|
Here's a bit of an off topic question, but still rooted in networking. I'm looking to setup IDS/IPS infrastructure on my home network. I had planned to use a TPLink managed switch to tap the connection between my modem and my router, setup port mirroring and feed the port receiving the mirrored traffic to my Security Onion box. Unfortunately, it has now dawned on me that my modem won't know how to send the traffic over to my router, yeah? My backup plan is to use a VSS Monitoring packet broker to solve the problem if the switch doesn't work. I would really like to avoid enterprise hardware in my house though. Is there a way to make this setup work with a managed switch sitting in-line between my cable modem and router? Basic Network Wiring: ISP -> Cable Modem -> P1 on TpLink Switch P2 on Tplink Switch -> WAN port on router (Mirror this port to monitor port) Monitor Port -> Security Onion IDS Box. e: https://www.amazon.com/dp/B00N0OHEMA/ref=twister_B06XDLVVF6?_encoding=UTF8&psc=1 (the switch) Diametunim fucked around with this message at 00:15 on Sep 26, 2017 |
#
?
Sep 26, 2017 00:11
|
|
|
|
| # ? May 13, 2024 04:57 |
|
|
https://www.youtube.com/watch?v=UygPcBCFRrA
|
|
#
?
Sep 26, 2017 00:19
|
|
|
Diametunim posted:Here's a bit of an off topic question, but still rooted in networking. I'm looking to setup IDS/IPS infrastructure on my home network. I had planned to use a TPLink managed switch to tap the connection between my modem and my router, setup port mirroring and feed the port receiving the mirrored traffic to my Security Onion box. Unfortunately, it has now dawned on me that my modem won't know how to send the traffic over to my router, yeah? My backup plan is to use a VSS Monitoring packet broker to solve the problem if the switch doesn't work. I would really like to avoid enterprise hardware in my house though. setup port mirroring on the ingress/egress ports for both the modem and router, and send the sniffed traffic to the monitoring port of your IDS/IPS. The modem and router will talk to each other as normal provided that the router gets its IP address from the modem via DHCP or that you statically set the address. A network tap / port mirror doesn't change that. Just make sure your IDS/IPS isn't also participating in the outside/insecure network.
|
|
#
?
Sep 26, 2017 00:23
|
|
|
Upgrading internet speed from 50 to 100kpbs, need to move to a docsis 3.0. I have: https://www.amazon.com/Cisco-Linksys-Cable-Modem-Ethernet-Connection/dp/B000WIK61I/ https://www.amazon.com/Linksys-Wireless-Dual-Band-Anywhere-EA6300/dp/B00C0WZ9FW I'm looking at: https://www.amazon.com/Linksys-Certified-Comcast-Cablevision-CM3008/dp/B01DACQMH4 Do I need a new router or will the 6300 handle the new speed just fine?
|
|
#
?
Sep 26, 2017 00:35
|
|
|
Encrypted posted:DOCSIS 3.1 let you pull more bandwidth from a bigger pool right now. And judging from the ol 3.0 hardwares, if you sell the 3.1 modem later to stay ahead of the upgrade cycle (probably not for a while since the 3.1 spec allows bandwdith for up to around 10Gbps) you can still get 60~80 bucks for it and essentially pay only 100 bucks for your modem instead of always being a generation behind.
|
|
#
?
Sep 26, 2017 01:44
|
|
|
You don't want the total available bandwidth to you to be the same as your plan's max speed. Since the more available bandwidth you have with DOCSIS 3.1, the more likely you will be able to get the maximum speed on your plan at all time. Even during the evening/congestion hours. With current 96Mhz OFDM channel deployed by Comcast on DOCSIS 3.1, you gain another 800Mbps of leeway on top of 1200Mbps from 32 3.0 downstream channels. Note that the OFDM channel itself can be resized to 192MHz for downstream and SB8200 supports two blocks of this at the same time for DS. Basically you get 66% increase of available bandwidth to you. With this in mind. 3.1 should be set for the next few years as they shift more towards multiple giant blocks of OFDM channels that can use frequencies more efficiently. And that it might be a while before things going beyond 1Gbps anyway. Encrypted fucked around with this message at 12:04 on Sep 26, 2017 |
|
#
?
