Recent content by mike37

Thanks!! I hadn't considered that. I'm situated in an AT&T 5G area and presumed I'd be good for 5G or LTE. I get HDTV off the air - but do stream Netflix. Think I'll test it as a "hotspot" for a while before investing in a cellular modem! Mildly degraded streaming will be acceptable - REALLY...

YEP......I have concerns too; biggest one is that, though the connection is encrypted, can it be hacked and either the adapter or my iphone compromised? Little iphone and/or adapter might be easy to overwhelm. I like snort - used it years back in the windows day. I plan on looking into some...

Thanks, Tech9! I was hoping someone would ask that, as it seems easy to get the wrong device and there are likely better devices hidden out there. Current candidates: <https://www.amazon.com/dp/B075KR7Y4D/?tag=snbforums-20> <https://www.amazon.com/dp/B0118SPFCK/?tag=snbforums-20>

Thanks Tech9! Wifi adapters/connectors seem cheap enough - I just didn't want to buy one if I had "wisp" mode.

Thanks, bluzfannmr1! If I stay with or return to Comcast for some reason that'd be the first thing I'd do.

Thanks eibgrad! I'll go ahead and try 3.

Would like to lose the comcast modem (BYE-BYE Comcast!!) and connect my ac-68 to an iphone mobile hotspot. Also want to keep the firewall, yazfi, skynet, diversion, etc. tools. Do not want to use cables to make the connection. IIUC, one way to do this is to use a wireless/wifi internet adapter...

Strongly ditto dosborne and cptnoblivious! I'd add the possibility that some of your guests are -perhaps- "innocently" abusing your hospitality: using your portal to enter the wild west of hacking/attacking/porn/etc. (and which may earn you a knock on the front door). ISTM your LAN devices...

I used two lines. Added them after existing items in firewall-start: modprobe -r nf_nat_ftp modprobe -r nf_contrack_ftp NOTE: check spellings. my earlier post lost the "e" at the end of modprobe

F FWIW I had to use "modprobe -r"; don't have rmmod on my AC-68u. Thanks to ADFHog and all others on this short thread!!

Interesting! I sure don't understand the ramifications or degree of seriousness of this. - Perhaps use one of the IDS/IPS apps to flag (initially block) any atypical communications? - Snort/Suricata will likely develop specific signatures for common exploits using this (e.g. remote attempts...

You might be interested in: https://www.snbforums.com/threads/suricata-ids-on-asuswrt-merlin.63280/ and https://www.snbforums.com/threads/experimental-snort3-ids-ips-on-asusmerlin-ac86-ax88-routers-only.66123/ These come with rules that'l flag many of the actions you listed. In IDS mode you'll...

How much of that scalability would you guess is effected (and affected) through runtime parameters, and how much at compile time? So, under some loads and configurations investing in a big, VERY FAST usb device may help address a bottle neck on a little box? So perhaps users need to...

Because I've seen it in earlier versions of suricata - nice logs saying stuff was dropped; in fact not dropped. Well, maybe Suricata 5.0.3 is doing the job (IPS) on your new box, but not necessarily the earlier versions on Merlin. That simple test can help prove it for Merlin. Yep...

Well yes - 99% of the WAN "attacks" are internet noise filtered out by IPtables. And once it is tuned for my router, suricata will be quiet almost all of the time. no news is good news. For me the importance of suricata will not be telling me about inbound noise, but will be for...