Hello everyone, I'm going to move to a new apartment and doing full time home office while my wife is doing part home office, so I'm looking to improve my internet connectivity. I already plan to get the 400 mbps down fiber cable plan. So, I have to be honest that routers is one of those topics that I should know more than I should but don't, so I'm not sure what should I expect and the features I want or don't need.

Some time ago, I discovered and bookmarked the amazing website smallnetbuilder which at the time I thought, I would just trust his thorough reviews and choose the best router within my budget. Sadly, the website seems abandoned now, so I'm not sure if there is something new on the market or if the routers on his "Best" rank, are still valid options. By the way, I don't really game online.

My requirements are:

• 150€ budget, but willing to go to 200€ if really worth it;
• Mesh compatibility, just in case I need it in the future;
• Hopefully very low packet loss maybe 0-0.5%;
• Compatibility/support with open source firmware;
• Maybe VPN support (not sure, if worth it);
• 2.5Gb LAN ports would be nice for future-proofing, but I think this is not possible without going over the budget;
• Something that I don't know and never heard about, but you would really recommend it to me :).

After a first glance, the Asus RT-AX58U looks nice. Just not sure about only having two 5GHz streams and no LAN port aggregation.

Bonus dumb question(s) (sorry): Will all the routers work with my ISP modem? Or is it normal to always check with the ISP first before buying?

I recently got my home internet upgraded to 10 Gb/s. I currently have the following hardware:

• 10 Gb/s fiber modem (from the ISP)
• 1 Gb/s ASUS combo router/AP/switch (needs replacement)
• 2.5 Gb/s 4 port switch (not currently in use)
• 5 Gb/s USB C ethernet adapter

My ASUS router is the bottleneck in my current setup. My actual internet speeds are more in the 2-5 Gb/s range when plugged directly into the modem. So I'd be happy if I can get 2.5 Gb/s hardware between my laptops and the modem. That makes my existing ASUS router the bottleneck and in need of replacement. Is there a good, relatively cheap, standalone router (no switch or AP) I can build/buy that supports >1Gb/s speeds? Or is there a good all-in-one solution that isn't way too expensive? I'd honestly prefer to have different components each doing just one job.

I already tried hooking the switch into the modem directly to see what happens. Under that configuration only one device plugged into the switch has internet access.

I did some cursory Googling but found stuff that I'm not looking for (maps of the web and traceroutes hooked up to GeoIP lookups). Is there a resource that will show me the internet as a series of interconnected hops? Preferably with information on the connections between nodes that indicates the amount of traffic. I'm interested in the topography of the internet itself - not physically where hops are located.

EDIT: Crisis averted! The problem was with the modem and not the devices connecting to it. I'm not sure why the first person I called at the ISP couldn't help me. In reality, the second person I called also didn't help, but something magically started working after talking with them a second time and rebooting the modem about 5 more times, so it turns out I don't need a new WiFi router at this time. That said, I will take these suggestions to heart, as I may be buying one anyway as a backup for when this inevitably happens again.

TL;DR: I probably need a new wifi router and want one that isn't malware and will work even if the company I bought it from goes under or stops making it.

Long version:
So today my wifi stopped working. I use an Apple Airport Extreme (the tower one that has a Time Machine backup in it). I've had it for 5 or 10 years and it's worked fine during that time, other than replacing the hard drive it backs up to. My spouse and I were sitting on the couch after lunch surfing the web on our phones, when we suddenly couldn't reach anything. The router itself appears fine. We can connect to it and see other devices that are connected to it, but for some reason, it's no longer communicating with the cable modem via the WAN port. It still backs up the computers in our house, though. I have tested the cable that was connecting it to the cable modem, and it appears fine. I can connect my computer directly to the cable modem without issue using the same cable. So my guess is that the WAN port is hosed.

However, I'm suspicious that something else is going on for 2 reasons. #1, the cable company (Spectrum) made me replace my cable modem last week. I did that, got my Airport connected to it, and after a call to tech support got it up and running. It's been working for the past week. I suspect the modem may have updated or changed configuration without me knowing it and that's the real cause here. They sent me a Wifi router with the modem, but will charge me $5.00/month if I keep it. I'd rather own the hardware. #2, I have an older Airport Express that was working the last time I used it. I replaced it with the newer model about 5 years ago so I could do backups. It fails to work in the same way. It seems like the WAN port isn't communicating with the cable modem. So, if there's some way to verify that the WAN ports on my Airports are or aren't working, I'd be interested to hear about it.

I am able to connect a wired ethernet switch to the cable modem and all devices on the switch can see the Internet just fine. I tried connecting both Airports to the switch via their WAN ports while the switch was connected to the cable modem, but that did not work. (Or at least, I couldn't connect to the internet via either Airport.)