Sep 26, 2017 12:01
|
|
|
I have a question regarding a Ubiquiti UniFi AP-Lite that I have and which came with a power-over-ethernet adapter. I'll be setting it up tonight in order to provide internet to a PC without a wireless card or dongle which can't be hardwired to my router. I won't be setting up the guest portal stuff in the immediate future, so I believe I can use the UniFi Android app for setup. If I understand correctly, in the initial setup phase I should connect the AP directly to my router like so: wire from router to LAN port on the PoE adapter, wire PoE adapter to AP from PoE port. If the white light on the AP is on, all I should have to do is find the AP in the app, then enter my SSID & password at this point I think. After I've set up the AP through the phone app, can I then unplug it from the router and move it over to where the PC is then connect the two via the PoE adapter (PC -> LAN port | PoE port -> AP) and be good to go? Do I need a switch in between the PC & AP for any reason, or am I missing a vital piece of hardware for this to even work? I don't have and haven't used any other Ubiquiti hardware, so I'm starting from scratch with regard to the controller software and my router is the Archer C7 that people have been having issues with, but I haven't had any problems yet. Networking is not my strong suit and I feel a little out of my depth with this device. I had extremely limited time to mess around with it last night but I was trying to do setup through the controller software but I couldn't get it to "adopt" the AP, but I'd been trying to do setup with my PC connected right to the AP through the PoE adapter (no switch) so maybe that was the problem. I feel like a little baby, any help would be greatly appreciated.
|
|
#
?
Sep 26, 2017 21:31
|
|
|
Why did you buy an access point, and not a wireless card for the PC? EDIT: In order to do what you want to do, it looks like you might need a second Unifi AP. https://help.ubnt.com/hc/en-us/articles/205146000-UniFi-Set-up-UAPs-in-wireless-uplink-topology n0tqu1tesane fucked around with this message at 21:45 on Sep 26, 2017 |
|
#
?
Sep 26, 2017 21:39
|
|
|
I had both a card and a dongle fail, so for whatever reason I thought that I could use an access point instead and connect to that somehow directly through the LAN port on the PC. Now I'm feeling that I have a fundamental misunderstanding of how access points even work to be honest. edit: Well poo poo, serves me right for making a number of unfounded assumptions. Basically I thought the access point could accept my router's signal and feed it to the PC either through the adapter or through a switch. doctorthefonz fucked around with this message at 21:57 on Sep 26, 2017 |
|
#
?
Sep 26, 2017 21:46
|
|
|
What you're wanting can be done with some access points, and CAN be done with the Ubiquiti AP you bought, but you need another one. What you're really looking for is a wireless bridge. You might also want to look into powerline networking.
|
|
#
?
Sep 26, 2017 21:58
|
|
|
Right on, maybe I can return or sell the AP and either use another router in bridge mode or go powerline. Powerline makes me nervous because I live in an older apartment building and have no clue as to the condition of its wiring but I'm not optimistic judging by its maintenance overall. I do have a Netgear N600 router kicking around though, sounds like I can put that in bridge mode and give it a shot tonight. Thanks again!
|
|
#
?
Sep 26, 2017 22:28
|
|
|
So I finally got into my modem controls today and got off the crowded band channel I was on in my neighborhoods wifi traffic (4). As per the OP, I set the channel to be used at : (11). When I open up inSSIDer and look at connection, its showing me that I'm on two channels, or something? One of them is Channel 11, but it's also showing me I'm on 149/155a.c. I'm not sure what this means, can anyone clue me in here? Its also showing it as 11/149* on the front page of SSIDer... So confused here.
|
|
#
?
Sep 26, 2017 22:46
|
|
|
Dennis McClaren posted:So I finally got into my modem controls today and got off the crowded band channel I was on in my neighborhoods wifi traffic (4). As per the OP, I set the channel to be used at : (11). One of those is your 2.4 ghz channel, the other is your 5ghz channel for AC/N devices
|
|
#
?
