SlideShare a Scribd company logo

Mastering your home network - Do It Yourself

julien pauli
julien pauli

The document provides instructions for mastering a home network by replacing the ISP-provided router with professional networking hardware. It recommends throwing away the ISP "box" and using a modem and separate router instead. The router should be a professional SOHO brand like Mikrotik, Ubiquiti or Turris Omnia for features like VLANs, QoS, routing, VPN, and advanced protocols. Basic firewall rules are outlined to secure the WAN connection by accepting ICMP, dropping invalid packets, and accepting established connections.

Internet
1 of 103
Mastering your home network stack with SOHO pro hardware
Main Course  1°) Throw away your ISP "box", use a basic modem/ONT  2°) Buy a real hardware router  3°) Buy your other network hardware (Wifi AP, switch, wires, adapters, etc...)  4°) Plug-in and master everything  VLANs (802.1q)  QOS, traffic shaping, load balancing, 802.1p prio  Custom routing rules and routing tables, VRF, MPLS  VPN to external sites  BGP / OSPF advanced dynamic routing  ...
ISP CPE (Box)
What, why ?  Internet Service Provider (ISP) deliver "BOXes" as Customer Premises Equipment (CPE) of their network  They want their customer to plug-and-play  Those BOXes, are very cheap and locked hardware  In a word, they are poor  Don't trust the marketing song of your ISP  They work for very basic usages  They are usually not very secured  https://blog.mossroy.fr/2016/03/31/failles-de-securite-sur-les- modems-sfrnumericable
Why change ?  To master things from A to Z  To support more devices (IOT, domotic, servers) in your house  If you have many devices, better get rid of your box  If you need input traffic (self hosted infrastructure)  If you want to push security further (IOT ?)  If you want to load-balance with several ISP  If you want to peer with other trusted people (through VPN)  And create/manage your own Internet  If you need security (through IPSEC f.e)
In a picture
In a picture
As a reminder  Protocols are open  You should be able to change any hardware, by another (from different brand)  As soon as it talks the same protocols, it must work  Some ISP don't follow RFCs for some protocols  That makes you have to use DPA/DPI  That makes you have to patch your stack
My own experience
My experience, my knowledge, my shares  Actually at home...  I own several different Internet provider connections  IP failover, advanced routing scenarios, traffic shapping and QOS  Dual stack IPV4 and IPV6  Separation of input and output streams  I have several machines and wifi networks  I have no more "boxes"  I'm VPN linked with other guys doing same stuff as me  I'm hosting some public Internet services (DNS, HTTP, etc...)
Using a modem in place of your box
Getting rid of your box  To trash your box, you need a modem, depending on the technology provided.  ADSL  Then you can plug-in an ADSL modem  Cable (DOCSIS)  You may use a DOCSIS modem  Fiber ONT based  You can plug-in using RJ45 or SFP  Fiber Raw mode  You may plug-in using an SFP adapter
Notice  I talked about modems to manage input ISP stream, not routers  Many modem actually can/do route  Do not use their router ! !  We must use the modem just to convert the signal, into an RJ45 socket  Then, we'll plug our RJ45 RAW Internet cable, into our own router, of our taste  Buy the "simplest" modem, if possible, with no router inside  Mind the chipset (Broadcom are good)
ADSL modem IN OUT
DOCSIS modem IN OUT
Fiber external ONT IN OUT
Fiber, RAW SFP socket Fiber IN
Bridging the box
Keeping your box, at a minimum  You dont want to buy a modem ?  There is a solution of keeping your provider box  But only use it as a modem !  Disable anything else, but the modem  Especially : disable their shitty slow/unsecure poor router  This is called the "bridge mode" (L2 bridge)
Box as a modem : bridge mode  2 scenarios (2018) :  Your box can be bridged (L2)  SFR/Numéricable LaBox  Freebox  Everything is then all right  Your box cant be bridged (L2)  Others (Orange, Bouygues)  You'll need to buy a modem  Or suffer from horrible network stack (DMZ, or Double-NAT)  If fiber technology, you should use ONT or Raw SFP
ISP Box Conclusion  Ask to run the box as a modem, not a router (bridge mode)  If possible : you can keep your box  Free - SFR  If not possible : you must replace it by custom hardware  Orange - Btel  Dont use the box router (router mode)  Other alternative ISP exist
I got my Internet plug !  Bridged-box or custom modem , now , your Internet connexion is arriving through one cable  It is time to route it and start doing some network stuff 85.2.208.135* 2a01:ca:b5ee:ed::/56* * : example provider IP
Router
Router  Pay the price : the heart of your network  Too many references on the market  Do not choose a general purpose low level brand  Linksys, tp-link, netgear, etc...  Don't blindly trust marketing  Those are not really better than ISP box  Poor hardware  Not many customization  No routing protocol management  No VPN possibilities, or weak ones  In a word : low-level entry market products (even "advanced" ones)
Professional router brands  Turn to professional dedicated hardware brands  Datacenter hardware is not for your usage and cost  SOHO is what you need : Small Office Home Office hardware  SOHO are not that much expensive (60€ to 1000€)  The smallest SOHO router starts by about 60-80€  2 kinds  Open , based on Linux or Unix stacks  Ubiquiti (Debian based) ; DDWRT, Turris Omnia, others ...  Closed, based on custom OS (Unix derivated often)  Cisco's IOS , Mikrotik's RouterOS , Juniper's Junos, etc...
My experience  I run Mikrotik for router and wifi spot  Professional hardware  "RouterOS" is the name of the OS  Not open source  Based on Linux Kernel  Full of features, stable, maintained  Licence pricing is really good  Perfect for advanced networking at home or for small businesses (SOHO), with a clearly reasonnable pricing  I run Ubiquiti for switch  Perfect balance in price / usage for SOHO
Ubiquiti routers  Ubiquiti is another trade providing Debian based hardwares
Turris Omnia router  Again, Linux based  OpenWRT
Mikrotik  https://mikrotik.com/  https://routerboard.com/  Size your needs  Prices go from 60$ to 4000$ per unit (L3 routers)  Basically, the CPU and RAM will increase the price  If you need VPN, QOS or high traffic firewalling, take care of CPU and RAM  Mind the hardware dimensions  Some are small devices, some are 1U rack sized
Mikrotik example routers  https://routerboard.com/RB2011iL-IN  ~ 100€
Mikrotik best starter product
Mikrotik example routers  https://routerboard.com/RB1100AHx2  ~250€
Mikrotik example routers  https://routerboard.com/CCR1009-7G-1C-1SplusPC  ~450€
Wifi ?  Don't fear the wifi.  Wifi support will be added to our stack thanks to Access Points (AP)  Usually better than embeded router wifi
Router quick tour  Every port can be wired independently  Some devices provide switch chips  Some devices provide Wifi  It's better to use dedicated hardware for such tasks  You basically tell each port what you want it to do  1/ You create L2 and L3 links  2/ You arrange routes  3/ You secure everything with the integrated firewall  4/ You control traffic bandwidth with queues and QOS
Quick example WAN Servers LANHome LANHome LAN
Quick example 192.168.1.0/29 192.168.0.0/28192.168.0.0/28 93.235.6.18
Quick example 192.168.1.0/29 192.168.0.0/28192.168.0.0/28 93.235.6.18 VPN 192.168.1.100/32
Dedicated switches  The problem with routers is that they are not good switches  They may do the job, but take care of not going through the CPU for switching purposes  Tip : bridges trafic often go through CPU  Buy the right hardware for the right purpose  For full L2 switching, nothing beats switch ASICS
Using a dedicated switch 192.168.1.0/29 192.168.0.0/28192.168.0.0/28 93.235.6.18 VLAN trunk
Even better with 802.1ad LACP 192.168.1.0/29 192.168.0.0/28192.168.0.0/28 93.235.6.18 VLAN trunk LACP
More complex setup provider #1 provider #2 provider #1 TV stream provider #2 SIP stream IP cameras computers NAS Iots
RouterOS
RouterOS  A full Network OS  You must familiarize with it  You must have strong general networking knowledge (master OSI, master TCP/IP and common protocols at several layers)  RouterOS supports  Firewalling - IPSEC - Routing - Switching - MPLS - VPN - Wireless - DHCP - Hotspot - Bonding - QOS(HTB/PCQ) - Proxy - SMB - DNS - SNMP - RADIUS - TFTP - PPP,ISDN - Bridging(STP/RSTP) - Telnet/SSH - Packet Sniffer - Ping flood - traceroute - Scripting - File fetch - Trafic generator - SOCKS - ...  In short : many advanced technologies in one box  Have a look at the licencing details
RouterOS details  You may access RouterOS using :  Web HTTP-HTTPS access  SSH / Telnet, using command line  WinBox (Windows GUI tool)  Console port (special cable needed)  FTP-TFTP for internal storage access  An HTTP interface demo exists online  At http://demo.mt.lv  Documentation  https://wiki.mikrotik.com/wiki/Manual:TOC
RouterOS book
WinBox GUI
Let's go for our first simple example
Let's go for our first simple example Distributing Internet at home
Very simple Internet sharing setup Gigabit switch 1 WAN modem PC1 PC2 Ethernet switch 2 (unused)
What we need  Isolate port 10 (eth10) from switch 2 : this is WAN  Use full switch 1 by bridging ports together  Associate a dhcp-client to eth10 (Wan) if ISP doesn't provide fixed IP  Create an IP and network for the full switch 1 (LAN)  Let's choose 192.168.0.0/28  Let's add it a DHCP-server  Create a source NAT on eth10 for LAN traffic to be NATed over WAN
GO
We have a simple setup :-) DHCP client 98.2.245.78 192.168.0.14 network 192.168.0.0/28 DHCP server 192.168.0.1192.168.0.2 NAT masquerade Routing table : 0.0.0.0/0 -> 98.2.245.1 98.2.245.0/24 -> eth10 192.168.0.0/28 -> switch1
Linux utilities and network debugging tools  mtr  ipcalc  iperf  nmap  ethtool  And of course :  tcpdump / wireshark  switch port mirroring  TZSP
SECURITY
