NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Enabling Guest Network
Has anyone tried the guest network yet? Couple of things I see. 1) When activating, I assume the router/satillite do some sort of reset, as my devices got disconnected during the process. 2) T...
It seems to me that Guest network only blocks DNS lookups from attached devices to find other local devices. But if you poke around by IP address, you have full access to all local devices and services. Is this true? Please tell me this isn't true...if it is true Netgear is fooling people into thinking they are secure. And it makes me wonder what "security" is actually applied to internet traffic.
I have used the guest access though the the Christmas holiday with friends over and none of the deivces could see or use my media server, printers,etc. So yes guest means guest.
Hey Ron,
That is likely, because by default windows (and Macs?) will try to find devices by DNS lookups. What I am pointing out is that if you access devices by number instead, then there is no isolation. For instance, as I write, I am on a guest network. I can see in Device Manager that I ought to know about several NAS's on my network, but they are grayed out since Windows. wants to talk with them by name, not address. If I try to access them I get denied. BUT, and it is a big one, if I go to explorer and mount the NAS by address (e.g. \\192.168.1.47\share instead of \\myserver\share) they pop right up as usual. Also, my printer is still accessible since I assigned it by IP address and not by WSD port.
Hence my concern: people who aren't aware believe they are secure. People who want to pwn them can do it easily with a port scanner and no tools (given that most people leave guest unsecured and have low to no security on their NASs for internal use).
wodehouse,
I am afaid you are incorrect. I have tested the guest network with various devices, phones (Android, iPhone, Windows Phone) , tablets (iPad Air, Android) , and computers (SurfacePro, Lenovo, Macbook, etc.). When they were attached they had no connectivity whatever to any of the devices that on on my wired or wireless network. The only addresses the router would accept would be public IP addresses and the were routed out the WAN port of the router. Any private address was dropped by the router.
It has nothing to do with the DNS it's all about how wireless creates a new "wl interface" and then uses the router and firewall rules to prevent traffic from going from this wireless network interface other other interfaces. If you dump IP tables and network adapter configurations you will see them change when the options for guest is turned off and on.
Netgear is not fooling anyone, If you think there is a bug or something in your configuration that may allow this to happen I would suggest you open a ticket with Netgear.
I also confirmed that if I connect to my Guest network, it works correctly and I do not have access to IP addresses on my main network. I could not ping nor access a Windows network share via the main network, but I could once I went back to my main wireless network. Let's not scare everyone with incorrect claims before exhaustive testing & diagnosis.
wodehouse, is it possible that you have "Allow guests to see each other and access my local network" checked for your Guest network? That could be one reason to explain your access to IP addresses on your main network.
