News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • on 20H2 using wifi for internet – GRC says vulnerable

    Home Forums AskWoody support Windows Windows 10 Questions: Win10 on 20H2 using wifi for internet – GRC says vulnerable

    • This topic has 23 replies, 3 voices, and was last updated 1 month ago.
    Viewing 24 reply threads
    • Author
      Posts
      • #2316641
        krism
        AskWoody Plus

        testing

        pulled the rj45 and logged in through a building wifi which comes from comcast business.

        I just checked it with GRC and 80 and 443 are open – apparently these were being blocked when I go through a router, but not here. How can I add that protection?

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

      • #2316648
        anonymous
        Guest

        if it’s public wifi, you don’t have much choice wthout settings access to the router.
        Using a VPN are we? That may also be what your seeing via GRC (not your real IP)
        try a different building? :)/

      • #2316659
        krism
        AskWoody Plus

        if it’s public wifi, you don’t have much choice wthout settings access to the router.
        Using a VPN are we? That may also be what your seeing via GRC (not your real IP)
        try a different building? :)/

        I am not using a vpn. Should I?  it seems that with the Rj45 – router – comcast modem vs this wifi which GRC labels as xx-xxx-xxx-xx-static.hfc.comcastbusiness.net is just the same thing. If I put a vpn on it I am just masking my location, not info like logon passwords.  I have no idea if it is encripted. Though this is on a win10 laptop with its firewall etc, I do not have the supposed advantage of the router firewall which makes GRC happy. (on the wifi connection, GRC says there is no uPNP vulnerability.)

        Apparently anyone with the right equipment could listen in on what I am transmitting/receiving to the router down the hall, assuming it is not encrypted. I have no idea how widespread listening in is. People like to talk it up but there may be much more danger from the periodic hacks of businesses and credit bureaus which involve many millions of folks.

        The reason I am doing this is that my introductory $30 internet rate is about to expire and probably jump to $70/mo. Which I would love to avoid. It is not public like a starbucks, but part of the Housing Authority – put in my them in this last building re/build/upgrade.

        I need a mini controller that I can plug the wifi antenna into and then plug that into my laptop that has a NAT. haha – nothing like that exists.

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

        • This reply was modified 1 month, 3 weeks ago by krism.
      • #2316667
        anonymous
        Guest

        your not only masking your location with a vpn, good vpn’s also use high encryption, prevent malware, avert trackers, aid privacy (no logs/ jurisdiction considerations), no dns leakage etc. MITM opportunist attacks is something to be aware of when leaving ports visable or open :)/

      • #2316675
        krism
        AskWoody Plus

        okay, thanks, I’ll put one up. Then I’ll have to figure out how to make TBird work since it objects when I change location…

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

      • #2316780
        Paul T
        AskWoody MVP

        Put the IP address that GRC show into your browser address bar. You should see a web page associated with your wifi system.

        Apparently anyone with the right equipment could listen in on what I am transmitting/receiving to the router down the hall

        Only if the wifi connection is open. If it’s WPA then not. What does your wifi connection show?

        If the connection is open then you want to run via a VPN, which should be a lot less than $70/month (ouch!).

        cheers, Paul

        1 user thanked author for this post.
      • #2316790
        SFB
        AskWoody Lounger

        @PaulT : I think you misunderstood the $70 issue. @Krism was just stating that their internet service price is going to increase from $30 to $70 once the introductory price / time expires.



        @Krism
        : please read this article: What are Open Ports?

        As everyone else has stated, using a trusted VPN would be your only solution if you do not trust the Comcast Business WiFi.

        Depending on the make and model of your wireless router you should be able to setup a wireless connection from your router to the Comcast access point using “bridge” mode in your router. VPN profiles can also be setup within your router so that every device that connects to your network is routed through the VPN.

        If your wireless device does not support these functions natively, your device may be supported by third party firmware.

        Just an FYI: Do not use the firmware recommended via the DD-Wrt Router database without reading through the forums first. Be sure to use the latest WORKING build for your device.

        • This reply was modified 1 month, 3 weeks ago by SFB. Reason: Fix Spelling Error
        1 user thanked author for this post.
      • #2316845
        krism
        AskWoody Plus

        HUGE THANKS FOR THE VPN TIP!!!!!!!!!!!!!

         

        Paul: “Put the IP address that GRC show into your browser address bar. You should see a web page associated with your wifi system.” with no vpn says “problem loading page”. With vpn, GRC says “no reverse DNS”.  Yes, vpn (PIA) cost me $40 for a year. I’m on that now. Much cheaper than $70/mo and only slightly less convenient. (I have used PIA in the past with no probs)

        SFB: yes would rather pay $0 than $70/mo But this is not MY router, it is building router, so I can’t control it/interrogate it/put firmware on it.

