|
Just to be clear, when you say qos do you mean priority based on protocol/port, per-client bandwidth limiting, or something else? Some routers only have limited shaping abilities but still call it 'qos'
|
# ? Aug 22, 2016 16:57 |
|
|
# ? Apr 19, 2024 03:37 |
|
I want to make sure a download doesn't tank a video conference so at minimum, shaping, but preferably I'd be able to set some rules. I don't need to be able to specifically limit someone's bandwidth though.
|
# ? Aug 22, 2016 17:09 |
|
I think I'm going to get a TP-LINK Archer C9. Are people finding they need to reboot them from time to time?
|
# ? Aug 22, 2016 19:43 |
|
EngineerJoe posted:I think I'm going to get a TP-LINK Archer C9. Are people finding they need to reboot them from time to time? No.
|
# ? Aug 22, 2016 21:06 |
|
EngineerJoe posted:I think I'm going to get a TP-LINK Archer C9. Are people finding they need to reboot them from time to time? I've had the C7 for a year and beyond configuration changes, I've had to reboot it once and that was probably due to Comcast going out for a couple hours.
|
# ? Aug 22, 2016 21:10 |
|
EDIT: Actually ignore this, scans show the port is closed but a VPN app can still connect, moving to another thread instead. More of a question for UK goons; I'm having trouble opening ports on my SKY router (SR102) as I'm trying to setup PiVPN on a Raspberry Pi Zero, as every port scanner I've thrown at it says it's closed. I've setup a service for a UDP port and then a firewall rule using this port to open/forward all internet traffic towards the static address of the Pi Zero, and the internal firewall of the Pi is also off but I'm still getting scans for a closed port. Is there anything I'm missing or just the nature of being locked in with an ISP router? Super Slash fucked around with this message at 20:21 on Aug 23, 2016 |
# ? Aug 22, 2016 21:20 |
|
Does the Apple Airport Extreme 6th gen have the ability to filter MAC addresses for wired connections in addition to wireless? There is an unknown MAC address on the network that doesn't return a manufacturer entry (and I can't match to any device here by local network IP) when I look it up by OUI search, and it is rather active in terms of number of connections. I was only able to spot it from a second DD-WRT client bridge that I use (to connect to the Airport's network), it was invisible to the AirPort Utility's list of wireless connections. I've put up an exclude filter (yes I'm aware that an include filter would be more secure) for that address which should work for wireless settings, but I'm still unsure about my control over wired settings, and the address still shows up on the DD-WRT router's point of view, as in, the unknown element is still being leased a network address by the Airport's DHCP. What would be an effective measure to take in order to shut it out? Should I: -- change the wifi password? -- disable the guest wifi network (which is also protected by a password)? -- switch the Airport's IP structure away from 10.0... to 192.168... ? -- unplug and wait for some kind of timeout? -- disable some feature that I've overlooked to prevent others from remoteing in from somewhere else? e: Comcast cable. My modem's a SB6141. The AE's LAN eth ports are taken up by a Dell workstation, a Cisco VoIP box, and an HP laptop I'm using with MS Network Monitor to try and figure out the source of the issue. None of those match the MAC of the intruder. Also, the laptop hasn't seen the intruder's IP or MAC either. e2: The issue looks like it's most likely on my side. MS Network Monitor from my side of the bridge shows the unknown element, and it's making a lot of connections. But the only thing connected to it is my own machine and I don't have a network device with that MAC either. ???? e3: Just going over basic knowledge--client bridges have two IPs, one facing me and one facing the (in this case wifi) network it's connected to, right? Sidesaddle Cavalry fucked around with this message at 02:19 on Aug 23, 2016 |
# ? Aug 23, 2016 01:57 |
|
I've been testing this C9 at home before I bring it into work. It seems pretty good, totally blew away the dead zone that I could never fix and I'm finally getting 100mbps over WAN instead of the 70 or so that I'd get with my DIR-825. I think I'll have to get one for myself. One question, I noticed this is the V1 model, for my own OCD I'd probably seek out a V2 for home, but the V1 is fine right?
