Mikrotik is a Latvian manufacturer. Popular in certain markets and with homelabers across the world. port 8291 is for Mikrotik's management tool called Winbox. That one works over L2 and can show you other Mikrotik neighbours neatly. Their equipment is bang for the buck type of thing. No ongoing licensing, no mandatory support plans. Buy once use forever. 12y.o. devices still supported.
I was going to comment the same thing about Winbox. Hopefully, it is appropriately configured, oh boi, oh boi! If someone with the knowledge and the intent to be malice gets on that network. I'll never leave that port visible from the LAN, if my users want access to the router I can configure Webfig with custom skins so they don't get access where they can cause damage.
Gotta love how everyone has just become so damn lazy that wifi becomes the solution to LITERALLY EVERYTHING. "We need to connect this aircon unit to the network for smart controls... If only there was some sort of network cable that existed that we run at the same time as we do the plumbing and electric work..." Instead we use wireless to connect a giant static machine that will NEVER be moved and fill the entire radio spectrum with garbage. Oh but don't worry, now we have 5Ghz so now new devices can fill up that entire spectrum as well! The end user (and all their neighbours) will then be the ones that have to subsidise these stupid decisions by upgrading their router every few years (eg, wifi 6e and wifi7) so their devices can actually get decent bandwidth without so much packet loss. Lets not even start to think about how probably 99% of these devices will end up with some wifi vulnerability that will give a hacker the ability to break into your network and will never be patched.
Let's not forget about the grand daddy of home automation, X10! It didn't need extra wiring and security was a 1 in 8 chance your neighbour could screw with your devices :P I personally feel with IoT junk they should come with modbus standard; Most solar inverters do but your EV chargers typically don't, only wifi. Even Tesla chargers you can't make them work without internet and you can't turn off the ssid once configured with your mobile phone hotspot.
When I lived at an apartment, it was very crowded. I put my 5ghz to a DFS channel and was pretty happy. I never encountered being kicked off, so it worked well for the couple years.
Oah... that's a mess. We just built an apartment in Radelaide (student accommodation) where we built a cheap and dirty multi-tennant WiFi - and we left the 2.4 for the BMS people.... I was shocked at how poorly 2.4 was being used. We built a RADIUS solution - but everyone in directly - give them their own VLANs to play on... Keep everything simple.
The very first thing I would do is throw a firewall box like like a Netgate 6100 and a dedicated AP off of that for all of my connections. Then set all devices to the 5GHz band on an open channel. I never connect to public WiFi.
I didn't try to actually do anything with it. I thought about setting up a PPPoE client with the password that is in use. I don't know what it might expect for RADIUS though. I'd also hate to live in a place using someone else's network.
@@TallPaulTech if you’re friend is having issues with the network would you try to build a custom solution? (Pure curiosity is going to get the cat killed)
Would you mate, be able to get a different provider or are they locked in with just using Gigafy? Because they look expensive. But look to have good reviews.
Have the same question. I've seen the building with pre-selected ISP once but didn't know it was widespread. Wonder how that's working and how it is legal. Well it probably is since it exists. Just a bit surprising. I.e. why not just an NBN branded box in every apartment.
That would be idea, but let's say a building with 50 units in it... I mean 50 fibre ports from some node doesn't seem unimaginable, but you know there's money to be made by the building admin if they do it this way.
@@TallPaulTech Yea it's just about the money. I don't know how NBN works over there, i think is similar to our UFB. Were for some apartment blocks they just put in an access gateway "Carrier grade Switch" and then run Ethernet to each apartment and it will just be provisioned like any other residential fiber connection, Either you or the ISP would provide the Router.
That "Giagfy" thing looks like a specific provider. Didn't know that apartments come with the pre-made ISP choice. Can people even switch to some other NBN provider in these apartments?
What's stopping "someone" to capture a persons password, walk to the meter panel, turn the units sub-mains off and go log on, restoring power afterwards?!?! Then the tenant would be without internet and you could leave a card in their letterbox to contact strata for internet issues? :P Businesses are built upon others mistakes!
Fark those Mikrotiks are ugly and too many people love them.... Shitty Wi-Fi noise makers too. Seen these setups before of locked-in providers in buildings. People don't check before buying and then have to deal with getting these MIM (Man In Middle) tossers out the way.
Great vid!
Dressed like that, you’re always gonna get physical access 😎😁
Mikrotik is a Latvian manufacturer. Popular in certain markets and with homelabers across the world.
port 8291 is for Mikrotik's management tool called Winbox. That one works over L2 and can show you other Mikrotik neighbours neatly.
Their equipment is bang for the buck type of thing. No ongoing licensing, no mandatory support plans. Buy once use forever. 12y.o. devices still supported.
I was going to comment the same thing about Winbox. Hopefully, it is appropriately configured, oh boi, oh boi! If someone with the knowledge and the intent to be malice gets on that network. I'll never leave that port visible from the LAN, if my users want access to the router I can configure Webfig with custom skins so they don't get access where they can cause damage.
