Risk of a Private Network on a Public Network

pmilleroly27 · September 3, 2024, 10:19pm

I’m currently connected to xfinitywifi using a pocket router setup as a private network with a wireguard vpn.

What are the risks associated with sourcing you private network over a public network?

Thanks

anon71851389 · September 4, 2024, 12:32am

Mainly fingerprinting I think which can be mitigated with random mac address

there are several layers aside from wireguard that need to be secured to not allow a bad actor to spoof things.

Is your DNS encrypted as well?

pmilleroly27 · September 5, 2024, 4:14pm

Not sure, what setting should I look for in the router settings?

pmilleroly27 · September 5, 2024, 4:32pm

DNS is now encrypted, MAC address is cloned and so your aware the router is connected through repeater not Ethernet, tethering or cellular.

The three options for MAC Address on router is factory, clone and manual.

TryTwiceMedia · September 5, 2024, 4:36pm

Depends, if you’re connecting a router to the LAN and have everything connected there, this is how low cost ISP’s do it all the time.

Just got an email today from a client who outsourced their ISP overseas and last time I was there could plug into any port on the switch and see ALL users across the entire luxury condo network.

Anything outside your LAN router is a hostile network, treat it as so and move on.

anon71851389 · September 5, 2024, 4:36pm

you-have

anon71851389 · September 5, 2024, 4:44pm

That’s bad LMAO

Yeah since it’s going through a repeater lock the ports down that you’re not using. The mac address randomization would only make sense on the repeater in that case since it’s the only device exposed to the public network access point

pmilleroly27 · September 5, 2024, 5:41pm

How do you lock ports down? Block all new devices from connecting? And just change that setting momentarily if I need to add one of my devices to the network?

TryTwiceMedia · September 5, 2024, 5:49pm

you just said alot of things

firewall rules

How aggressively? If you’re tip of the spear then MACSEC, most just use RADIUS servers for enterprise network authentication.

Not how that works, you need to enroll the device through your authentication server.

What you are describing would require decent hardware and plenty of setup time. But you’ll learn a LOT about networking. Just remember your MAC address is MY MAC address

anon71851389 · September 5, 2024, 5:51pm

I suggest reading about ports and networking. It sounds like you’re in over your head a bit.

a firewall that only allows your wireguard port would be ideal

also a vLAN separate from the public network for local devices