Your Choice for Router in 2023

OVERKILL said:
On your "electronics being more vulnerable" posit, the problem is that none of those things are directly facing the internet, they are behind the consumer gateway. This is why it's always prudent to turn off services that automatically forward ports, like UPNP for example, so that you don't have anything behind the perimeter exposed. .
Click to expand...
I was wondering about that, as I was posting, exactly what you said. Makes sense.
I’m pretty sure, yet, it’s been a while, I have UPnP turned off as well. As anything else I read on the Internet that does me no good.

I’ll double check I do look forward to a new router for the purpose of a better UI, just for fun as the MR 2600 is ridiculously simple.
Thanks for your post and just keep in mind I’m a normal consumer and although I think informed by no means, am I close to Prosumer
 
alarmguy said:
I do think we are at a level now that it's becoming overkill (no pun intended*LOL*) for someone with residential service.
Click to expand...
What's overkill? Threats are becoming more and more sophisticated, many of these exploit scans can be automated with AI and as the 3rd world gets greater access to technology, we'll see an increase in the number of threat actors with nothing to lose and everything to gain emerging, like we've already seen with India and Nigeria for example.

The threat landscape is becoming more treacherous, not less, there is nothing in the consumer space that could be considered "overkill" from a security standpoint, it's effectively all the same OS (Linux with BusyBox) with varying levels of after sales support in terms of upgrades and vulnerability/exploit patching.

As @Rand was alluding to, typically a consumer's gear getting pwn3d isn't targeted. While by far the most common MOC is phishing, there are botnets out there scanning for vulnerabilities around the clock and if your poop ticket link has an unpatched web-side exploit that allows root and someone turns it into a bot, you would likely not even be aware of it.
 
OVERKILL said:
What's overkill? Threats are becoming more and more sophisticated, many of these exploit scans can be automated with AI and as the 3rd world gets greater access to technology, we'll see an increase in the number of threat actors with nothing to lose and everything to gain emerging, like we've already seen with India and Nigeria for example.

The threat landscape is becoming more treacherous, not less, there is nothing in the consumer space that could be considered "overkill" from a security standpoint, it's effectively all the same OS (Linux with BusyBox) with varying levels of after sales support in terms of upgrades and vulnerability/exploit patching.

As @Rand was alluding to, typically a consumer's gear getting pwn3d isn't targeted. While by far the most common MOC is phishing, there are botnets out there scanning for vulnerabilities around the clock and if your poop ticket link has an unpatched web-side exploit that allows root and someone turns it into a bot, you would likely not even be aware of it.
Click to expand...
Overkill was a statement to mean that the routers themselves are capable of delivering the WiFi speed your Internet provider gives a typical homeowner, pretty much to say they can keep up with the demands of a home user.
So, for me, with the above said, a major concern is being able to deliver that throughout the home, and the immediate outside walls of the home for Wi-Fi cameras.
Paying a higher price for a consumer grade router, doesn’t always translate into flawless range performance that at times some midgrade routers can
 
alarmguy said:
Overkill was a statement to mean that the routers themselves are capable of delivering the WiFi speed your Internet provider gives a typical homeowner, pretty much to say they can keep up with the demands of a home user.
So, for me, with the above said, a major concern is being able to deliver that throughout the home, and the immediate outside walls of the home for Wi-Fi cameras.
Paying a higher price for a consumer grade router, doesn’t always translate into flawless range performance that at times some midgrade routers can
Click to expand...
Ahhh, OK, so you are just talking about wireless range.
 
So is there an easy answer to this for 2024? I've read through the thread and have done some shopping and now I'm even more lost.

My ancient D-Link needs to be replaced as the firmware is years old at this point. It's a relatively basic wireless AC router so I only need something similar but everything out there has so many bells and whistles that I'm getting lost. I work in IT and I'm pretty savvy, but modern wi-fi specs and router/gateway technology has left me behind.

We live in an apartment. We have a few computers, a few Roku TVs, a few game consoles, and a few phones/pads. No more than 3-4 of them total ever using the Internet at the same time. The biggest bandwidth consumer is probably the main TV streaming YouTube and whatenot, and that's doing it over wire and not wi-fi.

I want the Mustang LX of routers. The Glock 19 of routers. Something no frills that just works. The go-to, works for pretty much anyone router when people ask, 'What router should I get?' I just want simple function and solid and reliable. I want to set it up and forget it. I don't want to have to use monitoring apps on my phone or need to pay for monthly subscriptions for protection. And having it not look like something designed by H.R. Giger would be nice. Does anything like that even exist?