Security foreword  If you want to design your own network from scratch , you are responsible of your own security  Bad firewall configuration will lead into security breaches in your home, from external , through the wires.  Take care  Secure your network like your secure your home  Lock doors  Take care of basement, windows and other ways to reach you  Think about everything
WAN security  Your WAN part is directly connected to Internet  You'll then start experiencing attacks to your external IP  You must now protect yourself  From WAN input traffic , that's the basics (IN)  From your own untrusted output traffic, that's optional (OUT)  Welcome FIREWALL
Firewall filter chains  Input  Traffic which dest-addr is one of your router's  Forward  Traffic flowing through your router (which dst-addr is routable and not one of your router's)  Output  Traffic generated by the router internal OS, which src-addr will be one of your router's  "FooBar"  You can create as many custom chains as you want
Firewall : main rules  One rule targets one chain (not zero, not several : one)  Input  Forward  Output  Xyzbaz : custom chain (you can add infinite custom chains)  For every chain, rules are ordered  If rule 3 breaks the chain (by DROPing for example), then rule 4 and others won't be triggered  Rules can jump  You can say "rule 3, match packets XXXX and jump to chain ZZZZ"  You have to carefully follow the packet path into your head  Don't get lost !
Firewall perf  We use connection tracking firewall here  Activated by default. Can be setup (connection lifetimes)  Raw firewall is available too  If you don't organize flows the right way  You'll burn your CPU as traffic increases  Organize rules (they are ordered in lists) cleverly  The most likely to happen should come first  To some point, you'll need better hardware (CPU and RAM)  Time to upgrade then  At 1Gbps per link, that can increase very fast according to needs
Let's add our firewall rules
Accept ICMP  Don't blindly block ICMP  Internet Control Message Protocol  A good engineer does not blindly block all ICMP traffic  ICMP is used to debug your router and networks  Mainly using "ping" or "traceroute"  ICMP is used to debug IP  "network unreachable", "admin prohibited", "frag. needed"  Thus ICMP helps router and OSI 4 protocols (TCP)  ICMP is mandatory to IPV6 (cant work without it)
Or at least, control ICMP  You may suffer from ICMP attacks  Then you may limit ICMP traffic to some rate  Or you may classify ICMP traffic  http://www.nthelp.com/icmp.html
Drop Invalid  Invalid packets are packets which present themselves as being part of a non existant connection  Not seen before by con-track firewall  Basically : traffic injection attempts / attacks or replays  Or networking problems  (Advanced routing protocol could suffer from that  We don't care at our level )
Accept established  Established are packets from whom router knows something  Basically : this is the way-back return traffic  This rule is very useful to match the return traffic and not block it  You can blindly assume that you accept packets comming from connections you did create or accept, right ?  This rule will as well reduce firewall CPU pressure
Accept forwarding  As a router, your role is to forward packets from one interface to another  Using routing tables  Let's accept default forwarding  This is by default  But adding a rule will allow you to remember that  And to collect statistics about it
Firewall jail
Firewall jail  Simple : you program the firewall so that you lock yourself out of the box.  Like when you close your front door, with keys in the lock on the other side  WARNING  It is easy to lock yourself out of your box  Always, keep that in mind while firewalling
Firewall jail example  "For every INPUT , DROP it"  You just locked yourself out !  Connection will immediately get lost  4 solutions :  Reset your router ( pay the price ! )  Access using console port (you'll need a special console wire)  Prevent it by yourself opening a hidden door (a special port)  Use an embeded anti-lock system  Vendors usually provide anti-lock systems  Mikrotik provides two of them
Open a "hidden" door by yourself  Here, eth9 can be used to connect to any router IP and access your router  This assumes you have a physical access to it  This assumes you open firewall in input using "in-interface" match
Let's protect ourselves  Accept Input from trusted 192.168.0.0 network  Accept input from your fail-over interface  And deny Input from everywhere else  Reminder : Input means your router itself, not any else machine
Reject Ip private ranges ("bogons") on ISP outputs  Also, you may blackhole/reject private IP routes (called "bogons")  RFC 1918 ranges and others  This may mitigate some DOS attacks and prevent private ranges from leaking to your ISP gateway  This is a well known network good practice for routers
We are done :-)
Break, zoom out
What we got  We got a customized router that  Gets its WAN IP using DHCP on a port connected to ISP modem  Has an IP on a LAN segment (192.168.0.14/28)  Provides a DHCP server on the LAN segment (192.168.0.0/28)  Has an src-nat masquerading rule to allow LAN to access Internet  We got a customized firewall  Allows traffic from the LAN segment and a fail-over interface  Denies traffic from everywhere else (including WAN)  Detects scan attempts on WAN interface, and ban them  Isn't it cool so far ? ;-)
Advanced usage and techniques
Wifi and VLANs Advanced usage and techniques
VLANs  Virtual LANs , 802.1Q  Allow several LAN to pass through  The same switch segment (L2), same switch ports  Very useful to isolate traffics  But still keep them in the same physical cables  High security and performance  VLAN A cannot communicate with VLAN B (in L2 , but L3)  Each VLAN has its own broadcast domain  QOS possible (802.1P)  Class Of Service possible / Traffic Priorisation
VLAN example  Each VLAN shares the same physical switch/ports  But two VLAN cant communicate with each other at L2 VLAN200 VLAN100
VLAN use case example  Let's isolate our 192.168.0.0/28 network for us : private network (untaggued)  Any unknown soul connecting will be assigned special VLAN100  Let's connect a wifi AP , distributing those 2 VLANs :  SSID "my-private-network" : untaggued  SSID "my-public-network" : taggued in VLAN100
Wifi with VLAN VPN LAN WAN Untrusted input NAT VLAN 100
AP on LAN  If you bridge your AP on LAN, it will be given an IP by your DHCP-server  And it will serve clients on the LAN segments  Just all right 192.168.0.0/28192.168.0.0/28 WAN
AP with VLAN public wifi private wifiprivate wifi private LANprivate LAN WAN
Adding the VLAN  Add a new VLAN on our bridge  VLAN ID = 100
Adding the IP  Add an IP to the router on this VLAN  Let's choose 192.168.1.14  Let's choose a network of 192.168.1.0/28
Adding the DHCP server  Let's add a new DHCP server so that clients connected to this VLAN will be given some network conf  192.168.1.1 to 192.168.1.13 (/28 network)
Allow VLAN to access WAN  Let's NAT it to give it Internet (WAN) access
Et voilà
Connecting to a second ISP (multi-homing) Advanced usage and techniques
Connecting to a second ISP  If our ISP goes down, we won't have Internet access any more :- (  Why not apply to a second ISP ?  Prices are cheap nowadays, we really can afford it  Or even more ? 3 ISPs ?
A second ISP LAN WAN1 NAT VLAN 100 LAN WAN2
A second default route ?  ISP == Internet access , let's add then a second default route  The route "distance" metric tells which one to use when several routes exist for the same target  The smallest distance will be prefered  With such a setup, if one ISP goes down, the router will automatically, and transparently route traffic to the other one  We got a fail-over setup :-)
Security with several ISP  Now, pirates have a second door they can fire in  A nice solution to that, is to group both ISP interfaces (eth9 and eth10) into an interface group  And use this group into the firewall WAN1 WAN2
Wait ....  Our setup actually has a big problem ...
Asymetric routing and connection stickyness  If one incoming connection (to one of our server f.e) comes from ISP #1  We must be sure answer will leave our router back to ISP #1  If it leaves through ISP #2 , as we NAT the output, the packet will get dropped by the destination  And that will leak our ISP #2 IP to our destination  We need sticky connections  We'll use the firewall mangle to perform that step
Setting up sticky connections  Mark for internal network (forward)  Mark also for router traffic (input / output)
Balancing traffic through ISPs  Instead of fail-over, you can also balance the output traffic  If you want to balance with no specific rule, use an ECMP route type  You add one route, but several gateways for them  ROS will balance using an L3 balance policy
RouterOS Other ideas and scenarios
Children VLAN  Children at home connect to their own VLAN  Manual config, MAC fixed config or 802.1x advanced authentication  Only activate forward to Internet at fixed hours  Time for bed ? Internet "disconnects itself"  Easy to ban an IP or a MAC for some time  "Do your homework first"  L7 filter (high CPU needed)  Deny L7 keywords : "facebook" , "war", "sex"  Deny protocols : p2p, torrent, etc...  Traffic limit (Only 3Mbps down and 1 up [, from 11am to 5pm] )  L7 HTTP interception (transparent proxy) and filtering
QOS  Route TV VLAN and VOIP (phone) VLANs independently  QOS traffic at L2 or L3  Allocate bandwidth dynamically  Prevent IGMP Snooping broadcasts
Automation  Add IP Cameras or any full automation system  Isolate L2 using VLANS  Secure with 802.1X (Radius auth, auto VLAN assignment)  Route L3  Implement aggressive security for your IOT  Control everything easily , remotely
Ideas  For this connection, drop one packet out of XXX  Script X to be dynamic  Randomly drop packets  Blackhole IP or even AS  Deny access to whole networks at routing level  Anti DDOS useful technics  Give network access only through specific time spans  Detect attacks, block attakers, limit bandwidth with queues
Thank you for listening