Sep 26, 2017 22:49
|
|
|
I'm about to bite the bullet on all new Ubiquiti stuff for my new house, which I'm pretty excited about. I'm going to get a US-24-250, US-16-150, and USG-Pro-4 unless you all think it would be better to look into Edgemax switch and router stuff. I'm open to suggestions. I need a couple of SFP's and a MM duplex LC-LC fiber to connect the Switch on the third floor to the Security Gateway in the basement. I can't seem to find out much about the SFP's so I'm having a hard time picking the fiber to get. The run is <20m and I am only aiming for a gig connection, so really anything should work right? I can't find much data on the SFP's besides the fact that they're 850nm. I don't even know if they're laser / LED. The datasheet says they're good for 550m runs, but that would have to be with a 62.5/125 fiber right?(I'm making assumptions that they're giving max possible distance at the cost of bandwidth) Does that mean that 50/125 isn't recommended?
|
|
#
?
Sep 27, 2017 05:06
|
|
|
GnarlyCharlie4u posted:I'm about to bite the bullet on all new Ubiquiti stuff for my new house, which I'm pretty excited about. re: fiber - If you're getting fiber professionally installed (or even pulling it yourself) use single mode 5/125 OS2 fiber since the materials cost difference is negligible these days, and the connectors for field termination are actually cheaper for single mode due to all of the fiber-to-the-home installs using single mode fiber for the last mile run. Order cheap compatible SFPs from fs.com or 10gtek via Amazon. You can also order Ubiquiti branded SFPs US-SM-1G-S if you feel like tossing them a few bones direct. Truthfully the distance between a basement and the third floor should be less than 326 feet if you're doing a fairly straight shot. You could use cat5e and still run gigabit over copper. Single mode fiber just gets you the ability to do 10gig fiber later. Otherwise you can do 10gig over multimode fiber as long as you get OM4 fiber (50/125 laser-optimized). Don't use 62.5/125 fiber. It's deprecated and at best only supports 1gig ethernet. CrazyLittle fucked around with this message at 05:59 on Sep 27, 2017 |
|
#
?
Sep 27, 2017 05:56
|
|
|
Not sure if this is an appropriate place to post this but we've been having our internet cut in and out constantly in the last couple days and upon checking the router log it looks like its because we're getting DoS attacked every evening. Anyway, my question is: is this something I can solve by changing setting or buying new hardware, or is this something the ISP would need to handle? ISP = Cox Router = Netgear C3000-100NAS Devices connecting to Wifi: 2 Chromecasts, 2 iphones, 1 android phone, 4 computers Steps taken so far: -Changed router control panel password -Changed Wifi name and password -Disabled WPS -Enabled Access Control to stop new devices from connecting -Ran virus scans on all devices
|
|
#
?
Sep 27, 2017 06:01
|
|
|
Class Warcraft posted:Not sure if this is an appropriate place to post this but we've been having our internet cut in and out constantly in the last couple days and upon checking the router log it looks like its because we're getting DoS attacked every evening. Do you have any services that "phone home" like a dynDNS host name that follows your IP around? If it's an actual "DoS" attack then it would be directed at your IP address, or directed at something that's pointing to your IP. The simplest answer is to try to get a new IP address from the telco. With most cable providers you just need to leave your cablemodem turned off for a few hours. But if you get a new IP and they were DDoS'ing your dyndns name then the attack will just follow you whereever you go.
|
|
#
?
Sep 27, 2017 06:09
|
|
|
Sounds like generic IP range attacks on a WAN facing admin panel being interpreted as scary DDoS because there are so many log entries.
|
|
#
?
