First off, I came to these forums exactly because I was having difficulty/questions about setting up VLANS for each of my different LAN ports. I was told to set up a DMZ because I could not reroute a (Steam) port through the remote ports provided by AirVPN, which are fantastic. I have posted Michael Horowitz’s site pretty much everywhere, as well as the merits of Peplink and AirVPN (they’re a nonprofit, they provide excellent security services that most VPNs don’t care about, they report EVERYTHING). I don’t feel confident setting up a DMZ or even port forwarding right now.
I think, based on this thread, I can figure out the VLAN part. I’m not sure how I’m going to create a secure temporary server to a Steam p2p port array without my VPN or Steam permitting this. Remapping ports is new to me, and dangerous. I have to figure all this out.
In any case, I wanted to point out some things to OP Spangled, others feel free to disagree or correct me:
Don’t believe Gibson Research. It’s not that Gibson is a bad person or incompetent or something, it’s just there’s a lot of things going on, and for new users, his terror warnings are confusing. I have read many security professionals say far less respectful things about his tests. ipleak and dnsleak are good tools (I believe they are run by AirVPN even). Learn everything you can about NoScript, Ublock, and, if you have the time left over, Umatrix and http headers (and other kinds of headers). You’re using Firefox and not Edge, Chrome or Safari (right?), type about:config, jump past the warning, get to know what’s going on. I am only now learning about the latter tools to any useful degree. Chrome is okay for security, but you’re part of a deep learning project, if that doesn’t bother you, keep using Chrome.
I read in maybe 3 of your posts “my ISP modem.” You mean you are still using ISP hardware? Please stop using ISP leased hardware. Here’s a story:
I leased Comcast’s “Big Black Brick,” the standard Cisco* unit. Utterly featureless. The firmware is a complete joke. A couple Decembers ago, it was announced, all the way up to Homeland Security’s website, that a gigantic backdoor was in this gateway modem. I had signed up for security warnings from Comcast. I have never received a single one, not on that zero day and nothing ever since. When Comcast wants to update your gateway modem, they do so by DDOSing it. You can see this in the logs yourself when they release a “patch.”
While difficult to identify the exact origin vector(s), I was hacked horribly, my entire network, including my phone, my deceased mother’s mac (and all of her personal files) were invaded, it was quite a nightmare. I did pretty good, all things considered, but I’ll save that for another day.
I examined my gateway modem; the firmware was NOT DOING ANYTHING. it has been completely gutted and replaced with a mirage. I managed to catch some logs of the botnet/script kiddy upstairs phoning home, I saw logs disappear in real time, I managed to stop the thing on my PC, pulled out the ram and flash it on my mom’s mac, I tried everything I could find on blackhat forums. I struggled to understand nmap, tiger, tcpdump, I had no idea what I was doing. I got it to intentionally infect a Linux install disc, just to prove that the trojan was able to traverse my network in multiple ways. I still keep that drive to remind myself I’m not crazy, the botnet trying to hack my MSN account every day doesn’t hurt either.
I looked at every single file on that disc. Aircracking, “firmware nuking,” bluetooth jacking, metaexploit, a host of infections and malware names in the news at the time, dictionary crackers, keyloggers, nstructions on installing hidden torrent services, I learned a whole lot about how evil works in the world of stupid people with bad equipment. It was all on there, like a swiss army knife of script kiddy carnage.
I called my ISP. I was forwarded to a fellow in another nation who’s solution was for me to purchase a year’s subscription to Norton Antivirus. I called Apple upper tech support, they didn’t know any of the viruses or zero days I was talking about (there were tons in 2015-16). Apple has convinced people that everything is ok. They’re the technological equivalent of the East India Company. I called my ISP again to order a new modem to work with my new Peplink. The tech support guy GOOGLED MODEMS and sent me a link, which wasn’t a Comcast link, but some random spam site.
So that’s my abridged tale of ISP equipment. Throw it away.
The sooner the better.
*The popular Cisco gateway modem in question is not mentioned anywhere on Cisco’s site. They provide no guides, no firmware, no patches, no articles, no specs, nothing. It did not exist outside of Comcast’s domain.