Recommended

L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICESL2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
Faelix Ltd
 
Naked BGP
Naked BGPNaked BGP
Naked BGP
Thomas Mangin
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
Pavel Odintsov
 
HIGH SPEED U.S.B 3.0
HIGH SPEED U.S.B 3.0HIGH SPEED U.S.B 3.0
HIGH SPEED U.S.B 3.0
pranay agrawal
 
Introduction to routers
Introduction to routersIntroduction to routers
Introduction to routersSantosh Kulkarni
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux Systems
Toradex
 
Dedicated server brussels
Dedicated server brusselsDedicated server brussels
Dedicated server brussels
Debranjan Bhattacharyya
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edge
Faelix Ltd
 

Recommended

L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICESL2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
L2TP 101 ON-RAMP TO CONSUMING WHOLESALE BROADBAND SERVICES
Faelix Ltd
 
Naked BGP
Naked BGPNaked BGP
Naked BGP
Thomas Mangin
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
Pavel Odintsov
 
HIGH SPEED U.S.B 3.0
HIGH SPEED U.S.B 3.0HIGH SPEED U.S.B 3.0
HIGH SPEED U.S.B 3.0
pranay agrawal
 
Introduction to routers
Introduction to routersIntroduction to routers
Introduction to routersSantosh Kulkarni
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux Systems
Toradex
 
Dedicated server brussels
Dedicated server brusselsDedicated server brussels
Dedicated server brussels
Debranjan Bhattacharyya
 
VYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edgeVYOS & RPKI at the BGP as edge
VYOS & RPKI at the BGP as edge
Faelix Ltd
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
Ali Layth
 
tplink manual best
tplink manual best tplink manual best
tplink manual best
bhandaridaka
 
