Family member has bought a femtocell because he has a poor signal strength on his phone inside the house. What happens is the phone connects to the femtocell and all Calls and SMS/MMS data gets transferred over the internet. Now I got a bad feeling about having the femtocell connected directly to my router. Because in Mr. Robot they used femtocell to place a backdoor into Evil-corp’s network. I checked online and found out that they can be exploited and the user’s data can be snooped on. http://www.securityweek.com/carriers-should-ditch-femtocells-over-security-risks-researchers
However I didn’t find any information that it could infect the rest of my computers connected to the router. People were saying that you should isolate the femtocell in its own vlan to stop it from getting access to the rest of the network.
Anyone know how would i go about doing that? I have DD-WRT installed on my router.
VLAN tagging is what you want. Add a new vlan (any number 2 – 4000-something). Assign it to the port your femtocell is plugged into. Priority 0 is probably fine.
You should be prompted to give it a network address. Just use a private network that’s different from what you’re using on the rest of your network (and different from any private networks you connect to via vpn – you probably don’t need to worry about that though).
Enable DNSMasq as it says on the right unless the femtocell has a static IP. You’ll need to configure a separate dhcp pool for the vlan network.
Ok, so I’m not sure I can help you out any further because I’ve never worked with a DD-WRT router.
I can tell you abstractly, that these are the steps you’ll need to complete:
Identify which physical ports correspond to ath0, ath1, eth0 and eth1.
Add a vlan tag to the femtocell port.
Configure a private network for the vlan (network, gateway, subnet mask, NAT, etc…). Some of this will probably be configured automatically by DD-WRT. Minimally, you’ll need to tell it a gateway address and a subnet mask.
Optionally, configure a DHCP pool for the new vlan network.
If any special port forwarding or firewall settings need to be configured for femtocell, then that’ll need to be done as well.