        TBird was not a prob though it made me log on to my mail account from the web once. Then was fine.

        I did have a problem logging on to my bank so now use chrome to do that. cc bank worked fine. changed all passwords. Set vpn to start and connect auto. can even fire up laptop hotspot and run my Roku off it. 🙂 So it seems I have everything for free($40/yr for AIP vpn). We’ll see how long that lasts!!!! 😉 and apparently secure. 10-15Mb line.

        Thanks all!!!!!!!

         

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

        • This reply was modified 1 month, 3 weeks ago by krism.
        • This reply was modified 1 month, 3 weeks ago by krism.
      • #2316989
        krism
        AskWoody Plus

        unfortunately I now get this on this site:

        <h1>Your access to this site has been limited by the site owner</h1>
        Your access to this service has been limited. (HTTP response code 503)

        If you think you have been blocked in error, contact the owner of this site for assistance.

        <hr />

        Unfortunately, to protect the AskWoody site — which gets hit by hundreds of “bad actors” every day — we have an automatic block in place to reject attempts from specific addresses. Your IP address is suspect, probably because other people using similar IP addresses have been up to no good.

        If you’re using a VPN, try turning off the VPN. Many people find that just switching off the VPN will get them through. If that doesn’t work, try connecting to a different location.

        If you aren’t using a VPN, try disconnecting from your internet connection, wait a few minutes and reconnect.

        In either case, your IP address should change, giving you another chance to break through.

        Next time you’re blocked by Wordfence, go to whatismyip.com and tell me (CustomerSupport@AskWoody.com) what IP address you’re using. I’ll try to run it down.

        – Woody

        <hr />
        <p class=”medium”>If you are a WordPress user with administrative privileges on this site, please enter your email address in the box below and click “Send”. You will then receive an email that helps you regain access.</p>

        <form id=”unlock-form” action=”#” method=”POST”><input id=”unlock-email” maxlength=”255″ name=”email” size=”50″ type=”text” value=”” placeholder=”email@example.com” />  </form>

        <h2 class=”h3″>Block Technical Data</h2>
        <table class=”block-data” border=”0″ cellspacing=”0″ cellpadding=”0″>
        <tbody>
        <tr>
        <th class=”reason”>Block Reason:</th>
        <td class=”reason”>Advanced blocking in effect.</td>
        </tr>
        <tr>
        <th class=”time”>Time:</th>
        <td class=”time”>Fri, 4 Dec 2020 1:58:25 GMT</td>
        </tr>
        </tbody>
        </table>

        <h3 class=”h4″>About Wordfence</h3>
        Wordfence is a security plugin installed on over 3 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.

        You can also read the documentation to learn about Wordfence’s blocking tools, or visit wordfence.com to learn more about Wordfence.

        <p class=”documentation small”>Click here to learn more: Documentation</p>
        <p class=”generated small”>Generated by Wordfence at Fri, 4 Dec 2020 1:58:25 GMT.
        Your computer’s time: Fri, 04 Dec 2020 01:58:25 GMT.
        “</p>

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

      • #2317029
        Paul T
        AskWoody MVP

        That message is because the VPN you use is also used by spammers. Changing VPN provider may help, but it’s a cost we all have to bear.

        cheers, Paul

        p.s. when you copy browser content, paste it by right clicking and selecting “Paste as plain text”, or similar. This will remove the HTML code and stop the post messing up.

        1 user thanked author for this post.
      • #2317132
        krism
        AskWoody Plus

        It appears to change with the “region” I tell it to use. If I connect to a different region I can again talk here. Also had prob with amazon not connecting at all. now does. Okay, so it’s a game! That’s okay.

        When I copy it I copy it to notepad, then copy it into browser and hit enter. browser then adds https:// to the front of that and says unable to connect.

         

        GRC says xx-xxx-xxx-xx-static.hfc.comcastbusiness.net   there is a number at the beginning – xx-xxx-xxx-xx I change that to xx.xxx.xxx.xx and delete the rest and hit enter but it does nothing.

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

        • This reply was modified 1 month, 3 weeks ago by krism.
        • This reply was modified 1 month, 3 weeks ago by krism.
      • #2317205
        krism
        AskWoody Plus

        I just realized that I can look in win10 and it says(*** put in by me to hide info):  Does that mean I don’t need vpn? Thanks for your time!!!