Polstra 44con2012
Polstra 44con2012Polstra 44con2012
Polstra 44con2012
Philip Polstra
 
Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...
Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...
Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...codebits
 
IoT: Internet of Things with Python
IoT: Internet of Things with PythonIoT: Internet of Things with Python
IoT: Internet of Things with Python
Lelio Campanile
 
Internet of things - with routers
Internet of things - with routersInternet of things - with routers
Internet of things - with routers
Tavish Naruka
 
6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)
Jeff Green
 
ExaBGP at LINX 83
ExaBGP at LINX 83ExaBGP at LINX 83
ExaBGP at LINX 83
Thomas Mangin
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt
承翰 蔡
 
7.) convergence (w automation)
7.) convergence (w automation)7.) convergence (w automation)
7.) convergence (w automation)
Jeff Green
 
Mutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand InterconnectMutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand Interconnect
Naoto MATSUMOTO
 
Arduino Meetup with Sonar and 433Mhz Radios
Arduino Meetup with Sonar and 433Mhz RadiosArduino Meetup with Sonar and 433Mhz Radios
Arduino Meetup with Sonar and 433Mhz Radios
roadster43
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
Juan De Bravo
 
Wireless Catalog - Inter. Clouds 2016
Wireless Catalog - Inter. Clouds 2016Wireless Catalog - Inter. Clouds 2016
Wireless Catalog - Inter. Clouds 2016Sharon Cheung
 
29c3 OpenBTS workshop - Hardware and sotware
29c3 OpenBTS workshop - Hardware and sotware29c3 OpenBTS workshop - Hardware and sotware
29c3 OpenBTS workshop - Hardware and sotware
Alexander Chemeris
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! night
Andy Gelme
 
ESP8266 and IOT
ESP8266 and IOTESP8266 and IOT
ESP8266 and IOT
dega1999
 
20.) physical (optics copper and power)
20.) physical (optics copper and power)20.) physical (optics copper and power)
20.) physical (optics copper and power)
Jeff Green
 
Making wearables with NodeMCU - FOSDEM 2017
Making wearables with NodeMCU - FOSDEM 2017Making wearables with NodeMCU - FOSDEM 2017
Making wearables with NodeMCU - FOSDEM 2017
Etiene Dalcol
 
NETWORK INTERFACE CARD
NETWORK INTERFACE CARDNETWORK INTERFACE CARD
NETWORK INTERFACE CARD
SubhamKumarYadav2
 
Manuale Router Sitecom Wl577
Manuale Router Sitecom Wl577Manuale Router Sitecom Wl577
Manuale Router Sitecom Wl577guest854c41d
 
Domotic dojo!
Domotic dojo!Domotic dojo!
Domotic dojo!
Dr. Paolo Di Prodi
 

More Related Content

What's hot

MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
Ali Layth
 
tplink manual best
tplink manual best tplink manual best
tplink manual best
bhandaridaka
 
Polstra 44con2012
Polstra 44con2012Polstra 44con2012
Polstra 44con2012
Philip Polstra
 
Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...
Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...
Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...codebits
 
IoT: Internet of Things with Python
IoT: Internet of Things with PythonIoT: Internet of Things with Python
IoT: Internet of Things with Python
Lelio Campanile
 
Internet of things - with routers
Internet of things - with routersInternet of things - with routers
Internet of things - with routers
Tavish Naruka
 
6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)
Jeff Green
 
ExaBGP at LINX 83
ExaBGP at LINX 83ExaBGP at LINX 83
ExaBGP at LINX 83
Thomas Mangin
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt
承翰 蔡
 
7.) convergence (w automation)
7.) convergence (w automation)7.) convergence (w automation)
7.) convergence (w automation)
Jeff Green
 
Mutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand InterconnectMutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand Interconnect
Naoto MATSUMOTO
 
Arduino Meetup with Sonar and 433Mhz Radios
Arduino Meetup with Sonar and 433Mhz RadiosArduino Meetup with Sonar and 433Mhz Radios
Arduino Meetup with Sonar and 433Mhz Radios
roadster43
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
Juan De Bravo
 
Wireless Catalog - Inter. Clouds 2016
Wireless Catalog - Inter. Clouds 2016Wireless Catalog - Inter. Clouds 2016
Wireless Catalog - Inter. Clouds 2016Sharon Cheung
 
29c3 OpenBTS workshop - Hardware and sotware
29c3 OpenBTS workshop - Hardware and sotware29c3 OpenBTS workshop - Hardware and sotware
29c3 OpenBTS workshop - Hardware and sotware
Alexander Chemeris
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! night
Andy Gelme
 
ESP8266 and IOT
ESP8266 and IOTESP8266 and IOT
ESP8266 and IOT
dega1999
 
20.) physical (optics copper and power)
20.) physical (optics copper and power)20.) physical (optics copper and power)
20.) physical (optics copper and power)
Jeff Green
 
Making wearables with NodeMCU - FOSDEM 2017
Making wearables with NodeMCU - FOSDEM 2017Making wearables with NodeMCU - FOSDEM 2017
Making wearables with NodeMCU - FOSDEM 2017
Etiene Dalcol
 
NETWORK INTERFACE CARD
NETWORK INTERFACE CARDNETWORK INTERFACE CARD
NETWORK INTERFACE CARD
SubhamKumarYadav2
 

What's hot (20)

MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
 
tplink manual best
tplink manual best tplink manual best
tplink manual best
 
Polstra 44con2012
Polstra 44con2012Polstra 44con2012
Polstra 44con2012
 
Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...
Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...
Hardware Hacking area: Make Cool Things with Microcontrollers (and learn to s...
 
IoT: Internet of Things with Python
IoT: Internet of Things with PythonIoT: Internet of Things with Python
IoT: Internet of Things with Python
 
Internet of things - with routers
Internet of things - with routersInternet of things - with routers
Internet of things - with routers
 
6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)
 
ExaBGP at LINX 83
ExaBGP at LINX 83ExaBGP at LINX 83
ExaBGP at LINX 83
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt
 
7.) convergence (w automation)
7.) convergence (w automation)7.) convergence (w automation)
7.) convergence (w automation)
 
Mutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand InterconnectMutating IP Network Model Ethernet-InfiniBand Interconnect
Mutating IP Network Model Ethernet-InfiniBand Interconnect
 
Arduino Meetup with Sonar and 433Mhz Radios
Arduino Meetup with Sonar and 433Mhz RadiosArduino Meetup with Sonar and 433Mhz Radios
Arduino Meetup with Sonar and 433Mhz Radios
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
 
Wireless Catalog - Inter. Clouds 2016
Wireless Catalog - Inter. Clouds 2016Wireless Catalog - Inter. Clouds 2016
Wireless Catalog - Inter. Clouds 2016
 
29c3 OpenBTS workshop - Hardware and sotware
29c3 OpenBTS workshop - Hardware and sotware29c3 OpenBTS workshop - Hardware and sotware
29c3 OpenBTS workshop - Hardware and sotware
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! night
 
