| --- Log opened Thu Jul 20 00:00:11 2023 |
| 00:12 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Connection closed] |
| 03:42 | | Degi_ [Degi@Nightstar-igj.tni.55.78.IP] has joined #code |
| 03:44 | | Degi [Degi@Nightstar-dqv.fst.13.77.IP] has quit [Ping timeout: 121 seconds] |
| 03:44 | | Degi_ is now known as Degi |
| 04:15 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has joined #code |
| 07:19 | | Netsplit Traal.Nightstar.Net <-> Krikkit.Nightstar.Net quits: @PinkFreud |
| 07:20 | | Netsplit over, joins: @PinkFreud |
| 08:58 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has quit [Ping timeout: 121 seconds] |
| 10:38 | | Degi [Degi@Nightstar-igj.tni.55.78.IP] has quit [Ping timeout: 121 seconds] |
| 10:39 | | Degi [Degi@Nightstar-7k3.1n7.245.2.IP] has joined #code |
| 13:34 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has joined #code |
| 14:45 | <@gnolam> | https://humanshader.com/ |
| 14:52 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 14:52 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 16:00 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Connection closed] |
| 19:47 | | * Emmy gets a headache just from seeing the example |
| 19:47 | < Emmy> | nooope |
| 19:49 | <@Kindamoody> | Why??? o_o |
| 19:51 | <@Kindamoody> | Not that Emmy got a headache, I mean, why are they doing that? Some people have too much time on their hands, apparently. |
| 19:51 | <&ToxicFrog> | That actually looks like fun. |
| 19:51 | <&ToxicFrog> | All the px have been claimed, though :( |
| 20:34 | <@gnolam> | Ah, they hadn't been back when I posted that. |
| 20:43 | <@macdjord> | ToxicFrog: There are a number of pixels that have wildly out-of-place colours which make me suspect the person who did they made an error. Maybe you can volunteer to double-check them? |
| 21:12 | < abudhabi> | Hmm. |
| 21:15 | < abudhabi> | Suppose you have router A that connects to internets, and router B that's connected to router A via ethernet. Router A is on 192, router B is on 10. Router A has connected PCs via ethernet. Router B has connected PCs via wifi. |
| 21:15 | < abudhabi> | Any obvious problems with such a scheme? |
| 21:17 | < abudhabi> | It's been decades since I've done my partial CISCO certification. I figure both networks will be able to see each other unless I take measures to prevent it, yes? |
| 21:18 | < Mahal> | My question is _why_ are you doing this |
| 21:18 | < Mahal> | you'll need to set up routing between them to make it work |
| 21:18 | < Mahal> | (by default the networks will *not* be able to see each other) |
| 21:18 | < abudhabi> | Good, even better. |
| 21:19 | < Mahal> | You'll need to set some basic routing up in order for router B's computers to get Internet |
| 21:19 | < Mahal> | (don't ask me how, I haven't done this in about eight years because I decided networking was Not for Me and got out of it) |
| 21:19 | < Mahal> | (so I have the understanding of _what_ needs to happen and then go wave at my network team and go "hello folks pls halp" when I need a thing at work) |
| 21:20 | < abudhabi> | I've done something like this before, with two routers, but on the same net. The auxiliary router was able to obtain network access without further setup, but I guess that may be due to same network and DHCP. |
| 21:22 | < abudhabi> | Regarding why, I want to add a bit more security. The wifi is intended for guests, mainly, and sometimes boomer-tier family members. |
| 21:28 | < abudhabi> | Currently the wired and wifi networks are under the same router that connects to the fiber optic. Wifi has a passphrase, and the admin page for the router also has a password, and it isn't "admin", but I feel this is still too lax. |
| 21:33 | < abudhabi> | Wow. Thanks to this bit of 🦆, I just realized that the ISP are retards. |
| 21:34 | < abudhabi> | Props to them for not setting the default password for the router as 'admin', but indicating on the login page itself that the password is the first 8 characters for the WIFI PASSPHRASE is still not good. |
| 21:37 | < abudhabi> | This secures... the wired network as an attack angle, as you don't need a wifi key for that. Anyone connected to the wifi will still have the router admin password. |
| 21:41 | | Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code |
| 21:41 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 21:41 | < Mahal> | Right, so, here's the bits you're missing. |
| 21:41 | < Mahal> | On a domestic home network, _it does not matter_ what the username & password are. People do not _care_. They need to plug in the magic box and have internet. The end. |
| 21:41 | < Mahal> | Any security aspects are consumer _unfriendly_ |
| 21:42 | < Mahal> | If you know enough to care, you are already doing better than 99% of domestic customers, you know, all the ones who _don't_ work in IT |
| 21:42 | < Mahal> | at that point, caring about network isolation, changing admin passwords, etc is totally reasonable |
| 21:42 | < Mahal> | go for it! |
| 21:42 | < Mahal> | ... but also, what's really going to happen on a domestic home network 99.9999999% of the time? |
| 21:43 | < Mahal> | people gonna use the internet. It aint' a threat vector of concern. |
| 21:43 | < abudhabi> | Yes, I see that. I'm connected, right now, through a network that has router admin secured with admin:admin. |
| 21:43 | < abudhabi> | (Vacation home.) |
| 21:43 | < Mahal> | So going on a crusade about "domestic internet is insecure!!" is ... just not a thing. |
| 21:43 | < Mahal> | (note: from the _inside_. ) |
| 21:44 | < Mahal> | Yes, of course it's a concern that so many domestic routers have management ports exposed to the public internet secured on admin:admin and are promptly part of every botnet in the world, but frankly that's the ISP's issue, not the consumer's issue to deal with |
| 21:45 | < abudhabi> | Which is why I want to provide simple wifi internet access from the secondary router. Internet, yes. Being able to even see the main router's logi page, preferrably no. |
| 22:22 | <&[R]> | AD: Clients in the B-net will be able to connect to clients in the A-net, but not the inverse, assuming you do basic NAT |
| 22:22 | <&[R]> | I currently have my network setup like that for reasons that need to be deconstructed now |
| 22:37 | < Mahal> | HIding the logon page from the secondary network is .. probably not possible, tbh |
| 22:37 | < Mahal> | unless you also have some *solid* firewalling in there |
| 22:37 | < Mahal> | oh, and at this point you're not using a consumer router, you'll be needing at least a SOHO/commercial one |
| 22:38 | | ToxicFrog [ToxicFrog@ServerAdministrator.Nightstar.Net] has quit [Connection closed] |
| 22:38 | | ToxicFrog [ToxicFrog@ServerAdministrator.Nightstar.Net] has joined #code |
| 22:38 | | mode/#code [+ao ToxicFrog ToxicFrog] by ChanServ |
| 23:43 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has quit [Ping timeout: 121 seconds] |
| 23:47 | | Emmy [Emmy@Nightstar-qo29c7.fixed.kpn.net] has joined #code |
| --- Log closed Fri Jul 21 00:00:12 2023 |