Sep 27, 2017 06:24
|
|
|
CrazyLittle posted:Do you have any services that "phone home" like a dynDNS host name that follows your IP around? If it's an actual "DoS" attack then it would be directed at your IP address, or directed at something that's pointing to your IP. The simplest answer is to try to get a new IP address from the telco. With most cable providers you just need to leave your cablemodem turned off for a few hours. But if you get a new IP and they were DDoS'ing your dyndns name then the attack will just follow you whereever you go. Would a VPN count? I'm going to call my ISP tomorrow and see if we can get a new IP address, but if there is anything I can do on my end as well I'd like to try and cover all my bases. Anyway here is the log, not sure if this is helpful or not:  The DoS attacks are succeeding in disconnecting the internet for about 15 seconds each time, and as you can see from the frequency it basically makes using the internet while they're going on impossible.
|
|
#
?
Sep 27, 2017 06:49
|
|
|
Class Warcraft posted:Anyway here is the log, not sure if this is helpful or not: SEKCobra posted:Sounds like generic IP range attacks on a WAN facing admin panel being interpreted as scary DDoS because there are so many log entries. Yep. A real (effective) DDoS would have way more log entries in a much shorter timespan - say 1000 unique sources within 1 second. If they're actually hitting a flaw in the Netgear's firmware you wouldn't see that in the logs, and you would need to upgrade its firmware or get a new modem anyways. Try plugging a regular network cable in and using that. If the problems go away then you just have a bad wifi deployment.
|
|
#
?
Sep 27, 2017 08:26
|
|
|
Anyone know if a HP Procurve non-managed 8 Port switch would pass VLAN tagged packets? Seems like no but maybe I'm missing something.
|
|
#
?
Sep 27, 2017 18:29
|
|
|
redeyes posted:Anyone know if a HP Procurve non-managed 8 Port switch would pass VLAN tagged packets? Seems like no but maybe I'm missing something. Some do some don't. Read the spec sheet for 802.1q support
|
|
#
?
Sep 27, 2017 20:59
|
|
|
CrazyLittle posted:Some do some don't. Read the spec sheet for 802.1q support Unmanaged switches cant support it, so it wont be specd. It certainly depends, but most dumb switches are only gonna care about source and destination mac and will probably forward the traffic. Still a pretty dumb setup.
|
|
#
?
Sep 28, 2017 09:34
|
|
|
My small business with 6ish computers and a file server is currently setup with an Edgerouter X. I brought in a real IT guy since up till now I've been hacking it amateur style, and I wanted some advice about getting VPN setup. He told me I should trade out the Edgerouter X for a Unifi Security Gateway. Everything I've learned about small setup networking was from this thread, so I figured I'd ask here if there are any real advantages with the USG over the X or is this guy just trying to spend my money?
|
|
#
?
Sep 28, 2017 14:01
|
|
|
SpaceCadetBob posted:My small business with 6ish computers and a file server is currently setup with an Edgerouter X. I brought in a real IT guy since up till now I've been hacking it amateur style, and I wanted some advice about getting VPN setup. He told me I should trade out the Edgerouter X for a Unifi Security Gateway. Everything I've learned about small setup networking was from this thread, so I figured I'd ask here if there are any real advantages with the USG over the X or is this guy just trying to spend my money? It's not a bad step to make, do you have Ubi WAPs and stuff as well? USG + Controller makes managing and expanding pretty effortless.
|
|
#
?
Sep 28, 2017 14:03
|
|
|
The USG is part of the 'cloud' lineup of Unifi, if you don't have any other products I don't know why he'd recommend that. I can't speak to the performance of either device, assuming you want client VPN, the edgerouter can't do that at all.
|
|
#
?
Sep 28, 2017 14:04
|
|
|
Photex posted:It's not a bad step to make, do you have Ubi WAPs and stuff as well? USG + Controller makes managing and expanding pretty effortless. I am using a UAP Lite, and the guy mentioned that I might want the Unifi managed switches so I can run a VOIP system over the same cables easier on VLAN. I'm not opposed to upgrades, I just feel like I know just enough about networking to wrongly second guess everything! Edit: I think I might also have to replace my UAPLite with a Pro if I switch over to the Unifi POE switch correct? I think they do different voltages? SpaceCadetBob fucked around with this message at 14:16 on Sep 28, 2017 |
|
#
?
