Q&A Router recommendation?

Marko :)

Level 19
Verified
Aug 12, 2015
919
I had 2 devices get on my network that definitely weren't mine about 4 years ago around the time of the Krack disclosure. I guess since then I would say I wouldn't run a network with a router that isn't receiving regular patches due to the rate that vulnerabilities are discovered. Who knows how the outside devices actually got on there. But, you are probably correct that may never happen again, we have since moved.

Edit: for the record the router that was being used at the time was up to date with good security practices. To this day I can't figure out what happened, but they were gone after I nuked the network and used all new passwords.
It's more likely your password was on some wordlist(s) used by someone to brute force your Wi-Fi network. I really don't think it had something to do with this particular security issue.

By the way, I don't know about other vendors, but TP-Link routers when connected to Tether App have ability to warn you every time new, unknown device is connected. So in this event, you would be immediately notified...
 
Last edited:

SumTingWong

Level 26
Verified
Apr 2, 2018
1,565
Hello @SumTingWong

I would recommend this ASUS Router -> RT-AX86U

It is very user friendly and has build in security the other part is you do not need to be a network guru to understand how it works. :)

WiFi6 - Build in Security without a subscription and some advanced features and a forum community to get some advice.

I tried Netgear XR Series of routers with DumaOS and it is very unstable but the Forum Team from NetDuma is super fast and friendly - I myself did use a XR1000 and sent it back because it was unreliable and the security features are subscription based (Netgear Armor = Bitdefender but rebranded for Netgear and has its own roadmap)

Since I come from the IT-Field I reverted back to open-hardware with OPNsense. (Works for me but like mentioned this is for Network Admins or Power Users because you need a fundamental understanding how networking works with IP - Ports - Protocols - NAT)

Best regards
Val.
do you have the asus ai protection turn on? is there anything wrong asus rt ax56u that u have?
Yes, Asus keeps their routers patched up quite well.
But if you like to tinker and have spare low power computer laying around, you could also go with Pfsense or Opnsense route or the other firewall OS makers and have better update support than from regular products, it's just my opinion and the route i plunged. Hope you find your router =)
okay thanks.

@blackice I see you have asus ai protection enable on your asus router, do you experience any slow down in something like streaming video or playing game or using vpn? Is it okay to turn off ai protection without any major downside while keeping firewall on? Does one need asus ai protection at all? Is the ai protection a monthly sub or lifetime? Is Asus ai protection just a gimmick or it actually work in real time?

If I enable asus ai protection, can I just turn off malicious site blocking and leave two-way intrusion prevention system and infected device prevention and blocking enable?
 
Last edited:

SumTingWong

Level 26
Verified
Apr 2, 2018
1,565
Does tp link have good support on their router? And how long is the support? Do tp link router have good security as asus router?
 
  • Like
Reactions: Nevi

blackice

Level 33
Verified
Apr 1, 2019
2,198
It's more likely your password was on some wordlist(s) used by someone to brute force your Wi-Fi network. I really don't think it had something to do with this particular security issue.
I agree it probably wasn’t that issue. But the likelihood of my passphrase being brute forced is pretty low.
 
  • Like
Reactions: venustus and Nevi

blackice

Level 33
Verified
Apr 1, 2019
2,198
do you have the asus ai protection turn on? is there anything wrong asus rt ax56u that u have?

okay thanks.

@blackice I see you have asus ai protection enable on your asus router, do you experience any slow down in something like streaming video or playing game or using vpn? Is it okay to turn off ai protection without any major downside while keeping firewall on? Does one need asus ai protection at all? Is the ai protection a monthly sub or lifetime? Is Asus ai protection just a gimmick or it actually work in real time?

If I enable asus ai protection, can I just turn off malicious site blocking and leave two-way intrusion prevention system and infected device prevention and blocking enable?
I currently don’t have an ASUS router, but when I did the AiProtection had no slowdown. Some people say it has started to slow very fast connections a little bit. I don’t think it would affect streaming and probably not torrents (unless you are downloading at very high speeds). It mostly helps IoT devices, and maybe computers with users that ignore their other security software. It’s fine for someone with good computer hygiene to turn it off.

It used to all be on or off, they may have changed that. Hopefully someone else can tell you.
 
