A pentester told me my personal WiFi network was basically an open door

I thought I was being safe with a long random password on my home router, but a friend who does pentesting for a living pointed out I still had UPnP enabled. He showed me how devices on my network could be exploited through that one setting, and I had no idea. After that, I dug into my router settings and disabled UPnP, turned off remote admin access, and changed the default SSID to something that doesn't give away my router model. He also said my guest network was a mess because I had it on the same subnet as my main one, so devices could talk to each other. I split them into separate networks using VLANs in my router settings, and now I sleep better. Anyone else ever had a friend roast their home setup and find something obvious you missed?

3 comments

3 Comments

derek_perez1mo ago

And the guest network thing is HUGE because most people don't realize how much traffic their smart home devices generate. Like your fridge, TV, and light bulbs don't need to be chatting with your laptop or phone. I actually went a step further and put ALL my IoT stuff on a completely separate VLAN with its own DNS filtering so if some random Chinese smart plug tries to phone home to a sketchy IP, my Pi-hole just drops the connection instantly. That's the kind of stuff nobody warns you about when you're just setting up a router out of the box.

xenaf511mo ago

Yo exactly! The thing nobody talks about is how these devices are basically giving free marketing data to companies youve never heard of. My buddy's smart washer sends usage stats to some ad network every time it runs a cycle. Like why does a washing machine need to know what detergent I use and report it back to some data broker? Thats the creepy part. Even with VLANs and pihole you still gotta watch for devices that hardcode DNS or use encrypted SNI to bypass filters. Some cheap IoT cameras straight up ignore your DNS settings and use their own built in resolvers. Pain in the ass to catch unless you run deep packet inspection.

casey6821mo ago

Honestly the part that gets me is how many people just assume their smart TV isn't secretly running ads in the background even when it's "off." My buddy's LG TV was pulling like 2GB a month just doing openwrt chatter and pinging home. You can't trust any of these things.