u/hawkeye000021

AP7 deauth attack detection?

AP7 deauth attack detection?

I added the picture for effect. Maybe this is me or maybe it’s someone else, the world will never know. The point is that this 6+ year old “watch” current has the ability to knock devices on my WiFi network off of it by launching deauthorize attacks which can knock single or multiple devices off the wireless network and even broadcast my SSID to try and trick devices to rejoin that fake network.

Obviously WPA3 has deauth defenses but I’m curious if AP7 could simply detect those attacks to simply let us (Firewalla community) know that we have a neighbor that is just smart enough to mess with us? Maybe this is a full blown RFE but I’d be curious if anyone else cares to know about these events. I know my neighbors and they can’t pull this stuff off but if I was in a city I’d definitely want something like this.

u/hawkeye000021 — 18 hours ago

CPU usage seems odd- Gold SE

Consider it holds at 68% with like a few kbps I'm wondering what's up. I assume it's blocking a lot of something but even then, this is as close to idle as it gets and is push 70%. I wrote an app that pulls this data in at least once a day and I can see it's been in the 30's so is this considered unusual? Support has my MSP access and didn't make any note of it. I'm going to ask them as well, but wondering if anyone else see's this at such low bandwidth and yes bandwidth is not everything.

u/hawkeye000021 — 21 days ago

I guess you can get box health results

I had to be logged into the MSP page to do this but it did work and was a request from someone earlier.

u/hawkeye000021 — 1 month ago

My device rebooted so…

Naturally the AI thinks my cable became unplugged for one minute or other things that aren’t at all what occurred. I’m sure AI is just reading logs which begs to question how we can’t get accurate devices level logs? This is the 10th time I’ve noticed and it’s normally during an upgrade. Why not say- “device shut down normally for upgrade” granted this could have been a lot of things. My box keeps getting to 96%+ blocked traffic and then after some time it fails and reboots. Maybe support was doing something since I gave them access to explain the cycle where blocks get so high that eventually the device tips over.

I know it’s difficult to log a reboot when it’s unexpected, but I’ve used devices that can manage it so I don’t think it’s impossible. At the very least I think AI should speculate a reboot occurring. Especially if the uptime is ohh idk an hour.

u/hawkeye000021 — 1 month ago

Rule optimization/logical display

Update: This will be FREE if the interest is there. The way I made sure people knew would be free was misunderstood.

I’ve already got roughly 40 hours of development into a tool I’m building to display rules based on hierarchy like a Cisco ASA or Palo on box without Strata and such.

The other part of this program is to find redundant rules/zero hits and other unnecessary things.

I wrote it for myself so it’s not on GitHub nor is it complete enough to be that way. I’m not going to publish unless there is a lot of interest from this community.

It basically looks like this and at this time it’s working with MSP. I only have it able to pause the rules that aren’t really relevant vs deleting them as I’m not sure how to do that yet or if it’s even possible. It does let me just open up MSP and see what is paused then delete. I can see if it can work with local stuff but again this is for me unless there is large interest so it’s far from perfect but it does work exactly as it should.

The concept came from tools I work with everyday to optimize and clean up corporate firewalls with 20 years of rules never reviewed again on them. Let me know if you’d like me to publish this to a code repository which would take a lot of extra effort from me. I just hate and love how Firewalla handles rules with tags, it’s amazing until you get to a large and complicated rule base. That and I’m used to looking at traditional tools.

u/hawkeye000021 — 2 months ago

I know our hardware is not made in the US and while it’s not a “router” the language in the FCC ban targets anything that forwards packets basically. I know we are good until May 2027 to be able to receive security updates on most consumer routers but I am curious what the plan is for our gear? If we lost updates in a year and your company is unable to manufacture in the US what next?

reddit.com
u/hawkeye000021 — 2 months ago