US targets TP-Link with a potential ban on the Chinese routers

Topic

New Reply

https://www.theverge.com/2024/12/18/24324140/tp-link-us-investigation-ban-chinese-routers

TP-link is reportedly being investigated over national security concerns linked to vulnerabilities in its very popular routers…

* TP-Link, has roughly 65% of the U.S. market for routers for homes and small businesses (WSJ).

Microsoft report : Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

..Microsoft tracks a network of compromised small office and home office (SOHO) routers as CovertNetwork-1658. SOHO routers manufactured by TP-Link make up most of this network. Microsoft uses “CovertNetwork” to refer to a collection of egress IPs consisting of compromised or leased devices that may be used by one or more threat actors…

3 users thanked author for this post.

Nibbled To Death By Ducks, Mr. Austin, Cybertooth

Reply | Quote

Replies

So let’s ban TP-Link routers and encourage a US company to manufacture them.  Do we really think this will happen??  BTW, I have a top end TP-Link WiFi router and the two desktop PCs have TP-Link antenna/receivers.

Reply | Quote

I had a TP-Link router for a couple of years, and felt it worked well. But as time went on, I became more and more uneasy (on my own, no governmental influence) and decided to get rid of the TP-Link router and buy from a US based company. I had used NetGear in the past and decided on one that works fine with all the usual options for setup etc. The one thing it does not do, which the TP-Link did, was tell me how much traffic is coming from each of my connected devices. Since Cox Cable has initiated a data limit, it would be very useful to know how much is coming from my security cameras versus what TV is streaming, or what is being downloaded on my computer etc.

My question is, and I couldn’t find a thread for this, are there any recommendations for US based routers etc. from people who have faced a similar experience. It would be most helpful I would think to get some opinions and facts in this area to enhance all of our security investments.

Appreciate any feedback!

2 users thanked author for this post.

Steve, Cybertooth

Reply | Quote

agoldhammer wrote:

I have a top end TP-Link WiFi router and the two desktop PCs have TP-Link antenna/receivers

Are you sure these are not bootnetted by Chinese hackers ?

I use a TP-Link 5 ports network switch.

Reply | Quote

Interesting, that. In addition to client-machine based software firewalls, I’ve been using a TP-Link Omada wired firewall router for a couple of years. In addition, I would trust exactly nothing the US government does at ‘face value’. “We’re from the government, and we’re here to help” is oxymoronic hyperbole.

The Warner Bros. cartoon character, Foghorn Leghorn came to mind. His stentorian style of speaking was (in the 1990s) said to be patterned after a US senator of that era. But here’s a ‘newer’ article which seems closer to the truth, by Jerry Beck. Once-upon-a-time my (then) wife and I knew and worked with people who included Mr. Beck, Chuck Jones, Linda Jones, Noel Blanc (Mel’s son), and Ruth Clampett (Bob’s daughter).

Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

2 users thanked author for this post.

Steve, Cybertooth

Reply | Quote

I would test your router to see if it appears compromised.

Go to the GRC website and load the Shields Up! page.
Click “Proceed”.
In the grey box in the middle of the screen enter this: 7777,11288
Click the “User Specified Custom Port Probe” button.
Hopefully you will get the Passed stamp.

Now click back and then the “All Service Ports” button.
Passed is the correct answer.

Then log into your router and make sure external access is disabled.

cheers, Paul

Reply | Quote

Paul T wrote:

In the grey box in the middle of the screen enter this: 7777,11288 Click the “User Specified Custom Port Probe” button. Hopefully you will get the Passed stamp. Now click back and then the “All Service Ports” button. Passed is the correct answer.

There’s been a lot of discussion about “ping” lately-low, medium and high levels. One quarter says that Ping is necessary in this day and age, just try to keep it at a low level, turning it off will cause more headaches than it will solve. Older ethos dictate that you should not respond to a Ping at all.

Even with low-level Ping enabled, Gibson/Shields up will flunk you, even with all ports showing Stealth.

Am interested in your perspective on this.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

Why would I need my system to be pingable?
Ping makes sense for a server, not the client.

cheers, Paul

Reply | Quote

Paul T wrote:

Why would I need my system to be pingable? Ping makes sense for a server, not the client.

Why?

Networking was never one of the fully-woven parts of my IT carpet.

Could you expand on that a bit more, please? Those of stuck with ISP-issued routers would be grateful.

 

 

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

Sorry, that was a bit too terse.

Ping is a simple test to see if devices are available on the network.

A server needs to be available all the time so clients can access its resources.
The only time a client needs to be available is if you run some sort of automated remote process, like backup or software installation – these are common in business, not in SOHO /  home.

Using ping to see if servers are available makes sense because you may need to do something if they’re not. Testing if a client is available is probably a waste of time in all but a few specialised scenarios.

cheers, Paul

1 user thanked author for this post.

Nibbled To Death By Ducks

Reply | Quote

Paul T wrote:

Sorry, that was a bit too terse.

Ping is a simple test to see if devices are available on the network.

A server needs to be available all the time so clients can access its resources.
The only time a client needs to be available is if you run some sort of automated remote process, like backup or software installation – these are common in business, not in SOHO /  home.

Using ping to see if servers are available makes sense because you may need to do something if they’re not. Testing if a client is available is probably a waste of time in all but a few specialised scenarios.

cheers, Paul

Thanks for filling that out!

It may be more prevalent than you think. Spectrum regularly slides firmware updates down the pipe to their routers. Could this be the case for low-level ping enabling?