ESP8266 and IOT
ESP8266 and IOTESP8266 and IOT
ESP8266 and IOT
 
20.) physical (optics copper and power)
20.) physical (optics copper and power)20.) physical (optics copper and power)
20.) physical (optics copper and power)
 
Making wearables with NodeMCU - FOSDEM 2017
Making wearables with NodeMCU - FOSDEM 2017Making wearables with NodeMCU - FOSDEM 2017
Making wearables with NodeMCU - FOSDEM 2017
 
NETWORK INTERFACE CARD
NETWORK INTERFACE CARDNETWORK INTERFACE CARD
NETWORK INTERFACE CARD
 

Similar to Mastering your home network - Do It Yourself

Manuale Router Sitecom Wl577
Manuale Router Sitecom Wl577Manuale Router Sitecom Wl577
Manuale Router Sitecom Wl577guest854c41d
 
Domotic dojo!
Domotic dojo!Domotic dojo!
Domotic dojo!
Dr. Paolo Di Prodi
 
Videoconferencing Technology Workshop
Videoconferencing Technology WorkshopVideoconferencing Technology Workshop
Videoconferencing Technology WorkshopVideoguy
 
Hubs vs switches vs routers
Hubs vs switches vs routersHubs vs switches vs routers
Hubs vs switches vs routers
3Anetwork com
 
There and back again
There and back againThere and back again
There and back again
Jon Spriggs
 
Network hardware
Network hardwareNetwork hardware
Network hardware
snoonan
 
Network devices
Network devicesNetwork devices
Network devicesarpbak
 
Guide to home networking
Guide to home networkingGuide to home networking
Guide to home networking
Dilan Gilluly
 
Ipv4 tutorial
Ipv4 tutorialIpv4 tutorial
Ipv4 tutorial
Edress Oryakhail
 
Ipv4 tutorial
Ipv4 tutorialIpv4 tutorial
Ipv4 tutorialsaryu2011
 
Webinar ethernet basics part a v1.3
Webinar ethernet basics part a v1.3Webinar ethernet basics part a v1.3
Webinar ethernet basics part a v1.3wilbertl
 
BASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALSBASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALS
Varinder Singh Walia
 
Networking
NetworkingNetworking
Networking
Tarun Jaiswal
 
Using linux as_a_router
Using linux as_a_routerUsing linux as_a_router
Using linux as_a_router
HARRY CHAN PUTRA
 
Convergence of device and data at the Edge Cloud
Convergence of device and data at the Edge CloudConvergence of device and data at the Edge Cloud
Convergence of device and data at the Edge Cloud
Michelle Holley
 
WiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless RouterWiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless Router
Wispot
 
The difference between a hub, switch and router webopedia
The difference between a hub, switch and router webopediaThe difference between a hub, switch and router webopedia
The difference between a hub, switch and router webopedia
Harikiran Raju
 

Similar to Mastering your home network - Do It Yourself (20)

Manuale Router Sitecom Wl577
Manuale Router Sitecom Wl577Manuale Router Sitecom Wl577
Manuale Router Sitecom Wl577
 
Domotic dojo!
Domotic dojo!Domotic dojo!
Domotic dojo!
 
Videoconferencing Technology Workshop
Videoconferencing Technology WorkshopVideoconferencing Technology Workshop
Videoconferencing Technology Workshop
 
Hubs vs switches vs routers
Hubs vs switches vs routersHubs vs switches vs routers
Hubs vs switches vs routers
 
There and back again
There and back againThere and back again
There and back again
 
Network hardware
Network hardwareNetwork hardware
Network hardware
 
Networking
NetworkingNetworking
Networking
 
Network devices
Network devicesNetwork devices
Network devices
 
Guide to home networking
Guide to home networkingGuide to home networking
Guide to home networking
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Ipv4 tutorial
Ipv4 tutorialIpv4 tutorial
Ipv4 tutorial
 
Ipv4 tutorial
Ipv4 tutorialIpv4 tutorial
Ipv4 tutorial
 
Webinar ethernet basics part a v1.3
Webinar ethernet basics part a v1.3Webinar ethernet basics part a v1.3
Webinar ethernet basics part a v1.3
 
BASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALSBASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALS
 
Networking
NetworkingNetworking
Networking
 
Using linux as_a_router
Using linux as_a_routerUsing linux as_a_router
Using linux as_a_router
 
Convergence of device and data at the Edge Cloud
Convergence of device and data at the Edge CloudConvergence of device and data at the Edge Cloud
Convergence of device and data at the Edge Cloud
 
WiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless RouterWiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless Router
 
The difference between a hub, switch and router webopedia
The difference between a hub, switch and router webopediaThe difference between a hub, switch and router webopedia
The difference between a hub, switch and router webopedia
 
Network
NetworkNetwork
Network
 

More from julien pauli

Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019
julien pauli
 
Php engine
Php enginePhp engine
Php engine
julien pauli
 
PHP 7 OPCache extension review
PHP 7 OPCache extension reviewPHP 7 OPCache extension review
PHP 7 OPCache extension review
julien pauli
 
PHP Internals and Virtual Machine
PHP Internals and Virtual MachinePHP Internals and Virtual Machine
PHP Internals and Virtual Machine
julien pauli
 
Basics of Cryptography - Stream ciphers and PRNG
Basics of Cryptography - Stream ciphers and PRNGBasics of Cryptography - Stream ciphers and PRNG
Basics of Cryptography - Stream ciphers and PRNG
julien pauli
 
SymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesSymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performances
julien pauli
 
Php and threads ZTS
Php and threads ZTSPhp and threads ZTS
Php and threads ZTS
julien pauli
 
Tcpip
TcpipTcpip
Tcpip
julien pauli
 
Symfony live 2017_php7_performances
Symfony live 2017_php7_performancesSymfony live 2017_php7_performances
Symfony live 2017_php7_performances
julien pauli
 
PHP 7 new engine
PHP 7 new enginePHP 7 new engine
PHP 7 new engine
julien pauli
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshop
julien pauli
 
Profiling php5 to php7
Profiling php5 to php7Profiling php5 to php7
Profiling php5 to php7
julien pauli
 
PHP 7 performances from PHP 5
PHP 7 performances from PHP 5PHP 7 performances from PHP 5
PHP 7 performances from PHP 5
julien pauli
 
PHP7 is coming
PHP7 is comingPHP7 is coming
PHP7 is coming
julien pauli
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extension
julien pauli
 
Php extensions workshop
Php extensions workshopPhp extensions workshop
Php extensions workshopjulien pauli
 
Understanding PHP objects
Understanding PHP objectsUnderstanding PHP objects
Understanding PHP objectsjulien pauli
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13julien pauli
 
PHP5.5 is Here
PHP5.5 is HerePHP5.5 is Here
PHP5.5 is Here
julien pauli
 

More from julien pauli (20)

Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019Doctrine with Symfony - SymfonyCon 2019
Doctrine with Symfony - SymfonyCon 2019
 
