Router Security and Anonymity

What're technolo/g/y's thoughts on replacing your ISP's router with a router of your own choice for security and anonymity reasons?

There's a good argument to be made that you should never use any ISP-provided equipment if you can help it. They only care about security to the extent needed to keep themselves out of the news. Firmware updates are an expense, they won't bother with them if they think they can get away with not doing so. And the thing they care about most is reducing costs from people who change something and then call customer service. Result being that ISP equipment is both insecure and inflexible.

Buy your own equipment. Preferably a standalone modem. If you can't, but your ISP's shitbox in bridge mode and plug it into a pfSense machine or something similar.

What router/modem would you suggest?

>modem
Depends. ISPs very much want you to rent your shit, but most should have a list of modems that will work with their service. (not every cable modem will work with every cable ISP, if I recall correctly) Cuntcast did, at least. Pick one on the list that seems to have good reviews, and be very firm with them that you don't want to rent their "home gateway" crap.

>router
Well pfSense runs on any old x86 machine that has at least two ethernet ports. That can be something you have lying around, that you put together from spare parts, or that you purpose-build. For home use it does not need to be very powerful. Anything from this millennium will work. If you're a do-it-yourselfer you can of course configure any Linux or BSD box as a router manually. That's quite a bit more difficult, but the Arch crowd likes it. pfSense has its own installer and web interface that makes this shit a lot easier.

pfSense supports some wireless cards, but it's a lot easier to pick a wireless router that you like and plug it into a pfSense interface. If you go that route, you should pick a router that works well with OpenWRT. Stock wi-fi router firmware is all shit, 100% of it. It's not as critical to replace it when its behind pfSense as it is when its directly between you and the internet, but its still a good idea.

Oh yeah, also, note that none of this does anything for anonymity, only security. Your ISP still sees every packet you send and receive. They can still fuck with your DNS requests, if you use their DNS servers, and use that capability to block things they don't want you seeing, or log sites you visit.

If you want to put a stop to that then you need a VPN (Read thatoneprivacysite.net's VPN reviews, and Torrentfreak's VPN guide) and/or Tor, so that your ISP sees all your traffic as an opaque encrypted tunnel.

Thank you very much, I've been saving up to renovate and replace my set-up, after the Vault 7 incident.
Goverments have literally become nothing more cartels backing pyramid schemes with enforces (law enforcement) and fixers (the military) to perform their violent extortions.
The old axiom:
>If you don't have anything to hide, why worry.
Is a lie, you should hide everything from a criminal organisation with global reach.

Anything else enlightening?

pc engines APU3 work well as routers. 10 watts, 3 gigabit Ethernet, 4 GB RAM, and about 160 USD total. They have good compatibility with Linux and pfsense. ok compatibility with OpenBSD, the only gripe I have about it is OpenBSD's shitty drivers don't do checksum offloading so the CPU runs more than it does with Linux (0% thanks to all the hardware acceleration).

Perfect, this is exactly the type of concise information I was looking for, Sup Forums is really impressing me with their helpfulness.
Thank you, user.

Doesn't really matter. The next upstream device is theirs anyway.

>security
You set the ISP modem to bridge only, and use your own router (pfSense or DD-WRT)

>anonymity
N/A

Opendns

>take a box with linux on it
>set up some ip table rules.
Why do you need a web interface?
Just ssh like a normal person.

>Why do you need a web interface?
Because its easier. If OP is asking what he should use he probably isn't competent enough to roll his own.

And anyway pfSense lets you do that too. Tick a box in the interface to turn on the SSH server and you can log in and do whatever you like. It's just FreeBSD underneath, so you can play with the firewall, install other software, whatever.

This.

But any guides on this: ?

I'm guessing not.

arch linux wiki router article

Danke

used to do tech support for Windstream and i would not trust the routers we send out. if they were non power users then they never disabled the remote support thing and we could go into almost anyones shit since our customers are all stupid hicks.

Sounds comfy, thank you for the heads up.

+1 for pf sense being master race

most of our DSL services allow customers to BYOModem but some of the fancier shit like vbonds and fiber required the use of windstream shit.

in a situation where you have you use a shit isp router you can always put your preffered router behind the isp one in a DMZ.

I don't even care about the modem. All I need is a good router that will accept third party firmware. The features alone are enough to keep me there and the bonus of added security is nice.

dumb company leaving remote support enabled then

archer c5 or c7 with openwrt

Thank you.

ISP is just dodgy and terrible.

Am I able to install custom firmware in my Telstra Max 1 gateway?

Is there a toolkit for router software pentesting?
My ISP just updated the fw on my router, for the first time ever. Noticed the security got bumped up, but now I'm locked out of it.

Bump for interest.

How big you have to be (or how much money does it take) to be able to connect to the internet w/o ISP? Ie. make your own server and just omit the ISP.

>Money!

Check the arch wiki for firewall and router. Not the best, but everything is there. Most of it your Linux favour can be ignored. Allnof it if you are using netctl

Danke, user.