The simplicity (of the interface at least) and capability of the UniFi Dream Router is intriguing, and it's not ugly which helps a lot, but using it supposedly requires an account so it's always in touch with the UniFi mothership which I'm not a fan of, or any other router that would do the same thing. It just seems very wrong for a device that's designed to protect your personal security requires monitoring by a 3rd party to function.

Am I asking too much for this in 2024? Should I just rent a cable modem/router combo from my ISP and forget it?
 
Bottom_Feeder said:
So is there an easy answer to this for 2024? I've read through the thread and have done some shopping and now I'm even more lost.

My ancient D-Link needs to be replaced as the firmware is years old at this point. It's a relatively basic wireless AC router so I only need something similar but everything out there has so many bells and whistles that I'm getting lost. I work in IT and I'm pretty savvy, but modern wi-fi specs and router/gateway technology has left me behind.

We live in an apartment. We have a few computers, a few Roku TVs, a few game consoles, and a few phones/pads. No more than 3-4 of them total ever using the Internet at the same time. The biggest bandwidth consumer is probably the main TV streaming YouTube and whatenot, and that's doing it over wire and not wi-fi.

I want the Mustang LX of routers. The Glock 19 of routers. Something no frills that just works. The go-to, works for pretty much anyone router when people ask, 'What router should I get?' I just want simple function and solid and reliable. I want to set it up and forget it. I don't want to have to use monitoring apps on my phone or need to pay for monthly subscriptions for protection. And having it not look like something designed by H.R. Giger would be nice. Does anything like that even exist?

The simplicity (of the interface at least) and capability of the UniFi Dream Router is intriguing, and it's not ugly which helps a lot, but using it supposedly requires an account so it's always in touch with the UniFi mothership which I'm not a fan of, or any other router that would do the same thing. It just seems very wrong for a device that's designed to protect your personal security requires monitoring by a 3rd party to function.

Am I asking too much for this in 2024? Should I just rent a cable modem/router combo from my ISP and forget it?
Click to expand...
I'd recommend the Unifi unit, if you are concerned about them having your e-mail address, just make a Gmail burner account.
 
@Bottom_Feeder
Why not this?
Read the reviews, you don’t have to give up your information either.
www.techgearlab.com

TP-Link Archer AX55 (AX3000) Review

The TP-Link Archer AX55 is one of the best all-around performing WiFi routers we tested, with just a few areas for improvement. While it may not outperform...
www.techgearlab.com www.techgearlab.com

www.forbes.com

TP-Link Archer AX55 Wi-Fi 6 Router Is A Great Way To Boost A Network

Upgrading your home wireless network to Wi-Fi 6 has many advantages and will ensure you can handle more devices and stream more data at higher speeds.
www.forbes.com www.forbes.com
 
alarmguy said:
@Bottom_Feeder
Why not this?
Read the reviews, you don’t have to give up your information either.
www.techgearlab.com

TP-Link Archer AX55 (AX3000) Review

The TP-Link Archer AX55 is one of the best all-around performing WiFi routers we tested, with just a few areas for improvement. While it may not outperform...
www.techgearlab.com www.techgearlab.com

www.forbes.com

TP-Link Archer AX55 Wi-Fi 6 Router Is A Great Way To Boost A Network

Upgrading your home wireless network to Wi-Fi 6 has many advantages and will ensure you can handle more devices and stream more data at higher speeds.
www.forbes.com www.forbes.com
Click to expand...
Probably a bit expensive to put in the skeet launcher and smack with some #12, but that's about the only thing I'd use those for.
 
When your router has Chinese firmware its no surprise that chinese hackers pown it constantly
"Highlights. Check Point Research (CPR) exposes a malicious firmware implant for TP-Link routers which allowed attackers to gain full control of infected devices and access compromised networks while evading detection. CPR attributes the attacks to a Chinese state-sponsored APT group dubbed “Camaro Dragon”"

Personally I dont want my devices or computers part of a botnet spreading misery across the internet. ;)
I also like my bank accounts and their contents to remain my own.
 