        SSID: ***
        Protocol: Wi-Fi 5 (802.11ac)
        Security type: WPA2-Personal
        Network band: 2.4 GHz
        Network channel: 11
        Link speed (Receive/Transmit): 130/130 (Mbps)
        Link-local IPv6 address: ***
        IPv4 address: ***
        IPv4 DNS servers: 10.128.128.128
        Manufacturer: Realtek Semiconductor Corp.
        Description: Realtek 8812BU Wireless LAN 802.11ac USB NIC
        Driver version: 1030.38.712.2019
        Physical address (MAC): ***

        This is a USB dongle with a 6″ antenna, on about a 20′ USB extension. Bought on ebay for about $16.

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

        • This reply was modified 1 month, 3 weeks ago by krism.
        • This reply was modified 1 month, 3 weeks ago by krism.
        • This reply was modified 1 month, 3 weeks ago by krism.
      • #2317243
        Paul T
        AskWoody MVP

        Security type: WPA2-Personal

        This means the wifi cannot be read / changed by a 3rd party and your connection it secure.
        What is does not mean is the connection from the wifi unit to the internet is secure, but if you are using https and secure mail transport (TLS etc) then your data is secure.

        Given the above, you do not need to use a VPN on that connection, although you may still choose to do so.

        cheers, Paul

        1 user thanked author for this post.
      • #2317294
        krism
        AskWoody Plus

        Many thanks Paul. I will be keeping the vpn for the extra security. Thanks!

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

      • #2318776
        SFB
        AskWoody Lounger

        Glad you have it sorted. An example of linking routers from my previous post can be found on the following DD-WRT web page: Client Mode.

      • #2318827
        krism
        AskWoody Plus

        Glad you have it sorted. An example of linking routers from my previous post can be found on the following DD-WRT web page: Client Mode.

        Thanks – I looked at that diagram and used to have a 54G long ago and don’t recall that it, or any, router would show you what is available in wifi and allow you to connect to it in the way that a little 802 wifi dongle or built-in wifi adapter would scan and tell you what is out there and allow you to connect to it. How would you do that on a router? Remember, I am trying to connect to a router owned by Comcast that I have no control to – can’t wps or whatever.

        EDIT: my router is a Arris surfboard SBR-AC1750 .

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

        • This reply was modified 1 month, 2 weeks ago by krism.
        • #2318939
          Paul T
          AskWoody MVP

          SFB seems to be suggesting you update your router with a 3rd party OS. I would not recommend that, even though it is what I have done. You need to know what you are doing in network land for that to be viable. 🙂

          If you want to connect a local router to the Comcast building wifi and then run your gear on cable, or via your own wifi, you need to set your router up as a wifi client. If you want to try it, let us know.

          cheers, Paul

          1 user thanked author for this post.
      • #2319064
        krism
        AskWoody Plus

        Yeah. Thanks.  No, not interested in flashing my router. I don’t think it would do any good to set the surfboard up as wifi client – not enough signal strength from the router down the hall.

        My problem seems to be that the signal I am getting from the comcast router is just too weak – it’s maybe 30-40′ away, down the hall, and even sticking an antenna out in the hall does not result in a reliable signal (using 5db ant on usb dongle to 20′ usb extension to laptop. I have not gotten around to getting a 10db gain antenna or other things I see on ebay that might improve it, and trying that. I can’t put a yagi in the hall though that would definitely do it. For the moment I have pressed pause on the project rather than throwing more $ than the $55 I already have, and not successful. Thanks.

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

      • #2319150
        Paul T
        AskWoody MVP

        If it’s a signal issue then it makes sense to use your router as a client. You can play with aerials / position on you router and once it’s working well you can use wifi from your router.

        cheers, Paul

        1 user thanked author for this post.
      • #2319189
        krism
        AskWoody Plus

        If it’s a signal issue then it makes sense to use your router as a client. You can play with aerials / position on you router and once it’s working well you can use wifi from your router.

        cheers, Paul

        Thanks.

        The surfboard SBR-AC1750 does not have external antennas or any way to connect one that I can see.

        https://fccid.io/UIDSBR1750/Internal-Photos/Internal-Photos-2546969

        https://fccid.io/UIDSBR1750/External-Photos/External-Photos-2546970

        Please note: I am using this router – comcast modem to router to laptop. I also use it for wifi: comcast modem to router to wifi (controlled by rj45 connection to laptop) to phone or whatever.

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

        • This reply was modified 1 month, 2 weeks ago by krism.
        • #2320874
          krism
          AskWoody Plus

          Paul, if you’re still around, how do I use my router as a client?

