Device recommendation: Build clean WIFI environment

Hi guys,
My current devices are all infested. And I am looking for to build a clean WIFI environment with a new device, plus new router with a firewall. Any suggestions or recommendations?

Thank you in advance :pray: :pray: :pray:

You'll get a lot more assistance if you can provide details of the requirements/constraints.

For starters:

  • Budget
  • Internet speed tier and physical service type (cable/dsl/fiber/cellular)
  • Number of client devices expected
  • Physical space -- area of floorplan, number of floors, construction materials (drywall vs brick, etc.), open floor plan or lots of walls, etc.
  • If you need more than one AP, will they be wired or are you going to require mesh or other wireless backhaul?
  • form factor desired (i.e. a device that mounts on a wall or ceiling vs on a counter; rackmount vs desktop
  • applications -- typical internet/streaming/work, or gaming and other latency-sensitive things
  • PoE vs power bricks?
  • any other constraints/requirements/desires you might have.

Switch off/disconnect alll infested devices
Set up "normal" network and connect only 100% clean devices. You might need new one or at least borrow unrelated phone.
Then guest/quarantine network where you rise infested devices one by one
Never ever connect any infested device to clean network or even re-use any password.
Would be interesting to know kind of infestation, usually it is something like UPNP left open to the world or DNS swapped for adware, first you disable, second you change to safebrowsing or adblock depending on infestation.

I'd recommend asus tuf from the list, it has infestation module from factory, quite powerful to replicate functions with openwrt later. Rationale - unlikely you want to stop smart home until you get OpenWRT up to function.

1 Like

Sorry I don't quite understand. Tuf is a series of the laptop, correct? Does it have a module called infestation module?
Thank you very much for your help.

Budget less than 10k.
Speed is okay.
It relates to my and my family's life so it is important. We might die because of this issue...

ASUS routers have trend micro antimalware module built in.

to bring your digital life in order under 200$
You have to be really careful, like reset all your devices and their online accounts and very pedantically connect them to clean side once they are confirmed clean.

Once you are in control of immediate issue you can plan extending network, you can build asus mesh or openwrt mesh, with wired wireless backhaul, and design your network in various ways. 10k is excessive, if you buy each of devices you plan with professional installer it cannot reach that high.

EDIT: not that ASUS is only one, but it is one in recommended list with essentially cost free features to address your hurt.

Are you looking for devices that run OpenWrt? That's what this forum is about.

1 Like

Let the dust settle first, crowdsec is good, but with network full of backdoored IoT might be one wring click and here we go again.... Once OP is in good shape we can plan floors with openwrt? WDYT?

To be clear, this forum focuses on OpenWrt and immediately related technologies. It is not intended as a general networking forum -- there are many of those already around. If the OP is interested in OpenWrt as their routing and/or AP platform, the expertise is here to help them select the right products for their networking needs. But if they want a complete solution with vendor firmware and no devices running OpenWrt, that's a different ball of wax and off topic for these forums.


Is OpenWrt safer? What is the solution under OpenWrt then? Assume the opponent is at the country's top level?

Openwrt is not born fortress out of the box, you need a clean room to install one, like to be the first to set initial password.

Since "safer" is a relative term, I can say with certainty that OpenWrt is safer than most consumer routers insofar as it doesn't have backdoors, it doesn't phone-home, and it is regularly updated to include the latest security patches.

Because it is much more advanced than most consumer routers, it has significantly greater user configurability, which means that it is possible for an individual user to misconfigure things and thus cause it to be less secure (or even totally insecure) -- but this is about the (mis-)configurations, not the core system.

There are hundreds of routers that can run OpenWrt. The devices you choose depend on your needs (which is why I asked the questions above -- I can't tell if you were serious about your really high budget, but I assume that was a joke; the rest of the questions are still important).

If you are a prominent figure or other high value target and specifically targeted by the most determined hackers and/or state sponsored cyber-warfare teams, you need professional/enterprise grade security -- that means equipment, software, and IT pros to administer those systems for you. People who need that level of security should not be DIY'ing anything. For most of the 'regular people' out there, OpenWrt is a great option.


Thank you very much for your reply.
Another quick question is that: Since hundreds different routers are running the same software, are they the same safe or not?

Yes, the safety is in the general code and the firewall configuration; the hardware specific stuff does not impact the security.

Thank you. I will come back later. Have a good one.

Hi guys again,
I don't see the list of devices available for openWRT and I wonder where can I found it?
Thank you

Sometimes there are supported devices that are not listed above. So check:

1 Like