/

 

Does it supply two phase authentication in any way?  I am finding that is about the only thing that slows down the bad guys if they are really intent on getting into your account. 

 

-Paul 

 

Anyone who considers protocol unimportant has never dealt with a cat DAC.

Robert A. Heinlein

Link to comment
44 minutes ago, The Computer Audiophile said:

Did the change to disable DNS caching require a restart of the router?

 

Can you enable it and disable this feature and cause / fix the issue at will?

 

Great questions. I wondered the same.

 

Restart - Yes.

 

Cause/fix - Haven't tried in this instance. The couple of times this feature has caused problems before, though, leaving it on and restarting the network didn't fix them. But neither does it always cause problems when it's on.  So it causes problems intermittently, but in my prior experience keeping it on has prevented the resolution of a problem when it did occur.

One never knows, do one? - Fats Waller

The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein

Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature.

Link to comment
8 minutes ago, Paul R said:

 

Does it supply two phase authentication in any way?  I am finding that is about the only thing that slows down the bad guys if they are really intent on getting into your account. 

 

-Paul 

 

 

But then if you use phone apps for 2FA and your phone is stolen and someone manages to turn off Find My iPhone or whatever, you're really screwed.

One never knows, do one? - Fats Waller

The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein

Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature.

Link to comment

How so?  They would either need my fingerprint or my face to do 2Phase authentication. It isn't perfect, but it is significantly better than a password by itself. 

 

Besides, if someone steals my phone it is going to get bricked pretty much the first time they use it.  :)

 

-Paul 

 

Anyone who considers protocol unimportant has never dealt with a cat DAC.

Robert A. Heinlein

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...