|
# ? Aug 23, 2016 02:22 |
|
Sidesaddle Cavalry posted:Does the Apple Airport Extreme 6th gen have the ability to filter MAC addresses for wired connections in addition to wireless? There is an unknown MAC address on the network that doesn't return a manufacturer entry (and I can't match to any device here by local network IP) when I look it up by OUI search, and it is rather active in terms of number of connections. I was only able to spot it from a second DD-WRT client bridge that I use (to connect to the Airport's network), it was invisible to the AirPort Utility's list of wireless connections. I've put up an exclude filter (yes I'm aware that an include filter would be more secure) for that address which should work for wireless settings, but I'm still unsure about my control over wired settings, and the address still shows up on the DD-WRT router's point of view, as in, the unknown element is still being leased a network address by the Airport's DHCP. OUI search is going to be hit and miss at best, since manufacturers can source chipsets from any ole place. Have you nmap'd the IP to see what (if any) ports are open? Change the Wifi password and see if it disappears. If not, then you've got something extra plugged in somewhere.
|
# ? Aug 23, 2016 02:37 |
|
Uhhhhcode:
|
# ? Aug 23, 2016 07:18 |
|
The unknown MAC follows me across wifi passwords, with nothing plugged into the Airport' LAN ports. guys i think the attacker is me I'm the only constant element in all of this. (Unless there's something that doesn't make sense above?) Gloves are off if that's the case -- what are the steps I can take to determine which connections I am making from my PC are unwanted? I'm willing to go as invasive if possible. EDIT: I put Ubuntu 16.04 LTS onto a flash drive just to run something off this PC without being logged into Windows. The unknown MAC didn't follow me to Linux. WELP Sidesaddle Cavalry fucked around with this message at 09:24 on Aug 23, 2016 |
# ? Aug 23, 2016 07:31 |
|
Windows likes to generate a bunch of virtual network interfaces and stuff sometimes. So it might just be that. Does the MAC show up in an "ipconfig /all". Do you have virtualbox or some other virtualization software installed in Windows? Virtualization software often creates virtual interfaces and generally does odd things to the Windows networking stack. Some VPN client software also does this sort of thing. Its not that these programs are malicious, they just do their stuff in a way that can seem odd to an outside observer. Resource monitor in Windows 7+ will show you all of the current network connections. But if you are concerned about that being compromised then I suppose you could fire up wireshark and run some captures looking for anything that seems out of place. But if you are really worried about your box being rooted then the only real solution is to wipe the drive and do a clean install of the OS.
|
# ? Aug 23, 2016 16:15 |
|
(Windows 10 AE) Well, so far I have two strikes against it--the ghost MAC never showed up on ipconfig /all, and I have no virtualization software on the OS to my knowledge. I do admit to dialing into VPNGate every once in a blue moon to get around IP restrictions, but its adapter appears to be visible to me on my adapter list. pretty important edit: One of the reasons why I'm concerned about being compromised is that I've been on-and-off an IP blacklist for the purposes of logging into Sony's PSN services. Also, at one point last month Comcast sent a family member with a desktop on the network warning her of malicious activity coming from our router's IP. I suspect it's related to the large difference in the number of connections I see behind this client bridge from the unknown MAC compared to the outside (captured by packet sniffers like Wireshark or MSNM). In some cases in the past few days days it's blown up with more than a million connections in less than around 15 minutes while my PC was...idling with only messaging apps on. Sometimes, I am unable to ping my router, possibly because on some occasions, my connection to it is probably choked with traffic like this. My problem with using Wireshark is that I have no idea what to look for , aside from the large number of connections from/to the unknown MAC. That is the vague hypothesis I'm going on, so far. I can still use most of my PC's intended functions on Ubuntu for a while, see if I come off of the IP blacklist again. Sidesaddle Cavalry fucked around with this message at 22:12 on Aug 23, 2016 |
# ? Aug 23, 2016 21:48 |
|
Sidesaddle Cavalry posted:pretty important edit: One of the reasons why I'm concerned about being compromised is that I've been on-and-off an IP blacklist for the purposes of logging into Sony's PSN services. Also, at one point last month Comcast sent a family member with a desktop on the network warning her of malicious activity coming from our router's IP. Very important yes. What sort of malicious activity? They don't send those notices without good reason. If I got one I would be wiping every machine on my LAN within a few minutes of receiving it. What security settings are you using on your wifi? WPA2 with AES (not mixed mode or TKIP, they suck) and a long password is the best you can do in a typical home situation. Since you were easily able to boot Linux on your box you aren't using UEFI secure boot. So your Windows 10 install might have a rootkit on it. If I were you I would probably nuke everything from orbit, just to be sure, and then reinstall windows from known clean install media.