  • Like
Reactions: venustus and Nevi

entropism

Level 2
Jul 30, 2019
57
do you have the asus ai protection turn on? is there anything wrong asus rt ax56u that u have?

okay thanks.

@blackice I see you have asus ai protection enable on your asus router, do you experience any slow down in something like streaming video or playing game or using vpn? Is it okay to turn off ai protection without any major downside while keeping firewall on? Does one need asus ai protection at all? Is the ai protection a monthly sub or lifetime? Is Asus ai protection just a gimmick or it actually work in real time?

If I enable asus ai protection, can I just turn off malicious site blocking and leave two-way intrusion prevention system and infected device prevention and blocking enable?
AI protection is free, and lifetime. The networking forums I use basically came to the conclusion of it not doing anything outside of mining your data for Trend Micro. It doesn't affect performance much, if at all, but if it makes you feel better leaving it on, go right ahead. I personally turned it off. It eats up a small amount of memory, but nothing worth noting.
 
  • Like
Reactions: venustus and Nevi

Marko :)

Level 19
Verified
Aug 12, 2015
919
do you have the asus ai protection turn on? is there anything wrong asus rt ax56u that u have?

okay thanks.

@blackice I see you have asus ai protection enable on your asus router, do you experience any slow down in something like streaming video or playing game or using vpn? Is it okay to turn off ai protection without any major downside while keeping firewall on? Does one need asus ai protection at all? Is the ai protection a monthly sub or lifetime? Is Asus ai protection just a gimmick or it actually work in real time?

If I enable asus ai protection, can I just turn off malicious site blocking and leave two-way intrusion prevention system and infected device prevention and blocking enable?
Honestly, if my model of the router came with such security features, I wouldn't use them because of privacy concern. I've read that visited URLs are sent to Trend Micro and I don't like a bit of that. And, I don't need such protection because all my PCs have uBlock Origin/Windows Defender, and all phones AdGuard installed which blocks ads and malware.

Apparently, it does also use some router's (limited) resources so there's that...
Does tp link have good support on their router? And how long is the support? Do tp link router have good security as asus router?
I didn't need the support so far and if I had a question, it was already answered on their community forum where TP-Link support employees are active. As far as I know, they are fairly responsive and if you encounter any issues with the router, they'll gladly help you and even provide beta FW if that might help you.

Now, since I've got my router (in March I think), there have been two updates; one security related (fixed FragAttacks bugs) and one both, security fixes and bug fixes. I don't know how long it will be supported, but since my router was released this year (I think), I expect at least 3 years of support. As I said, constant updates aren't important to me.

TP-Link routers are reliable and secure. Additional security features (like AI Protection Pro on Asus) depend on model of your router. My Archer AX20 doesn't have something like that (I don't need that, so I didn't get the router which has protection on purpose). Flagship routers have something called HomeCare; it's protection provied by Trend Micro and it's free (same as on Asus). Midrange and cheaper models come with HomeShield which is basically the same, but the protection is provided by Avira. While HomeCare is completely free, HomeShield is only free in basic version and to have maximum protection you'll have to pay some monthly fee.
AI protection is free, and lifetime. The networking forums I use basically came to the conclusion of it not doing anything outside of mining your data for Trend Micro. It doesn't affect performance much, if at all, but if it makes you feel better leaving it on, go right ahead. I personally turned it off. It eats up a small amount of memory, but nothing worth noting.
Worth to keep in mind: Asus, as well as TP-Link have every right to change free lifetime protection anytime.
 

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
576
Honestly, if my model of the router came with such security features, I wouldn't use them because of privacy concern. I've read that visited URLs are sent to Trend Micro and I don't like a bit of that. And, I don't need such protection because all my PCs have uBlock Origin/Windows Defender, and all phones AdGuard installed which blocks ads and malware.

Apparently, it does also use some router's (limited) resources so there's that...

I didn't need the support so far and if I had a question, it was already answered on their community forum where TP-Link support employees are active. As far as I know, they are fairly responsive and if you encounter any issues with the router, they'll gladly help you and even provide beta FW if that might help you.