Php engine
Php enginePhp engine
Php engine
 
PHP 7 OPCache extension review
PHP 7 OPCache extension reviewPHP 7 OPCache extension review
PHP 7 OPCache extension review
 
Dns
DnsDns
Dns
 
PHP Internals and Virtual Machine
PHP Internals and Virtual MachinePHP Internals and Virtual Machine
PHP Internals and Virtual Machine
 
Basics of Cryptography - Stream ciphers and PRNG
Basics of Cryptography - Stream ciphers and PRNGBasics of Cryptography - Stream ciphers and PRNG
Basics of Cryptography - Stream ciphers and PRNG
 
SymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performancesSymfonyCon 2017 php7 performances
SymfonyCon 2017 php7 performances
 
Php and threads ZTS
Php and threads ZTSPhp and threads ZTS
Php and threads ZTS
 
Tcpip
TcpipTcpip
Tcpip
 
Symfony live 2017_php7_performances
Symfony live 2017_php7_performancesSymfony live 2017_php7_performances
Symfony live 2017_php7_performances
 
PHP 7 new engine
PHP 7 new enginePHP 7 new engine
PHP 7 new engine
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshop
 
Profiling php5 to php7
Profiling php5 to php7Profiling php5 to php7
Profiling php5 to php7
 
PHP 7 performances from PHP 5
PHP 7 performances from PHP 5PHP 7 performances from PHP 5
PHP 7 performances from PHP 5
 
PHP7 is coming
PHP7 is comingPHP7 is coming
PHP7 is coming
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extension
 
Php extensions workshop
Php extensions workshopPhp extensions workshop
Php extensions workshop
 
Understanding PHP objects
Understanding PHP objectsUnderstanding PHP objects
Understanding PHP objects
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13
 
PHP5.5 is Here
PHP5.5 is HerePHP5.5 is Here
PHP5.5 is Here
 

Recently uploaded

JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 

Recently uploaded (20)

JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 

Mastering your home network - Do It Yourself

  • 1. Mastering your home network stack with SOHO pro hardware
  • 2. Main Course  1°) Throw away your ISP "box", use a basic modem/ONT  2°) Buy a real hardware router  3°) Buy your other network hardware (Wifi AP, switch, wires, adapters, etc...)  4°) Plug-in and master everything  VLANs (802.1q)  QOS, traffic shaping, load balancing, 802.1p prio  Custom routing rules and routing tables, VRF, MPLS  VPN to external sites  BGP / OSPF advanced dynamic routing  ...
  • 4. What, why ?  Internet Service Provider (ISP) deliver "BOXes" as Customer Premises Equipment (CPE) of their network  They want their customer to plug-and-play  Those BOXes, are very cheap and locked hardware  In a word, they are poor  Don't trust the marketing song of your ISP  They work for very basic usages  They are usually not very secured  https://blog.mossroy.fr/2016/03/31/failles-de-securite-sur-les- modems-sfrnumericable
  • 5. Why change ?  To master things from A to Z  To support more devices (IOT, domotic, servers) in your house  If you have many devices, better get rid of your box  If you need input traffic (self hosted infrastructure)  If you want to push security further (IOT ?)  If you want to load-balance with several ISP  If you want to peer with other trusted people (through VPN)  And create/manage your own Internet  If you need security (through IPSEC f.e)
  • 8. As a reminder  Protocols are open  You should be able to change any hardware, by another (from different brand)  As soon as it talks the same protocols, it must work  Some ISP don't follow RFCs for some protocols  That makes you have to use DPA/DPI  That makes you have to patch your stack
  • 10. My experience, my knowledge, my shares  Actually at home...  I own several different Internet provider connections  IP failover, advanced routing scenarios, traffic shapping and QOS  Dual stack IPV4 and IPV6  Separation of input and output streams  I have several machines and wifi networks  I have no more "boxes"  I'm VPN linked with other guys doing same stuff as me  I'm hosting some public Internet services (DNS, HTTP, etc...)
  • 11. Using a modem in place of your box
  • 12. Getting rid of your box  To trash your box, you need a modem, depending on the technology provided.  ADSL  Then you can plug-in an ADSL modem  Cable (DOCSIS)  You may use a DOCSIS modem  Fiber ONT based  You can plug-in using RJ45 or SFP  Fiber Raw mode  You may plug-in using an SFP adapter
  • 13. Notice  I talked about modems to manage input ISP stream, not routers  Many modem actually can/do route  Do not use their router ! !  We must use the modem just to convert the signal, into an RJ45 socket  Then, we'll plug our RJ45 RAW Internet cable, into our own router, of our taste  Buy the "simplest" modem, if possible, with no router inside  Mind the chipset (Broadcom are good)
  • 19. Keeping your box, at a minimum  You dont want to buy a modem ?  There is a solution of keeping your provider box  But only use it as a modem !  Disable anything else, but the modem  Especially : disable their shitty slow/unsecure poor router  This is called the "bridge mode" (L2 bridge)
  • 20. Box as a modem : bridge mode  2 scenarios (2018) :  Your box can be bridged (L2)  SFR/Numéricable LaBox  Freebox  Everything is then all right  Your box cant be bridged (L2)  Others (Orange, Bouygues)  You'll need to buy a modem  Or suffer from horrible network stack (DMZ, or Double-NAT)  If fiber technology, you should use ONT or Raw SFP
  • 21. ISP Box Conclusion  Ask to run the box as a modem, not a router (bridge mode)  If possible : you can keep your box  Free - SFR  If not possible : you must replace it by custom hardware  Orange - Btel  Dont use the box router (router mode)  Other alternative ISP exist
  • 22. I got my Internet plug !  Bridged-box or custom modem , now , your Internet connexion is arriving through one cable  It is time to route it and start doing some network stuff 85.2.208.135* 2a01:ca:b5ee:ed::/56* * : example provider IP
  • 24. Router  Pay the price : the heart of your network  Too many references on the market  Do not choose a general purpose low level brand  Linksys, tp-link, netgear, etc...  Don't blindly trust marketing  Those are not really better than ISP box  Poor hardware  Not many customization  No routing protocol management  No VPN possibilities, or weak ones  In a word : low-level entry market products (even "advanced" ones)
  • 25. Professional router brands  Turn to professional dedicated hardware brands  Datacenter hardware is not for your usage and cost  SOHO is what you need : Small Office Home Office hardware  SOHO are not that much expensive (60€ to 1000€)  The smallest SOHO router starts by about 60-80€  2 kinds  Open , based on Linux or Unix stacks  Ubiquiti (Debian based) ; DDWRT, Turris Omnia, others ...  Closed, based on custom OS (Unix derivated often)  Cisco's IOS , Mikrotik's RouterOS , Juniper's Junos, etc...
  • 26. My experience  I run Mikrotik for router and wifi spot  Professional hardware  "RouterOS" is the name of the OS  Not open source  Based on Linux Kernel  Full of features, stable, maintained  Licence pricing is really good  Perfect for advanced networking at home or for small businesses (SOHO), with a clearly reasonnable pricing  I run Ubiquiti for switch  Perfect balance in price / usage for SOHO
  • 27. Ubiquiti routers  Ubiquiti is another trade providing Debian based hardwares
  • 28. Turris Omnia router  Again, Linux based  OpenWRT
  • 29. Mikrotik  https://mikrotik.com/  https://routerboard.com/  Size your needs  Prices go from 60$ to 4000$ per unit (L3 routers)  Basically, the CPU and RAM will increase the price  If you need VPN, QOS or high traffic firewalling, take care of CPU and RAM  Mind the hardware dimensions  Some are small devices, some are 1U rack sized
  • 30. Mikrotik example routers  https://routerboard.com/RB2011iL-IN  ~ 100€
  • 32. Mikrotik example routers  https://routerboard.com/RB1100AHx2  ~250€
  • 33. Mikrotik example routers  https://routerboard.com/CCR1009-7G-1C-1SplusPC  ~450€
  • 34. Wifi ?  Don't fear the wifi.  Wifi support will be added to our stack thanks to Access Points (AP)  Usually better than embeded router wifi
  • 35. Router quick tour  Every port can be wired independently  Some devices provide switch chips  Some devices provide Wifi  It's better to use dedicated hardware for such tasks  You basically tell each port what you want it to do  1/ You create L2 and L3 links  2/ You arrange routes  3/ You secure everything with the integrated firewall  4/ You control traffic bandwidth with queues and QOS
  • 39. Dedicated switches  The problem with routers is that they are not good switches  They may do the job, but take care of not going through the CPU for switching purposes  Tip : bridges trafic often go through CPU  Buy the right hardware for the right purpose  For full L2 switching, nothing beats switch ASICS
  • 40. Using a dedicated switch 192.168.1.0/29 192.168.0.0/28192.168.0.0/28 93.235.6.18 VLAN trunk
  • 41. Even better with 802.1ad LACP 192.168.1.0/29 192.168.0.0/28192.168.0.0/28 93.235.6.18 VLAN trunk LACP
  • 42. More complex setup provider #1 provider #2 provider #1 TV stream provider #2 SIP stream IP cameras computers NAS Iots
  • 44. RouterOS  A full Network OS  You must familiarize with it  You must have strong general networking knowledge (master OSI, master TCP/IP and common protocols at several layers)  RouterOS supports  Firewalling - IPSEC - Routing - Switching - MPLS - VPN - Wireless - DHCP - Hotspot - Bonding - QOS(HTB/PCQ) - Proxy - SMB - DNS - SNMP - RADIUS - TFTP - PPP,ISDN - Bridging(STP/RSTP) - Telnet/SSH - Packet Sniffer - Ping flood - traceroute - Scripting - File fetch - Trafic generator - SOCKS - ...  In short : many advanced technologies in one box  Have a look at the licencing details
  • 45. RouterOS details  You may access RouterOS using :  Web HTTP-HTTPS access  SSH / Telnet, using command line  WinBox (Windows GUI tool)  Console port (special cable needed)  FTP-TFTP for internal storage access  An HTTP interface demo exists online  At http://demo.mt.lv  Documentation  https://wiki.mikrotik.com/wiki/Manual:TOC
  • 48. Let's go for our first simple example
  • 49. Let's go for our first simple example Distributing Internet at home
  • 50. Very simple Internet sharing setup Gigabit switch 1 WAN modem PC1 PC2 Ethernet switch 2 (unused)
  • 51. What we need  Isolate port 10 (eth10) from switch 2 : this is WAN  Use full switch 1 by bridging ports together  Associate a dhcp-client to eth10 (Wan) if ISP doesn't provide fixed IP  Create an IP and network for the full switch 1 (LAN)  Let's choose 192.168.0.0/28  Let's add it a DHCP-server  Create a source NAT on eth10 for LAN traffic to be NATed over WAN
  • 52. GO
  • 53. We have a simple setup :-) DHCP client 98.2.245.78 192.168.0.14 network 192.168.0.0/28 DHCP server 192.168.0.1192.168.0.2 NAT masquerade Routing table : 0.0.0.0/0 -> 98.2.245.1 98.2.245.0/24 -> eth10 192.168.0.0/28 -> switch1
  • 54. Linux utilities and network debugging tools  mtr  ipcalc  iperf  nmap  ethtool  And of course :  tcpdump / wireshark  switch port mirroring  TZSP
  • 56. Security foreword  If you want to design your own network from scratch , you are responsible of your own security  Bad firewall configuration will lead into security breaches in your home, from external , through the wires.  Take care  Secure your network like your secure your home  Lock doors  Take care of basement, windows and other ways to reach you  Think about everything