So, on the off-chance that both my Airports have a similar failure, I need to replace them. I have gotten suggestions from others, but have been pretty unhappy with them. I have the following requirements:

• Absolutely must not store any information about me in the cloud (for example as Ubiquiti apparently does)
• Absolutely must not rely on any sort of connection to the manufacturer to work properly and must not phone home without my permission
• Preferably not a poorly made device that will die in 3 years
• Must work properly and at full speed with Apple devices
• Must not require a phone app to configure
• Must have ~3 ethernet ports so I can hardwire in my TV devices (AppleTV, TiVo, etc.)

Things I don't need, but aren't a deal-breaker if it has it:

• The ability to configure every little setting. I prefer to set it and forget it.
• Mesh networking. My house is not huge, the cable modem is in the middle of the house and my single Airport base station has good coverage of the entire house.

If you know of any device like this, please share!

Friday Security Briefing

Hello there! I hope you're all looking forward to something this weekend. Today's briefing will cover a captivating tale of scheming against financial centers, woes of virtual networking, and the possibility of Russia behaving quite unnecessarily.

"Listen, or your tongue will make you deaf." ~ Unattributed proverb

Wall Street targeted by new Capital Call investment email scammers

The tactic of exploiting enterprise email systems remains a successful and active attack vector for bad actors. The emerging development is the use of "capital call" style scam, wherein scammers pretend to have investor or insurance business with the business.

"In an example shared by the researchers, the scam email attached a Capital Call Notice for US $970,357.00 to be deposited into a bank account under the fraudsters’ control."

"If the targeted investor was duped into wiring the funds, then it is likely that money would be quickly moved into other accounts and withdrawn by mules to prevent the payment from being returned to the victim."

The flexibility that cryptocurrencies provide to discreetly rearrange money may actually be disadvantageous for banks in certain situations.

Source: Tripwire, Wall Street targeted by new Capital Call investment email scammers

High severity Linux network security holes found, fixed

(CVE-2021-26708) Alexander Popov of London has discovered five security holes in the Linux kernel's virtual socket implementation. This is concerning, my personal use of virtual networking systems could be a lot more thought out. I do tend to keep my use of libvirt to a minimum but ideally I would be running my virtualization workstation on a separate box optimized for safe practices.

"These holes entered Linux when virtual socket multi-transport support was added. This networking transport facilitates communication between virtual machines (VM) and their host. It's commonly used by guest agents and hypervisor services that need a communications channel that is independent of the VM network configuration. As such, people who are running VMs on the cloud, which is pretty much everyone these days, are especially vulnerable."

Source: ZDNet, High severity Linux network security holes found, fixed

Ukraine: DDoS attacks on govt sites originated from Russia

Ukraine is proposing that information on the threat actors responsible for a DDoS on Ukrainian government websites originated from Russian domains.

However, they did not claim that the threat actors were affiliated with the Russian state.

I am curious about the motivations if this was sanctioned by Russia. Are they testing their capabilities against a softer target in order to learn from the European and American Cyber-Defense response? Perhaps this was a way for Russia to demonstrate it's competency at cyber warfare.

"The National Coordination Center for Cybersecurity (NCCC) at the NSDC states that these DDoS attacks have been massive and have targeted government websites in the defense and security sector."

Possible retaliation?

"Last week, news leaked that Ukrainian law enforcement, in cooperation with the US and French police, arrested alleged Egregor ransomware operation members.

Three days later, the Security Service of Ukraine (SBU) issued a press release about the Egregor arrests and seizing the ransomware group's equipment."

Source: Bleeping Computer, Ukraine: DDoS attacks on govt sites originated from Russia

I moved into a new apartment and was surprised to see that all my rooms have CAT 5 Ethernet ports in the wall. However, cue my disappoint when I try to naively plug my router and machine in two separate ports to find that the ports don't actually work. After searching various forums, I found that I have to:

1. Locate the panel where all the ethernet ports connect
2. Wire them to an ethernet switch.

I found the panel but all the wires look like this:

https://i.imgur.com/Qzm72g0.jpg

I'm not sure what I need to do from here to plugging into my network switch. Any guides or advice would be extremely helpful. I don't need every port connected to the switch, only one or two. None of these look labelled so I might have a difficult time isolating which cable runs where.

And about the network switch... Any qualms about using an old router that has the AP turned off?

I'm running out of time to finish the spend requirements on a credit card promotion. I was planning on buying a VR headset, but I realized there was something that would actually be much more useful; a new router.

The market for consumer routers has been really strange; We are on the sixth generation, yet it's super common for consumer routers to be two or three generations behind, especially the less expensive ones. So much of the stuff on the market only goes up to 802.11n, and half of the time the firmware they include is halfway broken or is missing important features.

So I'm looking for a router that is relatively future-proof. I want Wifi 6. I want something that won't be interrupted by the microwave. Open source firmware would be excellent, but not a requirement. I don't need mesh networking; my house is not that big. I do want it to be relatively inexpensive; I'd consider $300 to be a hard limit unless someone has a persuasive arguement to justify the cost.