|
# ? Aug 23, 2016 22:53 |
|
Also make that media on a different machine, and compare its checksum with numbers given by MS. I think MSDN or whatever downloads give SHA1 for all the isos? Let us know exactly which version you're getting, and i'm sure someone can look up the proper checksum If your motherboard has a jumper to run a secondary bios copy, you should also do that. Re-flash your motherboard bios whether or not you have a secondary, and also re-flash the firmware on any video cards, hard drives, raid controllers, and whatever else you xan (though if those are infected, you're theoretically hosed permanently)
|
# ? Aug 23, 2016 23:36 |
|
That's a bit much for a first pass on what could easily be "teenage son was looking at porn again."
|
# ? Aug 23, 2016 23:44 |
|
Absotively, but if you're at the stage where you're burning it to the ground you may as well be thourogh since the inconvenience barrier is so low at that point. I doubt the second half about firmware is needed for anything under state-actor level issues, but nowadays i'd consider a bios reflash as sop for a suspected malware wipe/reinstall
|
# ? Aug 24, 2016 00:46 |
|
Antillie posted:What sort of malicious activity? They don't send those notices without good reason. Literally vague "malicious activity": quote:From: Customer Security Assurance <noreply@csa.comcast.net> I was already on WPA2 with AES (default for Airport Extreme 6th gen) but I am having the password changed.
|
# ? Aug 24, 2016 00:50 |
|
Sentient Data posted:Absotively, but if you're at the stage where you're burning it to the ground you may as well be thourogh since the inconvenience barrier is so low at that point. I doubt the second half about firmware is needed for anything under state-actor level issues, but nowadays i'd consider a bios reflash as sop for a suspected malware wipe/reinstall Yeah and he should repaint his house too while he's at it, you can't be too sure. I don't know where the information that reflashing your bios is standard after a malware infection came from, so maybe a link would be good, but the standard response is to image machines that are suspicious or compromised. Re: the Comcast notices, it's probably based off DNS queries to known bad domains, which means something in his network is beaconing / querying where it shouldn't, and most of the time it should be run of the mill malware.
|
# ? Aug 24, 2016 01:11 |
|
Ubiquit question... I've got a Unifi AP-AC Pro, and was running the controller software on an old laptop. I've created a FreeNAS Jail with the necessary packages to run the controller (snappyjava, mongodb, etc), and the controller runs just fine. However, I can't get my AP to work with it. When I try to adopt it, it just shows "Adopting" as the status. If I ssh into the AP and run "info", it throws an error of "Server reject http://ip.of.cont.roller:8080/inform" I thought this was a known issue where you had to have the right user logged into the controller, but I installed the controller on my desktop and it adopted, provisioned, and connected the AP just fine with the same user setup as the FreeNAS Jail. I've reset the AP to defaults several times, both with the ssh "set-default" command, and by holding the reset button, forgotten the AP from all other controller installs, etc... no change. Anyone have any thoughts on how to remedy this? Controller is 5.0.7 in all 3 locations (laptop, desktop, and BSD).
|
# ? Aug 24, 2016 16:18 |
|
I need a decent dual wan capable SOHO device. Anyone got any specific recommendations of devices to look at/stay away from?
