So I just added a TP-Link switch (TL-SG3428X) and access point (EAP670) to my network, using OPNSense for routing. I’m still within the return window for both items. I understand the article mentions routers, but should I consider returning these, and upping my budget to go for ubiquity? The AP would only be like $30 more for an equivalent, so that’s negligible, but a switch that meets my needs is about 1.6x more. And still only has 2 SFP+ ports, while I need 3 at minimum.
thanks to this post I found out about openwrt, and my tplink router model is compatible with it, I see this as an absolute win
I’d love to do the same with mine, but admittedly, the hardware in it is so poor, that they just couldn’t get it to work properly.
It’s quite frustrating too, because despite being a relatively new router, they’re already behind on security updates, and after all the promises, still haven’t delivered the bare necessities as WPA3 support
Yeah, no joke, I totally didn’t know about any of this, be certain that I’m going to consider this OpenWRT stuff when I’m buying a new router, it one of the most important pieces of my network, and can’t leave it to whatever the manufacturer plans to support in terms of security.
Look to the Xiaomi Mi AX6S. Quite capable router and only like $50 on AliExpress. I just got a second one to use as a mesh node and wireless bridge for a bunch of stuff that gets a terrible signal inside of a solid wood entertainment center.
For less money than some gaudy gaming wireless router that you end up replacing every 3 years, you can grab a Mini PC with two NICs, a wireless access point, and install OpnSense.
Your life will be irrevocably changed for the better.
Only go this route if you’re looking for a new hobby.
Not possible for every device, plenty of TP-Link xDSL modem/routers out there.
Eh, mini-PCs weren’t designed for that. Just buy an OpenWRT compatible router, or a router designed for OpenWRT like the ones from Turris. It’s better to have hardware designed for this kind of application.
Some are clearly designed for just that.
https://www.amazon.co.uk/Firewall-Appliance-4xUSB2-0-OPNsense-Ethernet/dp/B0CB3M6M16?th=1
Why does it matter ”what its designed for” a router is no better at it then a computer with 10x the brains you can route 10gig through them if you have the nics for it large company use pfsense and the like
The main issue is they have fans and the bios will sometime fail to boot. They are less reliable but much more powerful. It’s a tradeoff.
Ermmm router have fans mini pc actually doesn’t( at least mine mines fanless) routers also fail to boot but also that not a giant issue either way cause who’s turning on and off their router and any significant interval I have run time of 6 months before mines restarted and that’s due to software updates otherwise it would push a whole year
I have never had a household router that had a fan in it. Fanless mini pcs do exists they are rarer and usually more expensive and weaker.
The rebooting problem comes from micro interruption in the power grid. Yes you can add a UPS, but then these will become the main reason why the internet is down (I have a whole stack of APC branded UPS with failed batteries)
Newer WiFi 6 routers tend to have fans cause they get fairly warm but I’ve had a ups on mine for literally years and had to replace the battery in it once but before I got one even I still never had that problem we haven’t had a power outage in like a year or 2 now and I maybe happens once a year if it does so I don’t see your problem and I have it set to auto turn back on when it gets ac power so it’s a non issue
one of the reasons i use openwrt
I have a TP-Link router. Maybe I’m an idiot, but I searched around for a bit and I literally could not find which models of router were effected. All articles about Botnet-7777 are frustratingly vague with this.
I’ve had no end of trouble with routers and ones you should choose to be sure of.
The ones where you can flash OpenWRT seems the only choice if you want some semblance of security. But even my current Xiaomi router with stock firmware creates hash mismatches using
apt
to download things, and I don’t 100% know with confidence that using OpenWRT on it instead is keeping me right.But even my current Xiaomi router with stock firmware creates hash mismatches using apt
That’s a huge fucking red flag and I would yeet any network equipment responsible for fudging such a thing.
No doubt, and I would really love someone with more knowledge than me to poke into why that was going on (*edit: for clarity, this behaviour stopped after installing OpenWRT and is the stock Mi firmware that causes this)
https://files.catbox.moe/2i5ekl.jpg
I remember finding this thread where someone said they replaced their entire networking equipment
https://stackoverflow.com/questions/72022569/cannot-find-fixes-to-apt-error-hash-sum-mismatch
My router is this model for anyone wanting to nosey
my current Xiaomi router
Ah I see the problem right there…
As opposed to, TP-Link, Cisco(Linksys) and other off the shelf routers it seems some will only go for brands with their own proprietary firmware?
I grabbed that Xiaomi router on the premise it has OpenWRT, but I’d like to see Ubi / Unifi routers put under the same scrutiny instead of just lumping a brand name as a no-go.
What’s your recommendation?
Mine was a half-joke, but it’s not the first time chinese hardware was caught sending data around. Now I can’t recommend anything specific since the last time I bought a router was ages ago, and even though having one running OpenWRT is good I’d avoid it to be on the safer side.
If you don’t use Microsoft Azure cloud services then it shouldn’t matter, for now. Might want to just avoid running those for a little while.
The article also says:
It’s unclear precisely how the compromised botnet devices are being initially infected. Whatever the cause, once devices are exploited, the threat actors often take the following actions:
- Download Telnet binary from a remote File Transfer Protocol (FTP) server
- Download xlogin backdoor binary from a remote FTP server
- Utilize the downloaded Telnet and xlogin binaries to start an access-controlled command shell on TCP port 7777
- Connect and authenticate to the xlogin backdoor listening on TCP port 7777
- Download a SOCKS5 server binary to router
- Start SOCKS5 server on TCP port 11288.
So maybe setting up some firewall rules could also help prevent further problems.
The article makes it clear that the Chinese botnet is targeting Microsoft azure accounts, usually for large organizations involved with governments, infrastructure, legal professionals, science and technology.
It also states that the attacks can be disinfected by regularly restarting your router, but that this doesn’t prevent reinfection later.
The US intelligence services also says you should regularly restart your phone.
This is Microsoft’s posting about it which other news sources are quoting from: https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/
It has a recommendations section which suggests “credential hygiene” and strong passwords help.
Many experts in the past have noted that most such infected devices can’t survive a reboot because the malware can’t write to their storage. That means periodically rebooting can disinfect the device, although there’s likely nothing stopping reinfection at a later point.
Relevant line for my lazy chadbros who know that reading articles is for sissies.
This makes me want to call up the former CTO of the MSP I worked for who disagreed with me when I said TP-Link and other consumer hardware was a risk we shouldn’t let our customers take and tell him that he’s a miserable drunk who destroyed a company by taking a role he had no business in.
Go to openwrt. Or get something better with good security. Unifi is good and very expansible but it doesn’t have opensource software compatibility. Sad really.
Not all routers are in there. Buddy of mine just bought a new TP-Link router and it’s not listed.
…which is why you check if it’s listed before you buy it.
I mean, that makes sense to some. But not reasonable for an average user. He just did a search for top rated, recommended routers and bought what all these crappy sites recommend. He tried to do the needful.
The average user isn’t going to replace the firmware in a wireless router, so if it sucks out of the box, it’s just going to suck and they’ll never think to make it not so.
The first word in getting into FOSS or open anything should be compatibility before you even get to the store.
If not, then… well, I hope you keep the receipt.
I recently replaced my tplink for a Netgear I flashed openwrt on
Hell yeah another Openwrt enjoyer in the wild, what a rare occurrence. Flashed Openwrt 6ish month ago, have been very pleased with it.
You’re on Lemmy my dude. We all use Linux and Openwrt haha
Unless you have a locked-down router and your ISP doesn’t allow bridge-mode.
Yes 🐸