I would also prefer to avoid Netgear. I have no idea how they stay in business with the mountains of problems I have had with their products and their horrible support. The last time I owned a Netgear product, I was forced to give them my email address to download the driver and they illegally added it to their marketing mailing list without my permission. I don't do business with people who betray me.

I have interactive firewalls like OpenSnitch running on most of my desktop OS's. I like to see what is going on with my machines' network connections to learn about networking, infosec, and to have have some peace of mind.

Example workflow:

1. Get a firewall notification of a new incoming connection to some process running on my machine
2. If no DNS entry exists and only the IP address is provided, then I google the IP
3. I find something like https://ipinfo.io/74.125.20.189
4. I make a decision as to whether allow/deny based on the ownership info which I found in step 3.

Aside from trusting the particular site presenting the ownership info, how reliable is this information regarding IP ownership?

For example, if an IP came back as "Google" could it really be a GCP instance running a command and control server?

Another example, I know that large corps own big blocks of IPv4, but they must lease these IP's out to whomever, right? I imagine there is some wild-west market for these with little accountability?

Are either of these scenarios realistic? If so, is my entire workflow for "do I trust this IP" pointless?

I'm sharing in case some of you are having a similar issue at work or at home, and to hear your opinion and/or similar stories!

I've been using Ubiquiti access points in my home for a few years now, and overall, they've worked very well. 3 APs giving near perfect 5GHz VHT80 coverage on DFS channels. LAN transfers are about 600-650mbit on laptops, which has proven to be plenty for wireless clients in my home. Keep in mind that this is a pretty basic setup... besides the APs, there's just the ISP provided GPON ONT which is also a typical all-in-one ISP solution (router, switch, AP, firewall, DHCP server...) with it's Wi-Fi turned off.

As I said, I was pretty happy with the results, however there was one feature that I could never get to work just right; roaming. You could be walking around the house watching a live stream and the stream would pause for 5-8 seconds until the roaming transition was over. Strangely, with VoIP calls, roaming would be about 3-5 seconds. Even enabling fast roaming features (which I believe is simply 802.11r) on the AP's controller would not give the results I was looking for. After days of tweaking TX power settings, channel selection and trying to implement Minimum RSSI (which I ended up not using), I finally gave up and resigned myself to the 4-6 seconds (oh, the humanity) of roaming time.

Fast forward to about two months ago and I added a new router to the setup (UBNT ER-4) and a switch (UBNT USW-24). Setup went smooth, already had some cat.6 cabling around the house, now it was time to actually use it. Had some fun setting up a guest Wi-Fi network on it's own VLAN, which was always a concern of mine; having "untrusted" devices connect to my network. The access points do client isolation on guest networks by default, but in my mind it wasn't enough as I have some file servers and time machines on the network.

Anyways, a few days after doing the setup I'm walking around the house with a livestream on my mobile and suddenly realize that it's not losing the connection. I try with a VoIP call and it worked flawlessly. I start walking around faster and still, the phone is roaming without an issue. I was very excited!

I'm thinking it must be the router that somehow solved the roaming issue. My first theory was that the DHCP server on the ER-4 was doing it's thing much faster than the ISP's device, allowing the wireless clients to actually roam faster. So I do a web search and I find some very relevant info. It was a thread on a forum and reddit thread with a sysadmin that was about to give up on the APs because of roaming issues. In both threads, there were replies about what switch were they using.

Apparently, some switches (Cisco and HP were mentioned), have a "MAC aging" interval setting which is way too high by default, or they simply have bugged firmware that doesn't allow the switch to "re-learn" the MAC address of a device on a different switch port. I assume that ISP provided "el-cheapo" gear has similar issues.

So, if you're having roaming issues with your wireless clients, check your switches!!!

Anyways, just wanted to share this story. Thank you for reading. :-)

Previous challenges

It's time for another coding challenge!

This challenge isn't mine, it's this challenge (year 5, season 3, challenge 3) by ČVUT FIKS.

The task is to design a network communication protocol. You're sending large amount of bits over the network. The problem is that network is not perfect and the message sometimes arrives corrupted. Design a network protocol, that will guarantee that the decoded message will be exactly same as the message that was encoded.

MESSAGE => (encoding) => message corrupted => (decoding) => MESSAGE

Corruption

Transmitting the message might corrupt it and introduce errors. Each error in a message (there might be more than one error in a single message) will flip all following bits of the message.

Example:

011101 => 011|010

(| is place where an error occured).

There might be more than one error in a message, but there are some rules:

• Minimum distance between two errors in a single message is k

• Number of bits between two errors is always odd number

According to these rules, describe a communication protocol, that will encode a message, and later decode message with errors.

Bonus

• Guarantee your protocol will work always - even when errors are as common as possible

• Try to make the protocol as short as possible.