Spectrum also now has a list of WiFi routers that will work with their system, and  my former favorite brand, Linksys ain’t on it!  (https://www.bestbuy.com/site/shop/spectrum-compatible-routers)

Question 1: Is this a valid list, or is Spectrum just trying to hook you in to THEIR router for the monthly cabbage it gets?

2: The reason I want to use Linksys is that one can use DD-WRT with it. But then, I hear one can flash that on to any non-mesh router, right?

3. Big one: This Spectrum-supplied router supports WIFI 6, and according to some people, you can’t use DD-WRT on WIFI 6. Huh?

4. Am I making any sense? (Probably not)

If we should move this to the Networking forum, let me know.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

Nibbled To Death By Ducks wrote:

Spectrum also now has a list of WiFi routers that will work with their system, and my former favorite brand, Linksys ain’t on it!

The Authorized Retail Modems section of Spectrum’s Using Your Own Equipment on Our Network page shows the Linksys CG7500 is certified for use with their system. The problem with your Best Buy link is they don’t sell it!

Also, if you use a Spectrum provided non-WiFi cable modem, you can attach pretty much any WiFi router to it and it’ll work just fine because, as far as Spectrum’s cable modem can determine, it’s simply an ethernet connected device.

Until I switched ISP’s to Google fiber, I used my Linksys WRT1200AC with a Spectrum non-WiFi cable modem with absolutely no problems. And once Google Fiber updated their local network, I was even able to bypass their fiber router and connect the Linksys directly to the fiber wall jack via ethernet!

1 user thanked author for this post.

Nibbled To Death By Ducks

Reply | Quote

Nibbled To Death By Ducks wrote:

according to some people, you can’t use DD-WRT on WIFI 6

Probably lack of hardware support from DD-WRT – not really surprising.
OpenWRT may be an option – even have their own router.

cheers, Paul

1 user thanked author for this post.

Nibbled To Death By Ducks

Reply | Quote

Paul T wrote:

Probably lack of hardware support from DD-WRT – not really surprising. OpenWRT may be an option – even have their own router.

Thanks for the referral. Ah, yes, I see four listed that have decent CPU’s (Qualcomm-I hate Mediatek anything):

https://openwrt.org/toh/views/toh_available_16128_ax-wifi

Problem there is that I don’t think any of the four are “Compatible with Spectrum” According to, naturally, Spectrum. I also can’t find any of the four on Amazon or Best Buy. Have to do some digging. Question:

If I DO locate one of the four and they’re in my range  ($100+-10%), will they still work with the Spectrum System and modem I already have?

I just smell a Spectrum Marketing/blackmail plot here.  Maybe not. Things have gotten a LOT more complicated since 2010! :\

More work ahead.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

n0ads wrote:

The Authorized Retail Modems section of Spectrum’s Using Your Own Equipment on Our Network page shows the Linksys CG7500 is certified for use with their system. The problem with your Best Buy link is they don’t sell it!

Yeah, but look at the price on Amazon!! I mean, I haven’t bought a router in years, but $200 including tax? Gad. My old Linksys DD-WRT was $75 in 2010, and $200 is in excess of inflation by 100%! No way. (Unless Spectrum only approves the high-priced stuff in order to keep you on their heroin-drip rented routers.)

n0ads wrote:

Nibbled To Death By Ducks wrote:

Spectrum also now has a list of WiFi routers that will work with their system, and my former favorite brand, Linksys ain’t on it!

The Authorized Retail Modems section of Spectrum’s Using Your Own Equipment on Our Network page shows the Linksys CG7500 is certified for use with their system. The problem with your Best Buy link is they don’t sell it!

Also, if you use a Spectrum provided non-WiFi cable modem, you can attach pretty much any WiFi router to it and it’ll work just fine because, as far as Spectrum’s cable modem can determine, it’s simply an ethernet connected device.

Until I switched ISP’s to Google fiber, I used my Linksys WRT1200AC with a Spectrum non-WiFi cable modem with absolutely no problems. And once Google Fiber updated their local network, I was even able to bypass their fiber router and connect the Linksys directly to the fiber wall jack via ethernet!

OK, now I’m replacing BOTH modem AND router. $$$$! I’m a senior on a fixed income, and I have to watch it. Not an option.

What started this whole thing out was that their crummy rented WIFI 6 router keeps dropping WIFI calling on BOTH phones in the house. (Brand new in November-$$$+prepaid Mint 6 months-$$$=skinny Xmas!) I’m sick of rebooting phones and the router to fix it.

The saga continues.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

Charlie

Reply | Quote

You have my sympathies, I’m a retired senior and I don’t like what things are and have been costing, and I’m certainly not looking forward to what’s coming!!   Yes indeed, the drains and pipes are really stopped up.

 

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

1 user thanked author for this post.

Nibbled To Death By Ducks

Reply | Quote

Nibbled To Death By Ducks wrote:

OK, now I’m replacing BOTH modem AND router.

No, you’d still use the Spectrum provided cable modem.

Just disable the Spectrum cable modem’s WiFi and purchase/use a more reliable 3rd party WiFi router!

My Uncle also uses Spectrum and bought a Netgear WiFi router from his local Best Buy for <$100, disabled the Spectrum RAC2V1S’s WiFi, and used an ethernet cable to connect the Netgear to the Spectrum cable modem.

His WiFi is totally reliable now and even allows his family’s cell phones to surf & make phone calls using the WiFi connection!

1 user thanked author for this post.

Paul T

Reply | Quote