Sep 28, 2017 14:09
|
|
|
SpaceCadetBob posted:I am using a UAP Lite, and the guy mentioned that I might want the Unifi managed switches so I can run a VOIP system over the same cables easier on VLAN. I'm not opposed to upgrades, I just feel like I know just enough about networking to wrongly second guess everything! I don't think you can VLAN tag across the different model lines (Unifi vs Edge) so yeah i don't think he's leading you down the wrong way, Unifi is just dead simple to manage. edit: you won't need a new WAP, the PoE switch will send the correct amount of voltage. Photex fucked around with this message at 14:20 on Sep 28, 2017 |
|
#
?
Sep 28, 2017 14:17
|
|
|
I'm thinking about trying to switch ISPs, I currently use my local cable monopoly Cox and own a SB6121 modem. My next option would be the phone monopoly AT&T, I previously had AT&T internet and U-Verse TV about two years ago, and I simply do not wish to ever use one of their modems again. Every hour the DNS would stop resolving for 5 minutes and each time the modem would log no response from an AT&T DNS server. When I looked into options to set my own DNS or use my own modem at the time, all I could find was people talking about how you had to have your own modem to be able to use U-Verse, the TV side of things. I think AT&T might have like given up on U-Verse since now they just offer internet and DirectTV in my area. I've spoken to a couple AT&T agents and read a few forums posts, AT&T sales is happy to say "any modem will work" but they can not provide a list of modems or what even what type of DSL modem is necessary. At best I think I need an ADSL2+ modem only because the website lists only 1 speed in my area - 24mbps, the max speed for an ADSL2+ modem. But it's also possible it could be a VDSL (up to 50mbps), VDSL2, or VDSL2+ connection, I simply doubt it's a VDSL since if they were using VDSL then surely they should offer VDSL speeds in my area. I have two more ISP options, for cable I could go with toast.net or DSLExtreme. I think I want one of these ISPs just to avoid the big ISPs, but I'm noticing the smaller ISPs seem to have websites from the 90s but they seem to be a lot more up front with the terms and offer things like a static IP address. That said, I tried to contact toast.net using both the webchat and phone number and I couldn't get any response. . . the web chat let me talk to Chris E from the void but there was no response, most likely nobody there, and the phone number only went to voicemail. How is even possible for there to be another option for cable or DSL in my area?
|
|
#
?
Sep 28, 2017 14:49
|
|
|
Has anyone used Monoprice In wall or Riser (UTP) cable? Is it any good? Specifically, hows the jacket? Quality? Thick? Flexible? and what's the insertion loss and heat dissipation like? Does the cable pull easily? Does it kink in the box? I plan on running a bunch of 802.3af PoE devices over this, and while I'm sure it's 'just fine' I'd be open to hearing anyone's anecdotal horror stories.
|
|
#
?
Sep 28, 2017 18:54
|
|
|
GnarlyCharlie4u posted:Has anyone used Monoprice In wall or Riser (UTP) cable? Is it any good? I bought this from Monoprice to do a bunch of runs for my home network. Pulled one long line from the second floor to the basement and another long one from the main level to the basement. Had no issues with kinking or pulling at any point. Quality seems fine for the cost, not overly thick and decently flexible. Neither line has had any problems as of yet so I'm satisfied.
|
|
#
?
Sep 28, 2017 22:49
|
|
|
This is a great deal for anyone who's looking to upgrade/buy their own cable modem to something that should last at least 3~5 years with DOCSIS 3.1 https://www.amazon.com/Motorola-MB8600-Certified-Comcast-Communications/dp/B0723599RQ/ Use coupon code MOC12017 to bring it down to $146.94
|
|
#
?
Sep 29, 2017 00:05
|
|
|
do you guys reckon the edge router x will suffice to fulfil the routing needs of 4 apartments, so 4 separate wired access points, on a 200 mbps fibre connection? it says the routing performance is 650 mbps tops in the OP but am not familiar with the term
|
|
#
?
Sep 29, 2017 00:49
|
|
|
Bulgogi Hoagie posted:do you guys reckon the edge router x will suffice to fulfil the routing needs of 4 apartments, so 4 separate wired access points, on a 200 mbps fibre connection? it says the routing performance is 650 mbps tops in the OP but am not familiar with the term I wouldn't. I'd probably go with pfsense on a decent machine with some good intel NICs.
|
|
#
?