  • 57. WAN security  Your WAN part is directly connected to Internet  You'll then start experiencing attacks to your external IP  You must now protect yourself  From WAN input traffic , that's the basics (IN)  From your own untrusted output traffic, that's optional (OUT)  Welcome FIREWALL
  • 58. Firewall filter chains  Input  Traffic which dest-addr is one of your router's  Forward  Traffic flowing through your router (which dst-addr is routable and not one of your router's)  Output  Traffic generated by the router internal OS, which src-addr will be one of your router's  "FooBar"  You can create as many custom chains as you want
  • 59. Firewall : main rules  One rule targets one chain (not zero, not several : one)  Input  Forward  Output  Xyzbaz : custom chain (you can add infinite custom chains)  For every chain, rules are ordered  If rule 3 breaks the chain (by DROPing for example), then rule 4 and others won't be triggered  Rules can jump  You can say "rule 3, match packets XXXX and jump to chain ZZZZ"  You have to carefully follow the packet path into your head  Don't get lost !
  • 60. Firewall perf  We use connection tracking firewall here  Activated by default. Can be setup (connection lifetimes)  Raw firewall is available too  If you don't organize flows the right way  You'll burn your CPU as traffic increases  Organize rules (they are ordered in lists) cleverly  The most likely to happen should come first  To some point, you'll need better hardware (CPU and RAM)  Time to upgrade then  At 1Gbps per link, that can increase very fast according to needs
  • 61. Let's add our firewall rules
  • 62. Accept ICMP  Don't blindly block ICMP  Internet Control Message Protocol  A good engineer does not blindly block all ICMP traffic  ICMP is used to debug your router and networks  Mainly using "ping" or "traceroute"  ICMP is used to debug IP  "network unreachable", "admin prohibited", "frag. needed"  Thus ICMP helps router and OSI 4 protocols (TCP)  ICMP is mandatory to IPV6 (cant work without it)
  • 63. Or at least, control ICMP  You may suffer from ICMP attacks  Then you may limit ICMP traffic to some rate  Or you may classify ICMP traffic  http://www.nthelp.com/icmp.html
  • 64. Drop Invalid  Invalid packets are packets which present themselves as being part of a non existant connection  Not seen before by con-track firewall  Basically : traffic injection attempts / attacks or replays  Or networking problems  (Advanced routing protocol could suffer from that  We don't care at our level )
  • 65. Accept established  Established are packets from whom router knows something  Basically : this is the way-back return traffic  This rule is very useful to match the return traffic and not block it  You can blindly assume that you accept packets comming from connections you did create or accept, right ?  This rule will as well reduce firewall CPU pressure
  • 66. Accept forwarding  As a router, your role is to forward packets from one interface to another  Using routing tables  Let's accept default forwarding  This is by default  But adding a rule will allow you to remember that  And to collect statistics about it
  • 68. Firewall jail  Simple : you program the firewall so that you lock yourself out of the box.  Like when you close your front door, with keys in the lock on the other side  WARNING  It is easy to lock yourself out of your box  Always, keep that in mind while firewalling
  • 69. Firewall jail example  "For every INPUT , DROP it"  You just locked yourself out !  Connection will immediately get lost  4 solutions :  Reset your router ( pay the price ! )  Access using console port (you'll need a special console wire)  Prevent it by yourself opening a hidden door (a special port)  Use an embeded anti-lock system  Vendors usually provide anti-lock systems  Mikrotik provides two of them
  • 70. Open a "hidden" door by yourself  Here, eth9 can be used to connect to any router IP and access your router  This assumes you have a physical access to it  This assumes you open firewall in input using "in-interface" match
  • 71. Let's protect ourselves  Accept Input from trusted 192.168.0.0 network  Accept input from your fail-over interface  And deny Input from everywhere else  Reminder : Input means your router itself, not any else machine
  • 72. Reject Ip private ranges ("bogons") on ISP outputs  Also, you may blackhole/reject private IP routes (called "bogons")  RFC 1918 ranges and others  This may mitigate some DOS attacks and prevent private ranges from leaking to your ISP gateway  This is a well known network good practice for routers
  • 73. We are done :-)
  • 75. What we got  We got a customized router that  Gets its WAN IP using DHCP on a port connected to ISP modem  Has an IP on a LAN segment (192.168.0.14/28)  Provides a DHCP server on the LAN segment (192.168.0.0/28)  Has an src-nat masquerading rule to allow LAN to access Internet  We got a customized firewall  Allows traffic from the LAN segment and a fail-over interface  Denies traffic from everywhere else (including WAN)  Detects scan attempts on WAN interface, and ban them  Isn't it cool so far ? ;-)
  • 76. Advanced usage and techniques
  • 77. Wifi and VLANs Advanced usage and techniques
  • 78. VLANs  Virtual LANs , 802.1Q  Allow several LAN to pass through  The same switch segment (L2), same switch ports  Very useful to isolate traffics  But still keep them in the same physical cables  High security and performance  VLAN A cannot communicate with VLAN B (in L2 , but L3)  Each VLAN has its own broadcast domain  QOS possible (802.1P)  Class Of Service possible / Traffic Priorisation
  • 79. VLAN example  Each VLAN shares the same physical switch/ports  But two VLAN cant communicate with each other at L2 VLAN200 VLAN100
  • 80. VLAN use case example  Let's isolate our 192.168.0.0/28 network for us : private network (untaggued)  Any unknown soul connecting will be assigned special VLAN100  Let's connect a wifi AP , distributing those 2 VLANs :  SSID "my-private-network" : untaggued  SSID "my-public-network" : taggued in VLAN100
  • 82. AP on LAN  If you bridge your AP on LAN, it will be given an IP by your DHCP-server  And it will serve clients on the LAN segments  Just all right 192.168.0.0/28192.168.0.0/28 WAN
  • 83. AP with VLAN public wifi private wifiprivate wifi private LANprivate LAN WAN
  • 84. Adding the VLAN  Add a new VLAN on our bridge  VLAN ID = 100
  • 85. Adding the IP  Add an IP to the router on this VLAN  Let's choose 192.168.1.14  Let's choose a network of 192.168.1.0/28
  • 86. Adding the DHCP server  Let's add a new DHCP server so that clients connected to this VLAN will be given some network conf  192.168.1.1 to 192.168.1.13 (/28 network)
  • 87. Allow VLAN to access WAN  Let's NAT it to give it Internet (WAN) access
  • 89. Connecting to a second ISP (multi-homing) Advanced usage and techniques
  • 90. Connecting to a second ISP  If our ISP goes down, we won't have Internet access any more :- (  Why not apply to a second ISP ?  Prices are cheap nowadays, we really can afford it  Or even more ? 3 ISPs ?
  • 92. A second default route ?  ISP == Internet access , let's add then a second default route  The route "distance" metric tells which one to use when several routes exist for the same target  The smallest distance will be prefered  With such a setup, if one ISP goes down, the router will automatically, and transparently route traffic to the other one  We got a fail-over setup :-)
  • 93. Security with several ISP  Now, pirates have a second door they can fire in  A nice solution to that, is to group both ISP interfaces (eth9 and eth10) into an interface group  And use this group into the firewall WAN1 WAN2
  • 94. Wait ....  Our setup actually has a big problem ...
  • 95. Asymetric routing and connection stickyness  If one incoming connection (to one of our server f.e) comes from ISP #1  We must be sure answer will leave our router back to ISP #1  If it leaves through ISP #2 , as we NAT the output, the packet will get dropped by the destination  And that will leak our ISP #2 IP to our destination  We need sticky connections  We'll use the firewall mangle to perform that step
  • 96. Setting up sticky connections  Mark for internal network (forward)  Mark also for router traffic (input / output)
  • 97. Balancing traffic through ISPs  Instead of fail-over, you can also balance the output traffic  If you want to balance with no specific rule, use an ECMP route type  You add one route, but several gateways for them  ROS will balance using an L3 balance policy
  • 98. RouterOS Other ideas and scenarios
  • 99. Children VLAN  Children at home connect to their own VLAN  Manual config, MAC fixed config or 802.1x advanced authentication  Only activate forward to Internet at fixed hours  Time for bed ? Internet "disconnects itself"  Easy to ban an IP or a MAC for some time  "Do your homework first"  L7 filter (high CPU needed)  Deny L7 keywords : "facebook" , "war", "sex"  Deny protocols : p2p, torrent, etc...  Traffic limit (Only 3Mbps down and 1 up [, from 11am to 5pm] )  L7 HTTP interception (transparent proxy) and filtering
  • 100. QOS  Route TV VLAN and VOIP (phone) VLANs independently  QOS traffic at L2 or L3  Allocate bandwidth dynamically  Prevent IGMP Snooping broadcasts
  • 101. Automation  Add IP Cameras or any full automation system  Isolate L2 using VLANS  Secure with 802.1X (Radius auth, auto VLAN assignment)  Route L3  Implement aggressive security for your IOT  Control everything easily , remotely
  • 102. Ideas  For this connection, drop one packet out of XXX  Script X to be dynamic  Randomly drop packets  Blackhole IP or even AS  Deny access to whole networks at routing level  Anti DDOS useful technics  Give network access only through specific time spans  Detect attacks, block attakers, limit bandwidth with queues
  • 103. Thank you for listening