Question Archer C6 v4 Router

[Deleted member 2966688]

Hey guys I have 2 question. After beating with AI and not coming to good answer I thought humans can also help. On the security section of the router from the title there is Firewall. On or off if you only use Android devices and Ios. Never download anything from 3rd party stores. or jailbreak devices.

2 question. All devices on the network seem to have the same public ip address. Google says it's normal however if someone else comes into your house and logs in to facebook. facebook will probably shadow link their profile with yours. Is it possible to configure the router in such a way every device has it's own public ip? like disabling nat boost or something tnx

 

[bill001g]

Firewalls on consumer routers are pretty much just a marketing checkmark they do very little.

1st nothing can get into your network even on the simplest router. The NAT function mostly because it is stupid does not know which internal machine to send unknown traffic coming from the internet to so it just discards it.

Next almost every other feature firewall used to do no longer work. You will see them talking about "deep packet inspection". That is a relic from the past before snowden relieved the government was "inspecting" every ones data. That is why everything is now encrypted by HTTPS.

What this means is the firewall can not see what you are actually doing. If you use encrypted DNS it can't even see the site names. That leaves IP address but even those mean little on many sites because of the use of cloud data centers at cloudflare or amazon.

In some cases you are very lucky if you get a single public IP, some ISP do not give them out. Some ISP have business plans that have multiple for a added monthly costs. You need a special router to be able to use multiple public IP.

Facebook and other sites might attempt to track the IP but it since they might be shared by completely different customers, like on cell phones where you normally share public IP, it serves little purpose. So someone sharing your home IP likely doesn't matter. Now there are some stupid game companies that like to try to IP ban but many have learned why that is stupid when the kids then attempt to get every possible IP banned from large cell providers. They end up blocking the idiots and all their real customers who share the same pools of IP.

 

[Deleted member 2966688]

Firewalls on consumer routers are pretty much just a marketing checkmark they do very little.

1st nothing can get into your network even on the simplest router. The NAT function mostly because it is stupid does not know which internal machine to send unknown traffic coming from the internet to so it just discards it.

Next almost every other feature firewall used to do no longer work. You will see them talking about "deep packet inspection". That is a relic from the past before snowden relieved the government was "inspecting" every ones data. That is why everything is now encrypted by HTTPS.

What this means is the firewall can not see what you are actually doing. If you use encrypted DNS it can't even see the site names. That leaves IP address but even those mean little on many sites because of the use of cloud data centers at cloudflare or amazon.

In some cases you are very lucky if you get a single public IP, some ISP do not give them out. Some ISP have business plans that have multiple for a added monthly costs. You need a special router to be able to use multiple public IP.

Facebook and other sites might attempt to track the IP but it since they might be shared by completely different customers, like on cell phones where you normally share public IP, it serves little purpose. So someone sharing your home IP likely doesn't matter. Now there are some stupid game companies that like to try to IP ban but many have learned why that is stupid when the kids then attempt to get every possible IP banned from large cell providers. They end up blocking the idiots and all their real customers who share the same pools of IP.

I swear my previous ISP used to give me different ip for each device. Now you visit find my IP and it gives the same on all devices.

On the firewall though wouldn't most hackers use arp spoofing or ping your device first. Which in this case it might prevent pinging back? If I torrent my ip is probably targeted by bots all the time.

 

[bill001g]

Public IP are in extremely short supply so you are very lucky to even get 1. You see post on this forum all the time where people complain they can't get port forwarding to work and it turns out they do not have a public IP.

Arp is only used on your lan even if you had a fancy lan with multiple ip subnets it can not pass between the subnets. ARP will never pass into the internet.
You have a huge issue if you have hackers on your lan.

Depends on the router many will not respond to ping unless you turn the feature on. Real hackers do not use ping they use other packets to try to determine if some device exists and what type of device it is. But it really doesn't matter as long as you do not port forward all incoming traffic will be dropped by the NAT function with no response.

If someone actually attacks your IP no firewall can fix it. The traffic has already eaten the bandwidth by the time it arrives at your router. You can't prevent the ISP from sending it to your house. All a firewall will do is log it and then discard it just like the NAT. The extra logging function uses CPU so a hacker could try to use up all the cpu by causing more logs. The NAT function is really stupid and runs in hardware and just discards the traffic without even telling the cpu chip it exists.

 

[Deleted member 2966688]

Tplink router's by default have no logging. I'd appreciate it a lot if someone comments who have disabled it before. And had to recover from cyber attack or some other experience. Since getting all of your info stolen is never fun

 

[bill001g]

All modern cyber attacks either use fishing emails or trick you into open some web site. A firewall will not stop that.

A direct attack against your router never will compromise your information. Worst they would prevent you from being able to use your internet connections.