July 28th, 2024

Avoid ISP Routers

Using ISP-provided routers is discouraged due to security vulnerabilities, default passwords, restricted settings, and potential backdoors. Investing in independent routers enhances security and control over network settings.

Read original articleLink Icon
Avoid ISP Routers

Using routers provided by Internet Service Providers (ISPs) is generally discouraged due to various security concerns. ISP routers often come with default passwords, indicating a lack of attention to security. They are typically configured for convenience rather than security, which can lead to vulnerabilities. ISPs may also implement backdoors in their devices, potentially allowing unauthorized access. Additionally, ISP-provided routers are prime targets for hackers due to their widespread use, making them more susceptible to attacks.

Many ISPs restrict users from changing critical settings, such as DNS servers or firmware updates, which can further compromise security. There have been numerous incidents where ISPs failed to address security flaws in their routers, leaving millions of devices exposed. For example, Sky routers in the UK had a significant DNS rebinding flaw that took 18 months to fix, and Virgin Media left users vulnerable for over two years.

Moreover, ISPs often charge rental fees for their equipment, making it financially sensible for users to invest in their own routers and modems. This not only provides better security but also allows for greater control over the device's settings and updates. Overall, purchasing independent hardware is recommended for enhanced security and reliability in home networking.

Related

Why content providers need IPv6

Why content providers need IPv6

Content providers are urged to adopt IPv6 for better services, bypassing ISP translation devices. IPv6 improves user experience, reduces latency, and boosts reliability. Major companies like Google and Netflix are already benefiting from IPv6, pushing ISPs to support its adoption.

Running a multi-gig Home Network in 2024

Running a multi-gig Home Network in 2024

Adrian Todorov optimizes his home network for high-speed performance, leveraging a custom-built router with multi-gig Ethernet ports, VLAN support, and VPN capabilities. His meticulous hardware selection reflects a tailored approach to network efficiency.

Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

Linksys Velop routers, including Velop Pro 6E and 7 models, transmit Wi-Fi login details to Amazon servers in plaintext, risking man-in-the-middle attacks. Linksys has not effectively addressed the issue despite alerts. Testaankoop advises against purchasing affected routers.

Linksys Velop Routers Caught Sending WiFi Creds in the Clear

Linksys Velop Routers Caught Sending WiFi Creds in the Clear

Velop Pro routers by Linksys sent WiFi data unencrypted to a remote server during setup, exposing SSID and encryption key. Linksys failed to address the issue despite warnings, prompting criticism. Users advised to configure routers locally to avoid data exposure.

OpenBSD IPv6 Home Internet Gateway with AT&T Fibre

OpenBSD IPv6 Home Internet Gateway with AT&T Fibre

Setting up an OpenBSD IPv6 home internet gateway with AT&T Fiber offers improved performance, security, and flexibility compared to ISP-provided gateways. The guide covers hardware, installation, configuration steps, including firewall rules, packet forwarding, network interfaces, DHCP, and AT&T BGW320 setup for passthrough mode, along with managing external IPv6 addresses effectively.

Link Icon 7 comments
By @blfr - 5 months
If you're on HN, you obviously want an OpenWRT router or better but most people are probably better off with equipment managed by their provider so they have someone to whom they can complain about wifi issues, etc.

Also, funny to see Bogleheads forum as source for tech advice. It comes up times and again in many forums that they are populated largely by computer janitors.

By @walrus01 - 5 months
The "purchase your own router" argument goes out the window on a GPON or XGSPON network where the ISP provides the interface to the single strand of fiber, unless your ISP supports putting the ONT in what is effectively a layer 2 bridge mode, and then you provide your own router.
By @mike22 - 5 months
Great in concept, especially if you know what you’re doing. In my non-North American locale, I ordered a fiber hookup, and specifically asked to use my own router.

Supposedly they will give you an ONT in SFP module for free, and then rent you a media converter ~3 USD/month, and then the rest is up to you (assuming it supports PPPoE). Some friends have done this a while ago successfully.

Reality on install day: technician grabbed the white-label ONT/router combo from the truck and refused anything else :( And unrelated, he found a “defect” in the existing fiber drop (clear as day with the visible-light tester), so I had to pay for pulling a new drop from the street :(

By @mmaniac - 5 months
Apart from all these legitimate reasons not to use an ISP router or modem, I find that they just... suck. The signal strength on mine is awful.
By @egberts1 - 5 months
ATT Fiber ONT and bridge passthrough, like I did with Verizon Fiber, Comcast cable, ATT ADSL and Frontier ADSL in my last places of residence.

Takes a bit of wrangling, and a bit of downtime during initial setups but its YOURS!

This is the part where ISC DHCP client really, really shines for me here (and systemd still can't).

Disclaimer: I coded Efficient PPPoE from RFC-scratch for many ISP's modems.

By @ineedaj0b - 5 months
how do you go about switching out an apartment a router/modem combo with managed wifi at apartment complexes?

I've been told by different places it often can't be done, but I never pushed the issue. Always wondered if it was true