My ISP allocates dynamical IP-addresses, this implies that your IP and the location of your IP-address might change after: network maintenance or modem restart. When you use your own router and have set your ISP modem in bridge mode, the IP allocation change is determined by the lease-time you have set in your router.
I use parental control to disable our WIFI every night from 02.00 to 06.00 and I reboot my own router daily at 05.00. Because I also set a 23 (yes 23 :- ) ) hour lease time in our 5 GHz network. This dynamic IP allocation mechanisme of my router changes my IP and location often. I notice my IP address and location switches every 1 or 2 days (usually the three large hubs Utrecht, Amsterm and Arnhem, but occasionally also one of the sub-hubs in their Giga-network like Groningen, which is 200 km from where I live).
So my tip is: check whether your ISP also uses dynamic IP allocation and where there network hubs are located. When you use the router/modem of your ISP, check whether you can set the lease time (usually located in the DHCP settings). This could be an easy way make IP-based tracking a little more complicated for advertising networks.
Reason for weird looking practice of disabling WIFI and rebooting daily.
I adopted this odd looking practice, because we had some script kiddies in our neighborhood which were sniffing WIFI. My previous neighbour was a security expert and he said he had noticed attacks. He explained a lot to me bout router settings and how to harden your router. He also told me that most home router protections can be circumvented by a pro with right tools and enough time, but for most script kiddies applying a few counter measures raises a big hurdle.
These are probably open door advice for seasoned MT-members, but this is what I wrote down
I use parental control to disable our WIFI every night from 02.00 to 06.00 and I reboot my own router daily at 05.00. Because I also set a 23 (yes 23 :- ) ) hour lease time in our 5 GHz network. This dynamic IP allocation mechanisme of my router changes my IP and location often. I notice my IP address and location switches every 1 or 2 days (usually the three large hubs Utrecht, Amsterm and Arnhem, but occasionally also one of the sub-hubs in their Giga-network like Groningen, which is 200 km from where I live).
So my tip is: check whether your ISP also uses dynamic IP allocation and where there network hubs are located. When you use the router/modem of your ISP, check whether you can set the lease time (usually located in the DHCP settings). This could be an easy way make IP-based tracking a little more complicated for advertising networks.
Reason for weird looking practice of disabling WIFI and rebooting daily.
I adopted this odd looking practice, because we had some script kiddies in our neighborhood which were sniffing WIFI. My previous neighbour was a security expert and he said he had noticed attacks. He explained a lot to me bout router settings and how to harden your router. He also told me that most home router protections can be circumvented by a pro with right tools and enough time, but for most script kiddies applying a few counter measures raises a big hurdle.
These are probably open door advice for seasoned MT-members, but this is what I wrote down
- Use the longest pass phrases possible
Reason: they are easy to remember and require a bit more effort/time to crack. - Use different passphrases for admin
Reason: some people forget setting admin passwords, so setting it and using a different one than the WIFI passwords is good practice - Use the latest encryption/security protocols
Reason: latest versions are usually also the most secure versions - Check whether firewall is enabled.
Reason: Firewall is not always enabled by default. Some router's require explicit enabling of SPI-firewall for IPv6 - After you have set everything to your wishes, it is best practice to disable stuff you don't need
Reason: things making usage or support easier are also often used to get in (easier), e.g. disable remote support, UPnP and WPS, google for more for your router). Modern routers have an (HTTPS) internet portal to set things up, because everything is encrypted that is safe to use via WIFI. - Use your WIFI guest network for IOT devices.
Reason, most vendors apply network partitioning in the quest network. Network partitioning means (in my layman's language) that the devices in that network can't see each other. Second measure you should take is to reduce the lease time to a maximum of 24 hours. - Use parental control to take down the WIFI network when you normally don't use it (e.g. from 02.00 to 06.00 in our situation).
Reason: Most script kiddies are teenagers and young adults and tend to increase their activities during holidays, weekends and late might hours. It also gives you more time to change the settings (using a cable, not WIFI) after you suspect being attacked. I also reboot the router at 05.00 daily.
MT-member @Parkinsond mentioned that it might shorten life expectancy of your router. I guess my former neighbor being a security expert set it so high, because my router has an auto firmware update function, which is only applied after reboot. So rebooting every day ensures the firmware updates are applied as soon as possible. - Use the email notification option of your router and set the notification level not to low or high.
Reason: get automated notifications when something might go wrong. My router has 8 notification levels and I have set it to level 5 (critical). - Never login directly to your router's IP using WIFI
Reason: When you enter the IP address of your router, it is accessed via un-encrypted HTTP protocol, meaning anyone sniffing your WIFI network will see your admin password. - Optional counter measure: use different SSID's and limit internal IP-range,
Reason: Although using one SSID for all your networks is easy, using different networks has some security and performance advantages.
Use your 2.4 Ghz network for your WIFI-printer and Mobile phones. The mobile phones and WIFI printer benefit from the larger range and signal strength of the 2.4 Ghz channel. Because most smart phones randomize MAC's for privacy. using enhanced security features like MAC-IP binding is impossible. A
Use your 5 Ghz network for your PC's. This allows you use the advanced security features of your router (e.g. MAC IP binding) and prevents gaming PC's using the faster networks because the signal strenght of the 2.4 GHZ is stronger.
Using smaller subnet masks (limiting internal IP-range) makes performance optimization easier for your build in QoS features (e.g prioritize certain devices or gaming or streaming) and reducing the DHCP pool also has a (low) security benefit (attack reduction).
Last edited:
