Warning: Attempt to read property "ID" on null in /var/www/blog/wp-content/themes/c2012/functions.php on line 39

Warning: Cannot modify header information - headers already sent by (output started at /var/www/blog/wp-content/themes/c2012/functions.php:39) in /var/www/blog/wp-includes/feed-rss2-comments.php on line 8
Comments on: Jailing IoT devices with OpenWRT https://blog.sergem.net/jailing-iot-devices-with-openwrt/ have to publish, sometimes Wed, 09 Sep 2020 00:40:33 +0000 hourly 1 https://wordpress.org/?v=6.1.6 By: admin https://blog.sergem.net/jailing-iot-devices-with-openwrt/#comment-466 Wed, 09 Sep 2020 00:40:33 +0000 http://blog.sergem.net/?p=238#comment-466 In reply to AJ.

You can do VLAN as well – the idea here is a) separate IoT traffic at OSI layer 1 or 2 b) shape IoT connection to the Internet to 5kbps, so device stays relatively happy but cannot mount any credible denial of service.

]]> By: AJ https://blog.sergem.net/jailing-iot-devices-with-openwrt/#comment-465 Wed, 09 Sep 2020 00:34:27 +0000 http://blog.sergem.net/?p=238#comment-465 In reply to Peter.

I’m new to OpenWrt and was also under that impression. Why is this a better solution than putting our IoT devices in a VLAN?

]]> By: Peter https://blog.sergem.net/jailing-iot-devices-with-openwrt/#comment-439 Sat, 11 Jan 2020 03:04:06 +0000 http://blog.sergem.net/?p=238#comment-439 Thank you for this. This might be very helpful for me as I recently flashed my router with Openwrt. I’m trying to do the same thing. I was under the impression I had to establish VLANs.

]]> By: admin https://blog.sergem.net/jailing-iot-devices-with-openwrt/#comment-435 Sun, 03 Nov 2019 18:22:00 +0000 http://blog.sergem.net/?p=238#comment-435 In reply to Alex.

Whoa, that very impressive! I am driving feed events from RPI W using optical coupling to the “Set” button.

]]> By: Alex https://blog.sergem.net/jailing-iot-devices-with-openwrt/#comment-434 Sat, 02 Nov 2019 22:28:59 +0000 http://blog.sergem.net/?p=238#comment-434 Work goes on, two viable options https://github.com/yuriizubkov/petwant-device

]]> By: admin https://blog.sergem.net/jailing-iot-devices-with-openwrt/#comment-312 Fri, 05 May 2017 21:27:42 +0000 http://blog.sergem.net/?p=238#comment-312 In reply to David.

David, in my case the phone is talking to their servers, so I have to let the feeder talk to whatever it wants (the list of servers change), while not allowing it to see anything in my LAN and clamping on DDoS potential. I thought separate low-speed Internet access was the best. Can’t see video from the feeder in my current config, though, too slow 🙁

]]> By: David https://blog.sergem.net/jailing-iot-devices-with-openwrt/#comment-310 Sun, 30 Apr 2017 10:56:41 +0000 http://blog.sergem.net/?p=238#comment-310 I can see why you are worried about hardware that delegates all those tasks to supposedly trustworthy parties. I don’t allow any internet access to the tv and have my own player for watching videos.
It seems that you could block all but authorized communications from one mac address to permitted ip using openwrt software. Having one or more separate networks does give a lot of control over potential hacking.
I think the nice solution might also be to operate your own vpn that your phone connects to, then access the devices ‘locally’ from that. This could be a problem with complex server side relays from the manufacturer though and is a good reason to prefer open source products.

]]>