Comments by "Javier Flores" (@JJFlores197) on "let's hack your home network // FREE CCNA // EP 9" video.

  1. I don't think VLANs inherently provide security, but it does help segment your network and make it easier to create firewall rules for different networks. For instance, you can have 2 networks: home network (for your personal devices) and a guest network/IoT network for guests or IoT devices. You can create firewall rules that prevent either network from talking to each other. So if you have a friend who brings in a potentially infected laptop (just for example) and he connects it to your guest network, it won't affect any of your devices on your private home network.
    2
  2. This is where it gets a bit tricky with firewall rules. You will want to create a rule that will basically allow your main network to talk to your IoT network, but only when you initiate the connection from your main network. I think its best if you go through a few forums that are dedicated to whatever IoT devices you use. That way you can get specific information and/or guidance. This can get finicky and may require some trial and error.
    2
  3. All of your family who uses the Plex server outside of your network would need to connect to the VPN server in order to connect to that Plex server. There may be some speed loss. How much depends on how far they are from your network and any intermediary routers.
    2
  4.  @lionintu  Is your Plex server hosted at your house? If so, you don't need a VPN service like Nord. That actually will not help you in anyway for this use case. You can setup a VPN server at home and then allow your family members to connect to your home network via VPN. However, they will have to configure the VPN connection on every device they want VPN access. There are free VPN servers like OpenVPN (it limits you to 2 concurrent connections for the free edition, though) that you can setup and host at home. However, as with anything, there is a security risk of allowing outside connections. So you have to be on top of any security updates and patches to mitigate potential security intrusions.
    2
  5. Well you would forward the necessary ports for Xbox Live and/or the game. That's the inherent risk of opening ports. It doesn't mean you're magically going to get hacked as soon as you open ports, but it is a risk.
    2
  6. Yes you can.
    2
  7. Depends on your provider. Most residential ISPs give you a dynamic IP address meaning it can change. However, how often it changes (or if at all) depends on your provider. Some may change it frequently. Others may lock your public IP with your router/modem. So if that never changes, your public IP may never change. Others may change it if you power cycle your router. Just depends on your ISP. Some providers offer static IP addresses which don't change, but that's not common in home networks. That's usually only offered to business accounts.
    2
  8. You could create a separate network for every device, but that's not ideal and will take a lot of time to setup. Generally, you create 2 networks: one for your trusted devices and another for your less trustworthy devices (like IOT devices, guest devices,etc). You can usually create firewall rules to prevent your two networks from talking to each other. You can get very granular with these types of setups, but it can get complex very quickly.
    2
  9. Linode is a cloud provider where you can run virtual machines on the cloud. A virtual machine is a virtual computer that you can run on top of your real computer or a dedicated server.
    2
  10.  @killjoybr  Your ISP wouldn't provide you with a VPN IP address. It is possible that the websites you are using to find out your public IPv4 address are not entirely accurate. When I had AT&T DSL, a lot of websites thought I was in Kansas when I live in California. With my fiber ISP, most websites either assume I'm somewhere in the bay area (where the ISP is based out of) or in Tehachapi in southern California.
    2
  11. Even then, that's not a real defense. With the appropriate tools, you can still find the name of a hidden SSID.
    1
  12. Who says you have to purchase anything? In most home networks, you don't need to buy anything. As long as you keep up with security patches for your router and computers, you're usually fine. Businesses usually buy firewalls along with subscriptions to them but that's a different setup.
    1
  13. If the router login password has been changed, you have no way of getting into it over the network unless you have physical access to do the device to factory reset it.
    1
  14. That's where it gets tricky. You can create firewall rules that allow devices on your main network to talk to the IoT network but not the other way around. There's usually no standardization for IoT devices so some functionality may not work when you segregate devices like this or you may need to look for workarounds for your router and IoT combination
    1
  15. What do you mean? By default, most typical home routers are somewhat locked down in terms of security.
    1
  16. Do you have any computer experience? Are you familiar with general PC troubleshooting and repair? Do you know how to install an operating system and drivers? If not, I suggest starting with the basics. There are many courses and guides and videos out there. Professor Messer is a good resource on YouTube. Once you have a general idea of basic IT knowledge, you can start looking deeper into networking topics. A lot of the higher level networking and security stuff builds on each other so it greatly helps to have a solid foundation of networking.
    1
  17. If you're serious about it, I strongly suggest doing your research. Read up as much as you can and practice. Not sure how easy that will be. Most 11 year olds don't have the dedication and attention span for technical reading, though. Its not impossible though.
    1
  18. What do you mean?
    1
  19. That's fine. Its just that if you have ports open, it could potentially make it easier for your router and/or VPN server to get hacked. It doesn't mean it will happen, but its just an inherent risk. Just make sure you stay up to date on your router and VPN server's security up to date.
    1
  20. Yes and no. If you have a fixed internet connection (say DSL or cable or fiber), you most likely have a unique public IP address from your provider. If you're on a cell network, you may have something caleld CG-NAT (Carrier Grade NAT). I don't fully understand it, but its basically a method used by cell providers to share a few public IPv4 addresses with many cellular devices in that area. The 192 IP address you mentioned is a private IP address. That address is only valid inside of your network. You can have 100s of home networks with that same private IP range and everything works fine since the only thing that matters is the public IP address that is assigned by your internet provider.
    1
  21. Its a cloud service. You can run a virtual machine in the cloud, so yes its a similar concept.
    1
  22. What do you mean?
    1
  23. lmao. What's a scam?