OVERKILL said:
I'd recommend the Unifi unit, if you are concerned about them having your e-mail address, just make a Gmail burner account.
Click to expand...
Not at all. Unless I misunderstood the article I read about it, the UniFi Dream Router needs to be somehow activated on, logged in to, and always connected to UniFi's system over the Internet in order for its security features to function. I could be (and hopefully am) entirely wrong about that but that's what it sounded like.
 
alarmguy said:
@Bottom_Feeder
Why not this?
Read the reviews, you don’t have to give up your information either.
www.techgearlab.com

TP-Link Archer AX55 (AX3000) Review

The TP-Link Archer AX55 is one of the best all-around performing WiFi routers we tested, with just a few areas for improvement. While it may not outperform...
www.techgearlab.com www.techgearlab.com

www.forbes.com

TP-Link Archer AX55 Wi-Fi 6 Router Is A Great Way To Boost A Network

Upgrading your home wireless network to Wi-Fi 6 has many advantages and will ensure you can handle more devices and stream more data at higher speeds.
www.forbes.com www.forbes.com
Click to expand...
I appreciate that, thank you. But Overkill and Rand have scared me away. :(
 
Bottom_Feeder said:
I appreciate that, thank you. But Overkill and Rand have scared me away. :(
Click to expand...
I understand, you could spend as much as you want. Just keep in mind all these namebrand routers that some may not like for example TP link has hundreds of millions of them sold.
I don’t think you or I would be a target for some high-end sophisticated invasion into our home network.
Actually, any sophisticated high-end operation can get into any network, including heads of state.
Same goes for Netgear, or any other major brand that you would buy in Best Buy or get from your Internet company.
One thing for sure, the more popular router brand, I believe the more it will get scrutinized and any flaws exposed.

I want to stress, all good, go with your comfort level. Just keep in mind I saw someone like yourself or in your family as a much greater chance of going to a rogue website, opening a rogue, web link, downloading a rogue file that someone compromising your router is my feeling
 
alarmguy said:
I understand, you could spend as much as you want. Just keep in mind all these namebrand routers that some may not like for example TP link has hundreds of millions of them sold.
I don’t think you or I would be a target for some high-end sophisticated invasion into our home network.
Actually, any sophisticated high-end operation can get into any network, including heads of state.
Same goes for Netgear, or any other major brand that you would buy in Best Buy or get from your Internet company.
One thing for sure, the more popular router brand, I believe the more it will get scrutinized and any flaws exposed.

I want to stress, all good, go with your comfort level. Just keep in mind I saw someone like yourself or in your family as a much greater chance of going to a rogue website, opening a rogue, web link, downloading a rogue file that someone compromising your router is my feeling
Click to expand...
I personally dont care what anyone buys but you shifted from asking for advice to giving advice in here pretty fast. ;)
 
Bottom_Feeder said:
Not at all. Unless I misunderstood the article I read about it, the UniFi Dream Router needs to be somehow activated on, logged in to, and always connected to UniFi's system over the Internet in order for its security features to function. I could be (and hopefully am) entirely wrong about that but that's what it sounded like.
Click to expand...
It connects to their system to get updates (firmware). When you first provision the device, it's associated with your Unifi account (hence the burner gmail suggestion) so that you can manage it either locally or remotely. With everything going "cloud", this is an appeal to that crowd. Everything else is on-device. It runs their own version of Linux, which is updated regularly.

It's a "platform" approach like Cisco's Meraki products, but without the subscription cost.
 
OVERKILL said:
It connects to their system to get updates (firmware). When you first provision the device, it's associated with your Unifi account (hence the burner gmail suggestion) so that you can manage it either locally or remotely. With everything going "cloud", this is an appeal to that crowd. Everything else is on-device. It runs their own version of Linux, which is updated regularly.

It's a "platform" approach like Cisco's Meraki products, but without the subscription cost.
Click to expand...
Good info. Thanks!
 
alarmguy said:
I understand, you could spend as much as you want. Just keep in mind all these namebrand routers that some may not like for example TP link has hundreds of millions of them sold.
I don’t think you or I would be a target for some high-end sophisticated invasion into our home network.
Actually, any sophisticated high-end operation can get into any network, including heads of state.
Same goes for Netgear, or any other major brand that you would buy in Best Buy or get from your Internet company.
One thing for sure, the more popular router brand, I believe the more it will get scrutinized and any flaws exposed.
Click to expand...
Despite my attempts to explain this plainly, you seem to continue to miss the point 🤷‍♂️

Nobody is SPECIFICALLY targeting you, alarmguy, and your Toilet Paper Link. What happens is that botnets scan various public subnets/blocks looking for vulnerable hosts. When those hosts are discovered, the exploits are automatically run against the system to infiltrate it, typically gaining root access to the device. From there, they can do all manner of things, all automated. The most typical is adding your device to the botnet itself, logging it into an IRC channel from which it will then receive commands. They aren't necessarily interested in YOUR traffic (though that's not outside the realm of possibility), they are adding to bots, which they can then use to target other, high value targets, even using you as a proxy through which to wage a cyberattack.

