I’ve been working on a lot of virused computers lately. Typically I haven’t had much concern for other devices on my network but then I ran into a recent rash of viruses that are much more sophisticated than usual. One of them was silently doing “click fraud” in the background at the rate of 1000 clicks per minute or so. This got me a little spooked about the rest of my network. Even though my main computers are macs, I do think that cross platform or mac viruses will become a more regular occurrence. This is why I decided to rebuild my network.
I have been hitting a lot of thrift stores lately. It’s unbelievable what people are throwing out in my area. Some stuff I can understand like the network hub for instance but other stuff like the wrt54g’s are a bit of a surprise. The routers I have found range from WRT54Gv1’s to WRT54G-TM’s and routers as new as WRT54Gv6’s. The prices have been as low as $7 up to about $13. Sometimes I get the power supply with them, other times I pick up extras somewhere else.
In the matter of 2-3 months or so, I’ve managed to snag about 10 of them at bargain basement prices. Personally, I don’t see the need for 802.11N for everything. If I want to go REALLY fast, I’ll just plug in a wire, that’s always going to be faster than wireless anyways. Whatever the case, their loss is my gain. I’ve flashed these routers with DD-WRT for now since I don’t have a good grasp on OpenWrt quite yet and don’t need the extra functionality for the moment but I plan to start experimenting with OpenWrt a bit more at a later date.
Here’s how my network is laid out now:
DSL MODEM
^
OUTSIDE ROUTER(WIFI DISABLED)
^
HUB <–> Network sniffer
^
SWITCH <–> Guest access point(802.11B, WEP devices) & virused systems
^
INSIDE ROUTER(WPA enabled) <–> Most protected systems
I had a couple of goals with this layout. First, I wanted to provide a single point where I could sniff ALL traffic going in or out of my network. The hub provides me this because all of the traffic is spewed across all of the ports. When I only have 2 devices plugged into the hub, there should not be a performance hit from this. One caveat however is a switch labeled as a hub. I was unfortunate to purchase such a device but at least it was only a few bucks. Another challenge is actually finding a 10/100 hub. Most of them on the used market seem to be 10mbit.
My next goal was having a place to isolate guests and hook up older, insecure devices that only work with WEP and/or 802.11B. One of my next steps will be adding another dedicated guest router for 802.11G devices but that’s not a huge priority. Most importantly, I wanted to segment virused PC’s off of my network.
Hopefully this new setup will allow me to research odd malware behavior and keep my good systems a bit safer in the process.
If you like the content on this site, please support it by using this link to order from Amazon. You know you were going to go there and buy stuff anyhow so why not help me pay the hosting bill.
What sniffer are you running on the hub?
Hey Alex, long time no see! I’m running wireshark on a laptop for now. I intend to set up snort at some point and/or give bot hunter a shot but now at least my options are open.
I know, long time…that’s what school does to you lol, I must say that is a nice setup for the price some people would pay for one wireless router lol, I gotta get back into that IRC soon