super
macstealer
super | macstealer | |
---|---|---|
10 | 9 | |
94 | 503 | |
- | - | |
8.7 | 5.5 | |
4 days ago | 11 months ago | |
JavaScript | C | |
BSD 3-clause "New" or "Revised" License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
super
-
PiVPN v4.6.0: The End
You can give us a try, https://github.com/spr-networks/super, http://supernetworks.org/. Wireguard is well integrated. We also have a tailscale plugin, and more vpn plugins on the way
-
You shouldn't run NSA-grade Wi-Fi at home
Somewhat related -- with the project I work on, https://github.com/spr-networks/super, we do support wireguard peers (and also support combining that wireguard identity with a wifi peer identity as well).
Devices are provisioned by assigning or generating a wireguard keypair in the API.
Next the peers are routed together by policy and by default can't access one another. There's support for bidirectional network groups or one-way firewall rules with NAT.
One are of improvement is multicast support with wireguard, it's doable, just not ready yet.
-
Securely Chaining Wi-Fi Routers (2022)
golang-based SPR is open-source and can be run on RPi: https://github.com/spr-networks/super
> An unspoofable device identity is established with a MAC address and Per-Device Passphrase for WiFi (or a VPN Public Key for Remote Devices). From there, each device gets its own /30 subnet to exist on. Hardening and strict firewall rules block network spoofing and impersonation, and routing rules redefine connectivity between devices and to the internet.
- Building a freedom-friendly WiFi pocket-router (2021)
- Secure Programmable Router
-
Raspberry Pi 4 Showcase: A Secure Programmable Router
The other thing we've been tasked to work on is load balancing across uplink interfaces, and we're happy for more feedback for how the feature should work. That's tracked under here https://github.com/spr-networks/super/issues/134. We will likely use the fwmark capabilities (which we already use for redirecting traffic to site-to-site vpn connections)
- Upgrade to next-level WiFi with an open-source, secure programmable router
- SPR: Open Source, Secure Programmable Routers
- Show HN: Supernetworks' Secure Programmable Router
-
MacStealer allow for WiFi client isolation bypasses (CVE-2022-47522)
Yes -- except for limited wireguard support, usability for multicast is mostly solved. SPR services mDNS and Zeroconf/SSDP with a udp proxy[1].
[1] https://github.com/spr-networks/super/blob/main/multicast_ud...
macstealer
- MacStealer allows for WiFi client isolation bypasses (CVE-2022-47522)
- MacStealer allow for WiFi client isolation bypasses (CVE-2022-47522)
- WiFi client isolation bypasses (CVE-2022-47522)
-
iOS lets carriers add WiFi networks that you can’t remove or stop from joining
The knowledge and equipment to hack WiFi-related systems is a lot easier to obtain on most of the world than the cellular equivalent.
In the US, at least, tampering with cell service risks getting the FCC involved, so very few people do it compared to WiFi hacking.
I'm very curious, for example, if the devices that connect to these APs are vulnerable to the WiFi client isolation bypass that was disclosed about a week ago.[1] That seems a lot scarier when there are potentially thousands of random people's personal phones connecting to the same WiFi infrastructure instead of a bunch of more or less trusted corporate devices in an office.
[1] https://github.com/vanhoefm/macstealer
- MacStealer: Wi-Fi Client Isolation Bypass
-
WiFi protocol flaw allows attackers to hijack network traffic
This attack does require bypassing some network security already. It defeats client isolation but the attacker does need to be on the WiFi network already (according to https://github.com/vanhoefm/macstealer).
AP isolation is usually off for all but big hotspots in my experience. This will be a problem for people using AP isolation for preventing their IoT from connecting to other devices in their network, assuming their IoT is malicious, but other than that the risk seems to be mostly with professional/corporate networks.
What are some alternatives?
router7 - router7 is a small home internet router completely written in Go. It is implemented as a gokrazy appliance.
homelab - Monorepo for my homelab configuration 🏡