Do network mesh devices actually work?

imok — Sun, 27 Aug 2023 15:24:19 +0000

I want to cover a house of 2 levels and I don't want cables involved.

What would be the best device for that?

WiFi Router for Office

Shakib — Sat, 05 Aug 2023 06:55:07 +0000

Hey Guys,

So I have been using an MikroTik router for a while and it's been the best router that I have personally used in years since the TP-LINK 300 Mbps days.

Pretty much all other routers I have used had died, bricked and WAN port stopped working on me, not to mention the stability issues that doesn't gets fixed until I reboot the router.

Now MikroTik aside, which router I can buy for $200-$300 to use in an office environment that's gonna be always stable like MikroTik, but faster and will last me at least 5 years?

Additional requirements: WiFi 6+1 Gigabit minimum, Few years of warranty and software updates.

Must have full+high speed coverage for 2 floors and the parking lot. Check photos.

Please make me some specific recommendations.

Creative or Unusual WiFi SSID Names?

xleet — Mon, 23 Jan 2023 12:55:52 +0000

Most of my neighbors still use the default SSIDs that came with their access points, but I do see a few creative names around me:

"Get your own WIFI"
"PayMeeeeee"
"SMITH HOUSE BABY" - Nearby neighbors are Smith, but their only child is starting college.
"Pumma da GOAT" - My best guess is they are a fan of fashion model Pumma Santiago, but that's a guess. (I assume that GOAT stands for "greatest of all time.")
(A local baseball star's name - well known in Major League Baseball) - It is almost certainly a fan, not the player's residence.

My hunch is that the people on LowEndSpirit have seen many strange and quirky WiFi access point names around them.

LowEnd Segmented Wireless and Wired VLAN Networks

xleet — Sat, 17 Sep 2022 17:44:33 +0000

I would like to segment my home network into separate VLANs. The goal is to prevent appliances like doorbell cameras and video streaming devices from accessing the LAN that residents use for their personal computers and phones.

That means several WiFi SSIDs that are on separate LAN segments. I have switches that support 802.1q VLAN tagging, but they are still operating as unmanaged switches.

Which firewall would you recommend that supports this kind of networking with VLAN tagging?
Which access points would you recommend that support multiple SSIDs (say 8 different ones) with appropriate VLAN tagging?

Multiple Vulnerabilities in Wi-Fi Enabled Devices Could Allow for Data Exfiltration

mikho — Fri, 14 May 2021 06:32:40 +0000

Source: S.Bradley

TLP: WHITE
MS-ISAC CYBERSECURITY ADVISORY

MS-ISAC ADVISORY NUMBER: 2021-068

DATE(S) ISSUED: 05/12/2021

SUBJECT: Multiple Vulnerabilities in Wi-Fi Enabled Devices Could Allow for Data Exfiltration

OVERVIEW:

Multiple vulnerabilities have been discovered in Wi-Fi enabled devices, the most severe of which could allow for data exfiltration. IEEE 802.11 is part of the IEEE 802 set of local area network technical standards, and specifies the set of medium access control and physical layer protocols for implementing wireless local area network communication. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to exfiltrate user data.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild. A proof of concept exists for various vulnerabilities mentioned within this advisory.

SYSTEMS AFFECTED:

Any Wi-Fi enabled device could be vulnerable, please check with the manufacturer of your device(s)
RISK:

Government:

Large and medium government entities: High
Small government entities: High
Businesses:

Large and medium business entities: High
Small business entities: High
Home users: High

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Wi-Fi enabled devices, the most severe of which could allow for data exfiltration. These vulnerabilities can be exploited if a user connects to a rogue access point and is then redirected to or visits a malicious server. Details of the vulnerabilities are as follows:

A vulnerability exists in the 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) that could allow an attacker to inject arbitrary network packets (CVE-2020-24588)
A vulnerability exists in the 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) that could allow an attacker to decrypt selected fragments when another device sends fragmented frames. (CVE-2020-24587)
A vulnerability exists in the 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) that could allow an attacker to inject arbitrary network packets and/or exfiltrate user data. (CVE-2020-24586)
A vulnerability exists in Samsung Galaxy S3 i9305 4.4.4 devices that could allow an attacker to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145)
A vulnerability exists in Samsung Galaxy S3 i9305 4.4.4 devices that could allow an attacker to inject arbitrary network packets independent of the network configuration. (CVE-2020-26144)
A vulnerability exists in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H that could allow an attacker to inject arbitrary data frames independent of the network configuration. (CVE-2020-26140)
A vulnerability exists in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH could allow an attacker to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143)
A vulnerability exists in the kernel in NetBSD 7.1 that could allow an attacker to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)
A vulnerability exists in Samsung Galaxy S3 i9305 4.4.4 devices that could allow an attacker to exfiltrate selected fragments. (CVE-2020-26146)
A vulnerability exists in the Linux kernel 5.8.9 that could allow an attacker to inject packets and/or exfiltrate selected fragments (CVE-2020-26147)
A vulnerability exists in the kernel in OpenBSD 6.6 that could allow an attacker to inject arbitrary network packets, independent of the network configuration. (CVE-2020-26142)
A vulnerability exists in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H that could allow an attacker to inject and possibly decrypt packets. (CVE-2020-26141)
Successful exploitation of the most severe of these vulnerabilities could allow an attacker to exfiltrate of user data.

RECOMMENDATIONS:

We recommend the following actions be taken:

Apply the stable channel update provided by the vendor to vulnerable systems immediately after appropriate testing.
Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
REFERENCES:

Wi-Fi Alliance:

https://www.wi-fi.org/security-update-fragmentation

FragAttack:

https://www.fragattacks.com/#beingexploit

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26145

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26144

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26140

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26143