          I just got my updated comcast bill and found that, yes, it’s going up to $60 this month and in a year it’s going up to $80. So I will try again to make a go of wifi here, now. I have ordered a wifi yagi and may wind up ordering a new router with eternal antennas so I can remove one of the antennas and plug in the yagi, but I will still need to know how to use that router as a client. I assume that means that it connects to the building router’s wifi down the hall. either that or I could (and will initially) just connect it to the USB dongle plugged to the laptop. The yagi comes with a 5′ sma and I will get a sma extension cord for it.

          Thanks!

          - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

      • #2319226
        Paul T
        AskWoody MVP

        If you load one of the wifi signal monitors, like Acrylic, on the laptop, then wander around to find the best signal. If you position the surfboard unit in the same place it might get good enough signal. Otherwise you may need to buy an access point / wifi extender – still cheaper than 70 per month.

        cheers, Paul

        1 user thanked author for this post.
      • #2319241
        krism
        AskWoody Plus

        It turned out to be $60/mo so I am slightly less motivated.

        I used my phone last week to find the best place inside the apt, but with the antenna I have it is not viable. Putting the surfboard there would probably be about the same. I need a 10+db gain antenna.  I cannot add an antenna to this router.  I may get the yagi and play with it inside the apt.

        To use a wifi extender it would need to be half way down the hall and also have access to the comcast router control to tie to it.

        When I did have it going, it was quite slow because of the vpn, probably, as it is a 10-15Mb link, so I am less motivated to throw a lot of money at trying to get a stable link.

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

      • #2319402
        joltar
        AskWoody Plus

        I use Comcast as my provider as part of a bundle, TV, phone and internet.  It is the fastest available where I live. I rent the modem from them, and I believe it is the same model.  I use their extenders through the house. I know your situation is different from mine,  But I am able to turn on (or off) some kind of security they use on the access they provide,  and claim everything is encrypted that I send or receive.  If you don’t have that control,  you contact your provider (sounds like it’s not Comcast) and ask if your access is encrypted or firewalled or whatever they use.

        This is just for your information and some reassurance.  In my opinion you are most safe with a VPN anyway.  If your router should die ( I sincerely hope not! ) some of the newer ones, e.g. Synology can provide a VPN on the router.  Sounds like you have it handled well now.  Stafe, and good luck.

      • #2322333
        krism
        AskWoody Plus

        a bit of a PS here: if I wanted to use a router to pick up that wifi signal I would need a WISP capable router. Further I would need a WISP capable router that has removable antennas so I could put a bigger antenna on it. That would be expensive.

        Cheaper is simply to get a higher gain antenna (9db)(which I just received). I have this mounted vertically on the inside of my wood hall door and it picks up the wifi signal down the hall sufficiently well. (antenna/Realtek dongle and USB extension about 20′ to laptop) I also learned how to select the wifi channel that is strongest in the Realtek utility for the dongle so that helps with signal reliability. So I did indeed cancel Comcast so I don’t have to fret that it is $60 and jumping to $80 in a year. The only thing I lose from all this is the ability to plug my Roku into my router connected to comcast. While it initially worked on the wifi connection, it then started causing the wifi connection to disconnect whenever I turned on the hotspot and connected to the Roku. I only slightly miss it. There is a ton of stuff on it that takes up a lot of time to watch and at the moment I feel I am better off doing other things. I get 60 channels on TV OTA, 30 of which I actually use, so that provides a lot of variety if I need. Also 4K blu-ray player and a bunch of discs. Not suffering!

        I do have a $15 wifi yagi and sma extension cable coming in about a week so I will have something to experiment with but I don’t really need it.

        So, I think, solved!

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

        1 user thanked author for this post.
      • #2322337
        krism
        AskWoody Plus

        Edit to above – I WAS able to get Roku going – there was a patch that windows had wanted to put on for wlan. I put on one from Lenovo and the one in windows update disappeared so…..

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

      • #2322798
        krism
        AskWoody Plus

        Final update: see thread at

        GRC says ports open on wifi ISP – how to close?

        where I describe that I am now using a Tenda AC8 router in WISP mode to receive the wifi signal and use it as my ISP.  25′ ethernet cables to laptop and Roku. Very fast. Many thanks to Paul!!!

        - ThinkPad T530-2394-3J8, i5-3380M 2.9GHz, UEFI/GPT: (Win10 20H2 Pro x64, Win8.1 Pro x64), 8GB(15GB/s), Sammy 500GB SSD. -

    Viewing 24 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: on 20H2 using wifi for internet – GRC says vulnerable

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

?
This website collects data via Google Analytics. Click here to opt in. Click here to opt out.
×