I've seen no proof or description that someone can read your DNS logs...
Are you referring to your DNS queries being sent (and seen) in the clear over your ISP's network?
Perhaps you should describe "piggy backing on my DNS requests"?
Its not always about reading... as I suggested in the title (poisoning), sometimes these things can be done with tools highlighted in popular releases such as Parrot and Kali Linux. You mentioned paranoia so I was humoring your angle.
1 Like
- Correct...but how do the rogue devices connect if WiFi is off?
- You don't have Layer 1 control of your network?
See, the concern is...you're trying to secure your Layer 7 connections...before you've secured the Layer 1.
I mentioned before but:
-
I am living in a shared household where I dont have access to make admin controls over the Wifi. Of course I'd replace the modem, set to bridge mode and etc.
-
Rest of the house connects to wifi via ISP provided equipment.
I appreciate the advice but would appreciate if you also took the time to read what I post as you asked me to answer all of your questions.
Your postings never mention this, I've read four times. In fact, your diagram doesn't even show another router under someone else's control. Saying you'd bridge a modem you don't control was quite confusing.
Something like "my roommates are trying to hack me" is what I would have been seeking.
All of your connections connections need to be be via your router (hence you control Layer 1). You need to be hard wired to the upstream router (or use WPA2 WWAN). You will need a full VPN. What you're doing likely won't work.
Lastly, if someone pw0ns your upstream router, even encrypted traffic can be diverted.
- You should have 0 DHCP issues - you control your Layer 1 if you own the OpenWrt (and hence Layer 2 then)
- You wouldn't want to bridge your device, because then you'd be on the same network as the malicious person
Hope this helps.
1 Like
Your postings never mentioned this...
This is what I was referring to. Sorry if I wasn't clear - I'm trying my best to describe the setup. My initial chart did describe the correct chain, but I failed to map out clients of each point in the chain and specify it was a hybrid as described above
I wanted to approach this without seeming click-baity. I figured a calmer demeanor would help me articulate the situation. Good to know cutting straight to the chase would help in the future for some.
So having firewall rules that allow me to only receive and send to the setup openvpn interface via wireless and lan wouldnt be enough? Do you mind sharing what you would do?
As in the modem provided by ISP? Or AP OpenWrt pwnage? If OpenWRT, I try to follow best practices by ensuring installed images are verified, uhttpd isnt running 24/7, LuCI access HTTPS, SSH port isnt default, SSH access only via LAN, etc. I've even considered disabling tunnelbear and sticking to serial to enable and disable uhttpd.
If I gain control over Layer 1 (ISP provided router/modem) and disable WiFi with the only lan connection being the OpenWRT AP, youre saying its best to leave the modem in DHCP mode and leave administration/wifi to AP? Can an infected Modem maintain connection with a remote attacker invisibly?
In favor of your suggestion, I've heard ISPs dont reissue an IP as frequently if left in bridge mode.
OpenVPN is a VPN client, so yes - as long as you don't need to lookup a hostname for the VPN server, OK...but if everything's using the VPN anyways, you wouldn't have a leak.
OK, it is a modem...I'm guessing it offers multiple IPs, or has a built-in router also?
Otherwise I don't see how you're concerned about malicious actors on your (LAN) side of the OpenWrt.
I wasn't referring to gaining Layer 1 control over the modem, I was referring to gaining Layer 1 control of everything on YOUR SIDE of the OpenWrt - which you do control. That's all that's necessary to secure your network.
You've lost me...where's the network your rogue roommates are connected to...the modem???
No clue, I donno your ISP nor their policies...besides a router should be in bridge mode...hence, I'm wondering where your rogue roommates are connecting...
...yes; but not sure how this would affect you if using VPN. (and as I recall, this device is not in your control...)
It seems like this modem also has a built-in router too. We'd need more details (i.e. if you're issued a Public IP when connected to the modem). You're not describing the entry vector of their malicious actions.
- Simply connect my OpenWrt (in its default router/firewall setup) downstream of the modem, viola - done!
- If I need more security, setup a VPN on WAN, and pass all traffic thru it. Then only you and your VPN provider can see the traffic. The malicious actors can only know where the traffic is going (and perhaps cause DoS, but not alter).
To be clear, I don't understand why you keep desiring to bridge devices/interfaces/APs to the same network as the "modem" - when you suspect a malicious actor on the upstream side of the [OpenWrt] connection.
This Modem in the beginning of the chain is a hybrid modem/router provided by the ISP. My roommates were connecting to that, and I was connected to my AP, hence the concern that their devices were interfering with my DNS requests when commonly used personal sites stopped working (but were working on mobile devices).
Im switching into the new environment where Ill have full control of the network pretty much today. As mentioned, Ill incorporate all of the advice provided and report back if Im still having the issues. If so, I think its safe to say that the offending interruption exists on my computer.
I was inquiring about how to improve the overall performance and security of the network and referencing bridging for that purpose.
1 Like