Now, since I've got my router (in March I think), there have been two updates; one security related (fixed FragAttacks bugs) and one both, security fixes and bug fixes. I don't know how long it will be supported, but since my router was released this year (I think), I expect at least 3 years of support. As I said, constant updates aren't important to me.

TP-Link routers are reliable and secure. Additional security features (like AI Protection Pro on Asus) depend on model of your router. My Archer AX20 doesn't have something like that (I don't need that, so I didn't get the router which has protection on purpose). Flagship routers have something called HomeCare; it's protection provied by Trend Micro and it's free (same as on Asus). Midrange and cheaper models come with HomeShield which is basically the same, but the protection is provided by Avira. While HomeCare is completely free, HomeShield is only free in basic version and to have maximum protection you'll have to pay some monthly fee.

Worth to keep in mind: Asus, as well as TP-Link have every right to change free lifetime protection anytime.
Do keep in mind that these routes can't scan traffic going through port 443. Most malware these days tunnel their traffic through port 443 and is encrypted, apart from that most websites are now https only and does not use port 80. So these protection shields are mostly gimmicky and useless, unless they can intervene and scan encrypted traffic going through port 443. To effectively scan ( which is a kind of man in middle attack) you might need something like " squid" in pfsense.
 

Yanick

Level 1
Jun 14, 2021
27
I had 2 devices get on my network that definitely weren't mine about 4 years ago around the time of the Krack disclosure. I guess since then I would say I wouldn't run a network with a router that isn't receiving regular patches due to the rate that vulnerabilities are discovered. Who knows how the outside devices actually got on there. But, you are probably correct that may never happen again, we have since moved.

Edit: for the record the router that was being used at the time was up to date with good security practices. To this day I can't figure out what happened, but they were gone after I nuked the network and used all new passwords.

Hmm, was it an ISP given device or router that you buyed?

I had similar situation with an ISP provided router that i used in the past, this was device that had updates available from the manufacturer but because it was ISP issued router they had their own update firmware there and backport for administration and updates, open ports. ISP didn't send firmware updates the same speed as the manufacturer released them, so there were plenty of holes in that box.
 

blackice

Level 33
Verified
Apr 1, 2019
2,198
Do keep in mind that these routes can't scan traffic going through port 443. Most malware these days tunnel their traffic through port 443 and is encrypted, apart from that most websites are now https only and does not use port 80. So these protection shields are mostly gimmicky and useless, unless they can intervene and scan encrypted traffic going through port 443. To effectively scan ( which is a kind of man in middle attack) you might need something like " squid" in pfsense.
I don’t believe AiProtection scans anything, it just blacklists IPs and watches for unusual traffic for IoT devices.
 

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,125
I don’t believe AiProtection scans anything, it just blacklists IPs and watches for unusual traffic for IoT devices.
Correct.

The advertisement mentions that it looks for tools hackers use, so it probably also has some Snort like traffic sniffing to complement the unusual traffic monitoring. The advertisement mentions machine learning, but does not explain for which element it is used. AI is pretty good in classifying whether anomalies are sort of similar to known exploit patterns, so I guess it is a combo of snort like network monitoring with AI traffic anomaly detection and an old fashioned IP-blocklist.
 

blackice

Level 33
Verified
Apr 1, 2019
2,198
Hmm, was it an ISP given device or router that you buyed?

I had similar situation with an ISP provided router that i used in the past, this was device that had updates available from the manufacturer but because it was ISP issued router they had their own update firmware there and backport for administration and updates, open ports. ISP didn't send firmware updates the same speed as the manufacturer released them, so there were plenty of holes in that box.
It was an ASUS router with a strong passphrase and was up to date. I think I had a device on the network that had poor security, at least that’s my best guess.
 

SumTingWong

Level 26
Verified
Apr 2, 2018
1,565
I currently don’t have an ASUS router, but when I did the AiProtection had no slowdown. Some people say it has started to slow very fast connections a little bit. I don’t think it would affect streaming and probably not torrents (unless you are downloading at very high speeds). It mostly helps IoT devices, and maybe computers with users that ignore their other security software. It’s fine for someone with good computer hygiene to turn it off.