    1
  24. Probably the best thing is to do a clean install of Windows. Make a backup of any important files first, then a clean install. There's usually not much to do with a printer in terms of security. If you really are paranoid about, do a factory reset and change any default administrative passwords on it if it is on the network. Maybe check to see if there are any updates to its firmware.
    1
  25. Presumably, you give yourself permission so you should be fine. Do note that most cellphones have pretty good encryption and security mechanisms so it will be difficult to get into a password locked phone. As far as your computer, if its a Windows computer, there are ways to get around Windows' security.
    1
  26. I'm not entirely sure about those brands. I do know that you can create firewall rules that prevent your IoT devices from talking to your main network but still be able to control from your phone from the main network. The exact steps vary greatly depending on your router. There are plenty of forums dedicated to creating and setting IOT networks. The key is just to do a lot of research.
    1
  27. If you're running these attacks against your own network, then no. I would assume that if you're performing them on your equipment, you give yourself permission to hack yourself. The problems start when you do this against other people's network without their explicit permission.
    1
  28. That gets tricky depending on your IoT device. You can usually create firewall rules that basically state: allow any device from my main network to communicate with any IoT device in the IoT network, BUT only if it initiates from within my main network. That way, your IoT devices can't talk to your main network devices randomly. There's also something called mDNS (Multicast DNS) which can help with connectivity issues across VLANs. You'll have to do some research for your specific smart speaker.
    1
  29. Yep.
    1
  30. lmao this kid. "you are the best hacking teacher".... 🤣🤣
    1
  31.  @master_Lynx14  Whatever you say dude....
    1
  32. You're not the target audience for Cisco. Cisco is prohibitively expensive for home users and even a lot of small to medium companies. The best thing you can do for your network security is to keep your router up to date as well as your computers and devices with the latest security updates/patches. There are firewall appliances you can use, but they are not intended for home use. It doesn't mean you can't use them for home, but they aren't easy to setup and use.
    1
  33. That's usually your router's web interface. Most routers will have the IP address listed on the back or bottom.
    1
  34. Not quite sure I understand your setup. In general, the network drops on the wall have ethernet cables running to a network switch or patch panel.
    1
  35. I've had dynamic IP addresses with Comcast and AT&T and they never changed unless I replaced the modem. I've had the same public IP for almost 5 years now from Comcast.
    1
  36. Yes routers have different web interfaces. I was actually surprised to learn that TP Link allows you to test the web interfaces of different routers over the internet.
    1
  37. You could use a dedicated web host, but they usually cost money.
    1
  38. Extremely unlikely.
    1
  39. There's usually no need to do that.
    1
  40.  @yourboyMrlizard  I'm having trouble understanding your initial question...
    1
  41. You sure can use a vm to practice. I'm not sure what IP you're referring to. You will probably want to connect your virtual machine to a phone hotspot or other internet connection so that you can practice scanning your main internet connection from a different connection.
    1
  42. I don't fully understand computer security, but one of the ways people do this is by looking at the network. If they find a device of interest, they can try to figure out if that device has any known weak spots, or exploits. They then take advantage of the exploits to get inside the network.
    1
  43. ehh. kind of. He's an enthusiastic instructor but he lacks a lot of depth and information. Not knocking him, but once you get past the basic stuff he teaches, you will quickly see that he doesn't go as in-depth as he should.
    1
  44. Are you still able to ping your router from your computer? If it still doesn't work, you can factory reset your router to start over.
    1
  45. For a little bit, I created a bogus SSID called : COVID_LAB 😆😆
    1
  46. No. That only happens in movies. Your cell carrier can approximate your location, but they don't usually disclose that information unless required by law enforcement.
    1
  47. Sure thing spam bot...
    1
  48. It may be easier to connect your computer to your phone's data connection and run the commands on the computer itself. But if you can get nmap on your phone, it should work.
    1
  49. Not necessarily. Most home routers will create a VLAN for your home network that is isolated. In other words, the guest network cannot talk to the main home network and vice versa.
    1
  50. Look at it from a regular computer user's perspective. The vast majority of people who use computers don't know or don't care about this. Most people just want to be able to connect to their wifi and that's it. They don't want to have to configure their router or switch; they just want it to be plug and play. You and I and many other people like to play around with this stuff and that's fine. Just don't expect regular computer users to be interested in most of this stuff.
    1
  51. It could be that at some point your IP address was some one else's and they used it to spam or for other malicious purposes.
    1
  52. 🤣🤣
    1
  53. I don't think you're in the target audience for these types of videos to be honest.
    1
  54. Well the idea is that if you put the IoT devices on their own VLAN, they can't talk to other devices on other VLANs. If you need inter-VLAN communication, say your phone needs to connect to your smart speaker to play music, you can usually create firewall rules to allow your main network to talk to the IoT VLAN, but not the other way around. It gets tricky with IoT devices. You're better of researching the IOT devices you have and how they work with VLANs. Some can be easy to setup and others are significantly more tricky to get working correctly.
    1
  55. I'm not sure I understand. You should get a public IPv4 address (and likely IPv6) from your ISP. Can you clarify what you want to search internally for?
    1
  56. I'm sure he's using a VPN...
    1
  57. There are many linux distros out there. Pretty much all of the major ones have official webpages... If you don't know how to download a Linux distro, you probably aren't ready for 'hacking' yet. You may want to take a few steps back and learn some of the basics first.
    1
  58. I've had Xfinity for almost 4 years and have always used my own modem and router and they don't throttle my speeds. I do agree that Comcast is a horrible and unethical company, but I haven't had issues using my own equipment.
    1
  59. Well if it is a company issued computer, you should assume no privacy and that your employer can have some insight as to what you're doing on that system. how much they may see depends entirely on the software they use and how they use it.
    1