Ask
Reply
Solution
02-05-2021 09:42 AM
Hi,
I just received my new THG 3000 Router following an upgrade but notriced on the order paperwork it's designated "Lite".
Does this mean there are versions and I've received the cheaper one?
Also, why is it run by Vodafone Firmware? I understaood this was supposed to be a highly capable top of the line Router yet it doesn't even have a built in VPN - essential for security cameras to avoid being hacked ( the alternative is to port forward which = free hacking for everyone on your network and botted cameras).
Given the prevalence of CCTV cameras these days in people's home, you'd have though that Vodafone would have included a VPN facility in their router (I'm gueessing the aprent router it's based on has one), unless of course there is a non "Lite" version and I got the crappy one.
13-05-2021 07:32 AM
My old - and I mean old - Asus RT-AC68u will host/connect to VPNs, however that doesn't mean it does it well. I suspect using OpenVPN its throughput would be minimal. That leaves just the choice of PPTP or IPSEC on that device, neither of which is secure enough. Even my master router an RT-AC86u requires additional cooling if left running a VPN for an extended period, and while it'll handle my 49Mbps connection, it'd probably top-out way lower than the bandwidth of most Gigafast connections.
https://www.forbes.com/sites/leemathews/2020/08/31/800000-printers-vulnerable-28000-hacked/
14-05-2021 05:05 AM
Your article mentions CCTV and proves my point.
However, the risk to printer is low, they eventually run out of paper! Network security cameras become spies, DDoS bots or bricked.
14-05-2021 07:41 AM
I've been trying not to wear a tinfoil hat here, there are plenty of devices that if improperly configured can be hacked on an insecure network.
Checking out what I was about to post earlier was the first time ever I'd set up a home router as a VPN server and even on the other sites I visit it's not something that you see much talk of from anyone other than those using pfsense, Ubiquity USGs, and professional Cisco equipment. For the sake of completeness, I actually went through the process twice once manually and then using Asus Instant Guard. The manual setup is a complete pain, and getting Instant Guard up and running had quirks which temporarily lowered security during the setup process.
What I might do at the weekend is dig out one of the old IP cameras, connect it, set up a new DDNS client and challenge you to pull anything off the network. Now, would you prefer a tarpit with that, or just plain old stealthing?
14-05-2021 04:57 PM
I've been thinking about the idea of allowing a limited attack on my home network a great deal today. I've decided not to do this simply because if someone were to attempt such an attack in a clumsy manner, they could end up triggering actions leading to their internet being suspended.
14-05-2021 10:40 PM
@Anonymous wrote:I've been thinking about the idea of allowing a limited attack on my home network a great deal today. I've decided not to do this simply because if someone were to attempt such an attack in a clumsy manner, they could end up triggering actions leading to their internet being suspended.
All I can say is, it would serve them right.
22-05-2021 05:03 AM - edited 22-05-2021 05:03 AM
Save you the time.
Interesting post this morning over at that CCTV site I posted above:
https://ipcamtalk.com/threads/my-dvr-was-hacked-and-used-in-a-botnet-please-help.55288/
22-05-2021 09:05 AM - edited 22-05-2021 11:43 AM
There is a lot bigger picture out there. I myself used to be a part of a team who could do all the, let's say fun stuff. And what I can say is. using things like cameras or DVR units is nonsense .yes it could in theory. But there are better and easier ways. Most of the stuff posted on that site is dribble. It's like most forums there are paid people .who write a fake story to get people to buy the other products. There are also so many people that panic and go into insanity mode out that will believe it all.
EDIT so after going and looking at the post on the other forum using the laptop I get a push message on my android phone. asking me to go to eBay and look at security cameras, see that's my point. fixated on cameras and not on the bigger picture TUT TUT lol.
22-05-2021 10:40 AM
As a result of this thread, I've set up the "Instant Guard" facility on the router - not for the security cameras (for Plex and the file-server), I've already confirmed that they and most MODERN security cameras ALREADY USE P2P TUNNELLING.
Before leaving Asus Instant Guard set up though, I've been through the network and tightened up security to a level that I'd normally have considered paranoid - all while keeping the changes completely transparent to local end-users. And that's the thing, the sort of measures I've taken are way above and beyond those that the average tinkerer would have in place, let alone the average home user.
*In the process I actually managed to identify a flaw in the Asus firmware, that allowed the user to set a password, that then couldn't be entered at login - replicated - reported - and confirmed.
As for the hacking old IP security cameras, I dug one out and can confirm that if you can access it, and have the system un&pass you can indeed get into its cutdown Linux firmware, and with the right know-how upload your own "compromised" firmware, or plant your own routines into its limited storage. Those old cameras while they can be viewed directly on a web browser locally, with the setup here - as it was - were still not opening ports or advertising themselves on the public IP address that I can see. *They were at the time remotely accessible using a manufacturers app - though this no longer appears to work!
14-05-2021 05:11 AM
@Anonymous wrote:My old - and I mean old - Asus RT-AC68u will host/connect to VPNs, however that doesn't mean it does it well. I suspect using OpenVPN its throughput would be minimal. That leaves just the choice of PPTP or IPSEC on that device, neither of which is secure enough. Even my master router an RT-AC86u requires additional cooling if left running a VPN for an extended period, and while it'll handle my 49Mbps connection, it'd probably top-out way lower than the bandwidth of most Gigafast connections.
https://www.forbes.com/sites/leemathews/2020/08/31/800000-printers-vulnerable-28000-hacked/
Not sure why your router would be left pushing data through the VPN for any period of time. A properly configured CCTV camera using trip wires or zones or similar should send an email alert to your phone only when triggered and allow you to investigate by connecting with your phone to view the alert footage.
Not sure why you'd want a permanent connection and to transfer large amounts of constant data. That's also where substreams come in. Monitored footage should generally be substreamed with main stream data reserved for recording ie monitored low bit rate lower quality, recorded high quality. Again not sure why you'd want to push high quality out for simple monitoring. Dare say you can get anything hot if you push thousands of MB constantly through it.
05-05-2021 01:46 PM
@Br04dB4ndAl wrote:
ISP's are still ahnding out routers without VPN capability.
It's not just ISP's, the majority of people buy routers without VPN capability, and even those who want high end routers (where VPNs are often included) probably don't use them.