It used to all be on or off, they may have changed that. Hopefully someone else can tell you.
oh okay
AI protection is free, and lifetime. The networking forums I use basically came to the conclusion of it not doing anything outside of mining your data for Trend Micro. It doesn't affect performance much, if at all, but if it makes you feel better leaving it on, go right ahead. I personally turned it off. It eats up a small amount of memory, but nothing worth noting.
as far I read, the asus ai protection is like router antivirus? Does it lower your security by a lot by leaving this off? Does trend micro still collect your data if you have asus ai protection off?
Honestly, if my model of the router came with such security features, I wouldn't use them because of privacy concern. I've read that visited URLs are sent to Trend Micro and I don't like a bit of that. And, I don't need such protection because all my PCs have uBlock Origin/Windows Defender, and all phones AdGuard installed which blocks ads and malware.

TP-Link routers are reliable and secure. Additional security features (like AI Protection Pro on Asus) depend on model of your router. My Archer AX20 doesn't have something like that (I don't need that, so I didn't get the router which has protection on purpose). Flagship routers have something called HomeCare; it's protection provied by Trend Micro and it's free (same as on Asus). Midrange and cheaper models come with HomeShield which is basically the same, but the protection is provided by Avira. While HomeCare is completely free, HomeShield is only free in basic version and to have maximum protection you'll have to pay some monthly fee.

Worth to keep in mind: Asus, as well as TP-Link have every right to change free lifetime protection anytime.
Does tp link homeshield provided by avira has aggressive privacy policy like asus ai protection provided by trendmicro?

does trend micro still collect your data even you have ai protection off?

Asus or TP-lInk, if you are okay with Chinese company.
i know tp link is chinese company, but asus too? Any american company router though?

To everyone, what do you think of netgear router? How long is the support?
Man, choosing a router is so hard than choosing a phone like for real.
 
Last edited:
  • Like
Reactions: venustus and Yanick

ZeePriest

Level 6
Jul 2, 2020
273
To everyone, netgear router good, long and reliable support?
All of these routers are good including tp-link and Asus. I have both tp-link and asus routers for years and they are both reliable routers. But if I were you, I'd go with the Asus because it has more range than tp-link has. I've watched a youtube video once on which router had the best coverage and guess who was first on the list? yes Asus. The video helped me make up my mind, so I went for Asus and I never regretted buying it.
 

SumTingWong

Level 26
Verified
Apr 2, 2018
1,565
All of these routers are good including tp-link and Asus. I have both tp-link and asus routers for years and they are both reliable routers. But if I were you, I'd go with the Asus because it has more range than tp-link has. I've watched a youtube video once on which router had the best coverage and guess who was first on the list? yes Asus. The video helped me make up my mind, so I went for Asus and I never regretted buying it.
do you remember the youtube video you watch? Any of your router experience overheating or losing speed?
 
Last edited:

blackice

Level 33
Verified
Apr 1, 2019
2,198
Here's how router recommendations work...

1. One can find many websites that list the "top" routers.
2. People repeat those recommendations.
3. At some point later, researchers hack these routers and find vulnerabilities and weaknesses.
4. The OEMs stop firmware support quickly.

That $600 AI top protection "Darth Vader" looking router ends up being a waste of money.
ASUS generally provides 5-10 years of firmware patches. I’ve always replaced mine before the firmware updates stopped. They also work with RMerlin at smallnetbuilderfirum who makes a tremendous custom firmware, they have incorporated multiple changes he’s made into the stock firmware that improve both stability and security.
 
Last edited:

SumTingWong

Level 26
Verified
Apr 2, 2018
1,565
ASUS generally provides 5-10 years of firmware patches. I’ve always replaced mine before the firmware updates stopped. They also work with RMerlin at smallnetbuilderfirum who makes a tremendous custom firmware, they have incorporated multiple changes he’s made into the stock firmware that improve both stability and security.
does your asus router experience overheating, losing speed, and unstable connection, and anything like that?
 

blackice

Level 33
Verified
Apr 1, 2019
2,198
does your asus router experience overheating, losing speed, and unstable connection, and anything like that?
It didn’t, I ran it for about 5 years. And there one before it for about 4. There have been models prone to that, but the most popular models seem to be well designed. If you live in a hot area, or will be stressing the processor for extended periods there are third party cooking solutions. Most people don’t need these.
 
Top