Logo

Basics

  • Introduction
  • Upgrade router firmware
  • Protect router management
  • Turn it off
  • Port forwarding
  • Services audit
    • Questions
    • Disable services when not needed

OpenWRT

  • Introduction
  • Flash router with other firmware
    • DD-WRT
    • OpenWrt
      • Example: Flashing a TL-WR841N(D)
  • DropBear SSH public key authentication
    • Running SSH on another port
    • Whitelisting IP’s
  • Nethogs
  • Portknocking
    • Resources

Wireless

  • Introduction
  • Reduce wireless signal strength
  • Change router defaults
  • Disable SSID broadcasting
  • Enable encryption
    • Use the strongest encryption protocol available
  • Notes on WPS
    • Check for WPS
    • Warnings
  • Unauthorised devices
  • Restrict by MAC address
  • Use certificate-based security

Intranet

  • Introduction
  • Add a NAT router
    • Take control of the Internal NAT router
  • LAN segmentation
  • ARP
    • Spoofing
  • DNS
    • Cache poisoning
  • NFTables
  • Snort box

Internet

  • Introduction
  • BGP hijacking mitigations
  • Certificate validation
Network mitigations
  • Ty Myrddin Home
  • Unseen University
  • Improbability Blog
  • About
  • Contact

Introduction

  • Add a NAT router

  • LAN Segmentation

  • ARP

  • DNS

  • NFTables

  • Snortbox

Previous Next
Unseen University, 2024, with a forest garden fostered by /ut7.