|
# ? Aug 24, 2016 19:11 |
|
Syano posted:I need a decent dual wan capable SOHO device. Anyone got any specific recommendations of devices to look at/stay away from? The ERX and ER-L listed in the OP will both do the job. Or you could roll a pfSense box if you prefer. Mikrotik stuff should also be able to do it as well. On the more professional end of the spectrum the Cisco ASA 5506 is an option if you are comfortable with the IOS command line.
|
# ? Aug 24, 2016 20:16 |
|
Syano posted:I need a decent dual wan capable SOHO device. Anyone got any specific recommendations of devices to look at/stay away from? Seconding Ubiquiti. You can set them up for either load balancing or fail-over.
|
# ? Aug 24, 2016 21:18 |
|
Just upgraded my old surfboard router to an Arris SB6190. I have 150 service from Comcast, so figured I'd just get the best Arris router for sale. Probably wasted money over the entry level Arris router, but oh well. "Future proof" right guys? I currently have an Apple Time Machine (latest gen) and second Apple router (latest gen) on the 3rd floor of my house acting as a repeater. Signal strength has always been an issue, but may be mostly resolved since I had Comcast move the AP from the basement to the main (2nd) floor. House is 3200 sq ft. So for my pretty basic (coverage) needs, what would be a solid, supported (updates/firmware) router to blanked my house? I'm seeing the TP-Link Archer C9 recommended. Is the basic white one the better of the choices? Or the "high power" black one for $10 more...or the spaceship looking thing that's hella expensive? I run lots of streaming video and large up/downloads so need something with a fat enough pipe to carry simultaneous large data streams up/down without making GBS threads the bed. My older modem and Apple routers aren't good with this. Thanks Edit: or AmpliFi? Know nothing about this, but looks neat-o. Edit2: also, I'm guessing the combo modem/routers from Arris are a no-go, right? hotsauce fucked around with this message at 16:56 on Aug 25, 2016 |
# ? Aug 25, 2016 16:52 |
|
hotsauce posted:Just upgraded my old surfboard router to an Arris SB6190. I have 150 service from Comcast, so figured I'd just get the best Arris router for sale. Probably wasted money over the entry level Arris router, but oh well. "Future proof" right guys? hotsauce posted:Edit: or AmpliFi? Know nothing about this, but looks neat-o. hotsauce posted:Edit2: also, I'm guessing the combo modem/routers from Arris are a no-go, right?
|
# ? Aug 26, 2016 04:22 |
|
CrazyLittle posted:If you want I'll trade you my 6183 because I'm still mad that I can't wall mount that fucker. I had to fashion this ridiculous "shelf" to hang it. For that kind of thing, zip ties and zip tie anchors are great.
|
# ? Aug 26, 2016 04:37 |
|
Unboxed and installed my AmpliFi LR mesh network last night. Seriously impressive gear and the dead spots in my house are now gone. The set-up is dead simple, and the iPhone App is surprisingly well done. I know the company's enterprise stuff is good, but turning out good stuff for consumers is infinitely harder. But they NAILED it. They are going to sell a ton of these.
|
# ? Aug 26, 2016 13:31 |
|
Internet Explorer posted:For that kind of thing, zip ties and zip tie anchors are great. Yeah, I ran out, and I'm too cheap to buy more for home.
|
# ? Aug 26, 2016 15:29 |
|
Finally got around to installing an OpenMesh system. It's an easy, almost-no-brainer install, but it has a lot of powerful features. If you're looking at AmpliFi or Eero, I'd certainly look at getting some OpenMesh stuff.
|
# ? Aug 26, 2016 15:32 |
|
Thermopyle posted:Finally got around to installing an OpenMesh system. I have some OpenMesh networks going on 7 years old, no issues. Absolutely love it.
|
# ? Aug 26, 2016 21:26 |
|
UniFi gear is awesome. Got a USG, switch and a couple APs to play around with at home, and when the family small biz nuked its gear again I replaced it with UniFi gear as well. Central management, control and reporting with no effort other than "hey talk to this controller" is fantastic.
|
# ? Aug 27, 2016 03:44 |
|
Zorilla posted:Do you have any specific feature you need that exists in DD-WRT? TRIP REPORT: I bought the Archer C9. It's far better than my old router and I don't have to squeeze any extra power out of it with custom firmware. The UI is pretty good. I'm happy with it.
|
# ? Aug 27, 2016 15:53 |
|
LegoPirateNinja posted:TRIP REPORT: I bought the Archer C9. It's far better than my old router and I don't have to squeeze any extra power out of it with custom firmware. The UI is pretty good. Same here, I bought the C9 for work and then another one for home as my old router wasn't able to handle my 100mbps connection. I'm still trying to figure out the QOS settings. The 'Nat Boost' seems pretty useless so I turned it off. QOS seems to reserve a bit too much bandwidth though. My speeds drop from 100 to 85 when I enable it.
|
# ? Aug 27, 2016 18:56 |
|
redeyes posted:I have some OpenMesh networks going on 7 years old, no issues. Absolutely love it. Maybe you can answer these questions: 1. I delete voucher in cloudtrax. How long until clients using that are no longer able to connect? 2. How come when I go to http://logout it takes me to https://www.open-mesh.com instead of splash page and it doesn't actually log me out or prevent me from continuing to use the WiFi?
|
# ? Aug 27, 2016 19:31 |
|
Ahh I was wondering why my Samsung Smart TV wouldn't connect to my wifi.. Found this on my Asus router log: code:
Any suggestions on how to fix this through router SSH? I can't imagine commenting out localhost in the hosts file would be a good idea. lol internet. fucked around with this message at 07:21 on Aug 29, 2016 |
# ? Aug 29, 2016 07:00 |
|
Seems like it's working fine, just not getting the DNS name registered.
|
# ? Aug 29, 2016 07:39 |
|
lol internet. posted:Ahh I was wondering why my Samsung Smart TV wouldn't connect to my wifi.. If its complaining about name registration via DHCP then the TV is on the wifi just fine. But someone at Samsung needs to be slapped for making every TV try to register the name "localhost" with DHCP. Doing so doesn't really hurt anything because the router rejects it (as it should), its just stupid.
|
# ? Aug 29, 2016 16:09 |
|
Oddball Unifi question: I've got a tenant, and I have a basic guest network setup on my controller; just a password. However, he's got an XBoxOne, and it won't let him get to the password page so he can authenticate. It just fails "No Network access, please reset the router" or somesuch. For now, I've added him to my non-guest network, but I'd much rather have him isolated in his little subnet. It keeps his XBox from showing up on my DLNA/YouTube/Plex server list, and it keeps me from accidentally casting a video to his XBox. So, is there a way in the CLI to let a specific MAC just bypass or have permanent guest access? I know I could use a laptop to authenticate, and then change his XBox MAC to match the laptop, and that's work. However, I want my guest access to expire every 7 days, and it'll be annoying to make him do the laptop auth every week on the damned XBox. I wish he'd join the PCMASTERRACE, but oh well.
|
# ? Aug 30, 2016 03:06 |
|
sharkytm posted:Oddball Unifi question: Not sure I can help with your specific problem, but I'm curious - what router are you using? If it's a Ubiquiti router you could set it up so he's on his own LAN, set bandwidth limits for him, and tell him to set up and maintain his own WIFI. Just a thought.
|
# ? Aug 30, 2016 03:39 |
|
|
# ? Apr 19, 2024 03:37 |
|
smax posted:Not sure I can help with your specific problem, but I'm curious - what router are you using? If it's a Ubiquiti router you could set it up so he's on his own LAN, set bandwidth limits for him, and tell him to set up and maintain his own WIFI. Just a thought. EdgeRouterLite, but I've only got one AP, and no ethernet cable run to his room. He's got several devices, and :gasp: friends, who come over, so I want to retain the Guest network settings. ::Edit:: I already set the bandwidth limits for his XBox, and made anyone who connects to the guest network be in a slower group (if you can call 25MBit/10MBit slow...).
|
# ? Aug 30, 2016 03:41 |