Hiding my SSID

[Limagreen]

Would it be possible for future firmware updates, to allow us to hide the SSID broadcast?

this is just a request for consideration for future upgrades. It would also be cool if we could have an access list that is MAC address specific.

The thought of people riding my bandwidth un-invited makes me paranoid.

 

[Netduma Crossy]

I'm sure it would be possible to hide the SSID. I've added it to the list here.

 

For the second thing, I think you are talking about MAC Address filtering which is already on the list here.

 

If you have a password they won't be able to get on your connection anyway Also, it takes a few seconds to get a list of networks even if SSID is hidden with a network scanner. Would still be a nice feature to have though. Sometimes you need a network on wireless but don't want to be able to see it for the sake of neatness

[PharmDawgg]

Would that be completed by the Stealth Mode we have in place under the misc section?

[Netduma Crossy]

Would that be completed by the Stealth Mode we have in place under the misc section?

 

Hiding the SSID means that the Wifi network doesn't show up on a regular search. Instead you have to manually type in the Wifi name and password.

 

Stealth mode means that the router won't reply to pings on closed ports.

 

Sorry if I misunderstood your question

[PharmDawgg]

Thanks Crossy. I misunderstood what stealth mode was.

[PharmDawgg]

Crossy would you recommend enabling Stealth mode on the R1?

[Netduma Crossy]

Crossy would you recommend enabling Stealth mode on the R1?

 

There are some advantaged and disadvantages.

 

I would say in a home environment when gaming the advantages outweigh the disadvantages.

 

The main advantage for me is this. If someone wants to DDOS you the first thing they are probably going to do is ping the IP that they've pulled. Most booters (and I know this not because I'm a booter but because I bought one a while ago to stress test something) allow you to put an IP in and it pings the IP for you. It then comes back with with either 'Online' or 'Offline' (depending if the ping responded). I would say that if a  booter puts your IP in and it says Offine straight up, they're not going to know if/when their attack has worked so they're not going know when it has finished off to start a new one and they're not going to know if you were online in the first place. Overall it is confusing for them and annoying cause they're not gunna get that thrill of knowing they've got you offline which is what they want.

 

Thats quite a specific example of what I think one of the advantages are. Obviously if they find an open port they'll know but most of these guys a script kiddies and have no idea what they're doing - they just follow some shifty youtube vid.

 

So yeah, other reasons include bots that are scanning for network vulnerabilities not knowing your router is there.

 

From what I've read, the disadvantages are that it can make network troubleshooting more difficult although I'm sure there are others too.

 

Hopefully this helped you. Simple answer is I would say no harm in doing so, if it causes issues switch it off but I doubt it would

[PharmDawgg]

Thanks for the info. Yeah I think I'll take the plunge.

[Akic]

Just to weigh in from a security perspective, hiding an SSID is pretty pointless, hidden SSIDs are trivial to discover. If you want to secure your network make your WiFi password long and complex you can't get better security than that.

 

As for stealth mode I would recommend turning it on, there's no need for your router to give any indication that it exists if bots are scanning an ip range for possible attack targets.

 

Of course a determined hacker targeting your specific IP would not be deterred but the casual scanning where most attacks start from will be. There are no real downsides to having it switched on.

[Zennon]

Just to weigh in from a security perspective, hiding an SSID is pretty pointless, hidden SSIDs are trivial to discover. If you want to secure your network make your WiFi password long and complex you can't get better security than that.

 

As for stealth mode I would recommend turning it on, there's no need for your router to give any indication that it exists if bots are scanning an ip range for possible attack targets.

 

Of course a determined hacker targeting your specific IP would not be deterred but the casual scanning where most attacks start from will be. There are no real downsides to having it switched on.yes to this

Exactly

 

Use jumbled letters and numbers so dictionary attacks will fail, on all passwords not just wifi .

[Netduma Iain]

I'm trying to remember what the downside of stealth mode is. I think its if some protocol tries to connect to your IP legitimately like torrent then having a response tells it to stop trying instead of resending multiple packets before giving up. 

[Zennon]

I do not like torrents as they thrash Hdd with all the I/O and kill them quicker, so i am good with stealth

[Netduma Iain]

heh yeah I think for most people here stealth mode on is probably the way to go

[Akic]

I'm trying to remember what the downside of stealth mode is. I think its if some protocol tries to connect to your IP legitimately like torrent then having a response tells it to stop trying instead of resending multiple packets before giving up.

If you're torrenting you should have an open port either manually or upnp so incoming packets will get through without hammering the router.

[Netduma Iain]

Found the original link in case you're interested mate: http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject

 

So DROP = stealth mode

REJECT = non stealth mode