• smartRG sr360n does not isolate clients

    From August Abolins@2:221/360 to All on Tue Mar 10 21:42:19 2020
    Anyone here have experience with the LG Smart 360n?

    For months I was offering free wi-fi, occassionaly. The device has an "Isolate Clients" option that was/is enabled.

    A photo of the config screen here:

    http://pics.rsh.ru/img/smart-sr360n-isolate_8vt15kdc.jpg

    But recently, I fired up a new laptop of my own, connected to the wi-fi, and I was able to see all the machines and their directories on my whole network!

    What the..

    Can I officially proclaim that the islolate clients feature is broken?

    --- TB68.4.1/Win7
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Nick Andre@1:229/426 to August Abolins on Tue Mar 10 17:56:45 2020
    On 10 Mar 20 21:42:19, August Abolins said the following to All:

    But recently, I fired up a new laptop of my own, connected to the wi-fi, an was able to see all the machines and their directories on my whole network!

    Not to be nitpicky here, buuuuuuuuuuuut... If you can "see all the directories" of your machines on your LAN, that it is a *serious* security problem that is unrelated to your router. You should never, ever, *ever* expose your directories, *ever*.

    Nick

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (1:229/426)
  • From mark lewis@1:3634/12 to August Abolins on Tue Mar 10 19:07:37 2020
    Re: smartRG sr360n does not isolate clients
    By: August Abolins to All on Tue Mar 10 2020 21:42:19


    But recently, I fired up a new laptop of my own, connected to the wi-fi, and I was able to see all the machines and their directories on my whole network!

    /me wonders if something hasn't already gotten in and created a guest account with admin rights...

    but then, it also depends on the account used from the new laptop and if it has
    admin rights on all machines...


    )\/(ark
    --- SBBSecho 3.10-Linux
    * Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)
  • From August Abolins@2:221/1.58 to Nick Andre on Tue Mar 10 19:55:00 2020
    Hello Nick!

    ** 10.03.20 - 17:56, Nick Andre wrote to August Abolins:

    Not to be nitpicky here, buuuuuuuuuuuut... If you can "see all the
    directories" of your machines on your LAN, that it is a *serious* security
    problem that is unrelated to your router. You should never, ever, *ever*
    expose your directories, *ever*.

    I want my wired pcs connected/accessible to each other, but ofcourse I do
    not want the network to be exposed to wireless devices. Hence the WTF
    when I just happened to connect a recent new laptop (the Thinkpad 540p
    that I mentioned in another echo a couple months ago) to finish some Win7 updates.

    I thought the sr360 modem/router *was* isolating clients as the config
    shows.

    The sr360n was a "brand new" replacement from my ISP. Very early on I discovered that the port-forwarding feature on it was broken. At that
    time I was not yet using the wi-fi (it interferes with the cordless
    phone), so I was not aware that anything else might be broken on the
    sr360n. I'd only turn on the wi-fi if a friend was desparate to check something from their tablet/ipad/phone for a few minutes.

    Based on what you see on the config, would you not be convinced that the wireless devices would be blind to each other and the wired network?


    ../|ug

    --- OpenXP 5.0.43
    * Origin: /|ug's Point, Ont. CANADA (2:221/1.58)
  • From August Abolins@2:221/1.58 to mark lewis on Tue Mar 10 20:11:00 2020
    Hello mark!

    ** 10.03.20 - 19:07, mark lewis wrote to August Abolins:

    But recently, I fired up a new laptop of my own, connected to the wi-fi,
    and I was able to see all the machines and their directories on my whole
    network!

    /me wonders if something hasn't already gotten in and created a guest
    account with admin rights...

    Gotten in where? The new laptop was connecting to the network for the very first time. The laptop could not be compromised, yet.


    but then, it also depends on the account used from the new laptop and if
    it has admin rights on all machines...

    The laptop is me, admin rights to itself. When connecting to the network
    for the first time, I was prompted to select "Is this a Home, Work or
    Public network?" Since everything is mine anyway, I picked "Work".

    But since the laptop can see all the other Network icons that represent
    the other pcs tells me that the wifi isolation is not isolating. :(

    I am ok with wired pcs connected. But I certainly don't want any wireless device to spy on the network.

    Meanwhile, I noticed that the config has an option to limit the number of devices connecting to any particular wireless SSID. I haven't tested if a limit of "1" will block any further wireless connections.

    But I think this smartRG sr360 is a piece of Sh*t. And I found out much
    too late to "complain" to Acanac, I think.

    Do you see any reason not to trust the config settings if you saw the ones that I posted?

    SSID: ilovebooks-1, Isolate clients = YES. And there is even another "Isolate Clients" setting above that.


    ../|ug

    --- OpenXP 5.0.43
    * Origin: /|ug's Point, Ont. CANADA (2:221/1.58)
  • From Nick Andre@1:229/426 to August Abolins on Wed Mar 11 11:40:30 2020
    On 10 Mar 20 19:55:00, August Abolins said the following to Nick Andre:

    I want my wired pcs connected/accessible to each other, but ofcourse I do not want the network to be exposed to wireless devices. Hence the WTF when I just happened to connect a recent new laptop (the Thinkpad 540p that I mentioned in another echo a couple months ago) to finish some Win7 updates.

    Here at home, I use the principal of least-privilege... my "Nick" account does not have administrator privilege. File shares on the Lan are locked down to only what I need to access. That means no root or system directory exposure.

    We're talking about a home network with a busy server system, several
    virtual machines, the BBS / Fido hub, a couple entertainment PC's and one in the kitchen, a couple laptops, printers, Apple phones, tablets and Amazon
    Echo devices.

    What you were describing implies that there is no authentication between the systems on your LAN if you were able to see everything in the scenario you originally stated. If these are Windows computers, I am curious how that is possible unless you have specifically enabled "Everyone" permissions or have credentials cached.

    If you absolutely 100% do not want the wireless devices to see anything on your LAN then they should be isolated into the Guest network or on a
    seperate router altogether.

    I'd dump that ISP-issued router if possible, and get a commercial-grade router if there is budget for one.

    Nick

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (1:229/426)