Some of these scripts can also do things like change your router's DNS settings for example, so that your queries go somewhere other than where originally destined. These can be extremely sophisticated schemes, even employing certificate swap outs or forgeries to make it look like the sites are totally legit (I've seen one of these in the wild that was able to capture banking info by redirecting the traffic to a site that looked like the bank site, with a valid SSL certificate and everything). They could also take advantage of the tendency for a lot of home users to use VPN's, but redirecting "IMtahl33tpwn4g3vpnu53r.com" to a different server to capture the credentials for example. They could then use your VPN account to further obfuscate their own traffic, or route bots through that channel.

This isn't some kid in China sitting there going like "that alarmguy character, I think he's a worthwhile target, I better put some effort into trying to hax0r teh gibson on him!" It's bots doing it, probing for vulnerable hosts using a list of known exploits.
 
OVERKILL said:
Despite my attempts to explain this plainly, you seem to continue to miss the point 🤷‍♂️

Nobody is SPECIFICALLY targeting you, alarmguy, and your Toilet Paper Link. What happens is that botnets scan various public subnets/blocks looking for vulnerable hosts. When those hosts are discovered, the exploits are automatically run against the system to infiltrate it, typically gaining root access to the device. From there, they can do all manner of things, all automated. The most typical is adding your device to the botnet itself, logging it into an IRC channel from which it will then receive commands. They aren't necessarily interested in YOUR traffic (though that's not outside the realm of possibility), they are adding to bots, which they can then use to target other, high value targets, even using you as a proxy through which to wage a cyberattack.

Some of these scripts can also do things like change your router's DNS settings for example, so that your queries go somewhere other than where originally destined. These can be extremely sophisticated schemes, even employing certificate swap outs or forgeries to make it look like the sites are totally legit (I've seen one of these in the wild that was able to capture banking info by redirecting the traffic to a site that looked like the bank site, with a valid SSL certificate and everything). They could also take advantage of the tendency for a lot of home users to use VPN's, but redirecting "IMtahl33tpwn4g3vpnu53r.com" to a different server to capture the credentials for example. They could then use your VPN account to further obfuscate their own traffic, or route bots through that channel.

This isn't some kid in China sitting there going like "that alarmguy character, I think he's a worthwhile target, I better put some effort into trying to hax0r teh gibson on him!" It's bots doing it, probing for vulnerable hosts using a list of known exploits.
Click to expand...
I understand all this just so you know. What I am saying is there are hundreds of millions if not more typical consumer routers in American homes bought in places like Walmart and Best Buy, TP link is just one of them. There is also Netgear Linksys and to some degree Asus … out of all these brands TPLink is no worse or better. So my attitude is more or less pick your poison.
I’ll always be running a relatively recent router versus the tens of millions older ones that are much more susceptible for those who fear an issue.

I’m not concerned other than to have a relatively recent router and I do believe the more popular brands and models will have issues discovered much more rapidly than lesser sold models.
But then again, I ride a motorcycle too 🤗

I have no problem if somebody wants a prosumer as you call it device. Those devices are very limited.
 
Last edited:

Ruckus r610

I have a ruckus r610 access point ordered from eBay. I'm going to connect it to a amcrest poe switch and opnsense running on a Dell optiplex. I plan on running unleashed on the AP. Anyone have comments on ruckus equipment?
bobistheoilguy.com

I posted this a while back. I am still very pleased with this setup. I highly recommend anyone that is interested in computers to give one of the firewall distributions a try. There's a bit of a learning curve, however I feel it's worthwhile.
The ability to add a vpn server and create vlans is icing on the cake.
 
You must log in or register to reply here.

Similar threads

Y
VPN for iOS devices when traveling overseas: how hard and is it necessary?
2
Replies
28
Views
605
Merek
Brons2
Ubiquiti AP firmware - any recommendations?
Replies
11
Views
790
Rand
PandaBear
Upgrading from Oculus Go to Meta Quest2, prep work and any recommendation?
Replies
2
Views
111
PandaBear
benjamming
New Laptop Upgrade Options
2
Replies
26
Views
1K
KrisZ
J
Wireless router for large house recomendations
2 3
Replies
41
Views
2K
OVERKILL
Back
Top