Sep 29, 2017 01:24
|
|
|
Bulgogi Hoagie posted:do you guys reckon the edge router x will suffice to fulfil the routing needs of 4 apartments, so 4 separate wired access points, on a 200 mbps fibre connection? it says the routing performance is 650 mbps tops in the OP but am not familiar with the term Is this one connection being shared among 4 apartments? If so, what's your strategy when one of the 4 apartments does something illegal on the connection?
|
|
#
?
Sep 29, 2017 03:26
|
|
|
astral posted:Is this one connection being shared among 4 apartments? If so, what's your strategy when one of the 4 apartments does something illegal on the connection? that's for my non technical friend AKA the landlord to solve, im just upgrading his very old setup to take advantage of what he pays for [quote="“Matt Zerella”" post="“476868977”"] I wouldn’t. I’d probably go with pfsense on a decent machine with some good intel NICs. [/quote] i'll take a look at what kind of small boxes i could source to put pfsense on, thanks
|
|
#
?
Sep 29, 2017 07:30
|
|
|
SpaceCadetBob posted:My small business with 6ish computers and a file server is currently setup with an Edgerouter X. Edgerouter X is a smart 5-port switch that lets you NAT in software. There's a small amount of NAT acceleration built into the chip, but no features past that. The USG and Edgerouter Lite have hardware ipsec VPN acceleration. If you want as close to your internet connections speed as you can get via VPN then you want accelerated hardware. SpaceCadetBob posted:I am using a UAP Lite, and the guy mentioned that I might want the Unifi managed switches so I can run a VOIP system over the same cables easier on VLAN. All of the UniFi PoE switches support both standards on their PoE ports. If you recently purchased your UAP-AC-Lite there should be a way to check if it will work on 48v 802.3af PoE. The first release of the UAP-AC-Lite ran on 24v passive PoE but they've been releasing a revised version of the AC Lite that supports both power standards. Even still, if you don't end up with 24v passive power support on whatever switch, Ubiquiti makes an adapter they call "instant 802.3af" which converts 48v PoE into 24v passive PoE. You don't HAVE to run a voip VLAN if you don't think you need it, but VLANing out your voice traffic offers a little bit of added security and flexibility for managing QoS. SEKCobra posted:The USG is part of the 'cloud' lineup of Unifi, if you don't have any other products I don't know why he'd recommend that. I can't speak to the performance of either device, assuming you want client VPN, the edgerouter can't do that at all. The big advantage of getting UniFi all around is that if you make one change in the UniFi controller, it will automatically translate that change to all of your devices that need it. Without a central controller, EdgeMAX devices would need to be configured by hand separately. Photex posted:I don't think you can VLAN tag across the different model lines (Unifi vs Edge) so yeah i don't think he's leading you down the wrong way, Unifi is just dead simple to manage.
|
|
#
?
Sep 29, 2017 09:01
|
|
|
Encrypted posted:This is a great deal for anyone who's looking to upgrade/buy their own cable modem to something that should last at least 3~5 years with DOCSIS 3.1 
|
|
#
?
Sep 29, 2017 09:32
|
|
|
I'm currently using a C7, but if I wanted to put an EdgeRouter into my setup, I could just disable all the routing functions on the C7 and turn it into a glorified access point, right? Would I still be able to use all the ethernet ports on the C7 like a switch if I did that?
|
|
#
?
Sep 29, 2017 11:13
|
|
|
|
| # ? May 13, 2024 04:57 |
|
|
Fil5000 posted:I'm currently using a C7, but if I wanted to put an EdgeRouter into my setup, I could just disable all the routing functions on the C7 and turn it into a glorified access point, right? Would I still be able to use all the ethernet ports on the C7 like a switch if I did that? Yeah, that's usually the case. Disable all WAN/routing features and only use LAN ports.
|
|
#
?
Sep 29, 2017 14:38
|
|