Gotta love how everyone has just become so damn lazy that wifi becomes the solution to LITERALLY EVERYTHING. "We need to connect this aircon unit to the network for smart controls... If only there was some sort of network cable that existed that we run at the same time as we do the plumbing and electric work..."
Instead we use wireless to connect a giant static machine that will NEVER be moved and fill the entire radio spectrum with garbage. Oh but don't worry, now we have 5Ghz so now new devices can fill up that entire spectrum as well! The end user (and all their neighbours) will then be the ones that have to subsidise these stupid decisions by upgrading their router every few years (eg, wifi 6e and wifi7) so their devices can actually get decent bandwidth without so much packet loss.
Lets not even start to think about how probably 99% of these devices will end up with some wifi vulnerability that will give a hacker the ability to break into your network and will never be patched.
Time to move between two mountains with no neighbors for perfect rf isolation.
Let's not forget about the grand daddy of home automation, X10! It didn't need extra wiring and security was a 1 in 8 chance your neighbour could screw with your devices :P
I personally feel with IoT junk they should come with modbus standard; Most solar inverters do but your EV chargers typically don't, only wifi. Even Tesla chargers you can't make them work without internet and you can't turn off the ssid once configured with your mobile phone hotspot.
When I lived at an apartment, it was very crowded. I put my 5ghz to a DFS channel and was pretty happy. I never encountered being kicked off, so it worked well for the couple years.
You do know there is conversations and protocol summaries in Wireshark right? Will be a bit faster to get a overview what's in the capture
Oah... that's a mess. We just built an apartment in Radelaide (student accommodation) where we built a cheap and dirty multi-tennant WiFi - and we left the 2.4 for the BMS people.... I was shocked at how poorly 2.4 was being used. We built a RADIUS solution - but everyone in directly - give them their own VLANs to play on... Keep everything simple.
Lookin sharp mate 👌🏻
That was your mamma who typed that, wasn't it? ;)
@@TallPaulTech 🤣🤣🤣
The very first thing I would do is throw a firewall box like like a Netgate 6100 and a dedicated AP off of that for all of my connections. Then set all devices to the 5GHz band on an open channel. I never connect to public WiFi.
Could you use your own equipment at all? I would hate to live in a place where I didn’t have control over my network.
I didn't try to actually do anything with it. I thought about setting up a PPPoE client with the password that is in use. I don't know what it might expect for RADIUS though.
I'd also hate to live in a place using someone else's network.
@@TallPaulTech if you’re friend is having issues with the network would you try to build a custom solution? (Pure curiosity is going to get the cat killed)
Looking fly
That's what your mamma said too!
Shared connection for all units? Sounds like a nightmare, probably overpriced too. I rather have my own fiber and router with whatever ISP I choose
Hi Paul, May I know the model of Network TAP device in the video ?
Good lan tap one of first around. There's heaps now though
Great Scott Gadgets - Throwing Star LAN Tap Pro
Yeah that one
Would you mate, be able to get a different provider or are they locked in with just using Gigafy?
Because they look expensive. But look to have good reviews.
Have the same question. I've seen the building with pre-selected ISP once but didn't know it was widespread.
Wonder how that's working and how it is legal. Well it probably is since it exists. Just a bit surprising.
I.e. why not just an NBN branded box in every apartment.
That would be idea, but let's say a building with 50 units in it... I mean 50 fibre ports from some node doesn't seem unimaginable, but you know there's money to be made by the building admin if they do it this way.
@@TallPaulTech Yea it's just about the money.
I don't know how NBN works over there, i think is similar to our UFB.
Were for some apartment blocks they just put in an access gateway "Carrier grade Switch" and then run Ethernet to each apartment and it will just be provisioned like any other residential fiber connection, Either you or the ISP would provide the Router.
There are some complexes that have private power grids also, you're stuck in a hard spot for alternatives.
That "Giagfy" thing looks like a specific provider.
Didn't know that apartments come with the pre-made ISP choice.
Can people even switch to some other NBN provider in these apartments?
Getting more common unfortunately. Nope, can't change.
Yeah, doesn't seem like someone in a flat has any real choice, at least as far as wired is concerned.
@@TallPaulTech Have a few friends in Canberra in the same boat - they put starlink in.. The BC complained heartily but can't do much.
Fuck that, man I’m glad to live in a house
Wait for someone to geolocate networks by their names + MACs :)
WiGLE Wifi is the right tool for the job ;)
If you still have packet capture, Ii think you should go deeper in WPS because could have old vulnerabilitity.
Maybe I'll do something with that one day
What's stopping "someone" to capture a persons password, walk to the meter panel, turn the units sub-mains off and go log on, restoring power afterwards?!?! Then the tenant would be without internet and you could leave a card in their letterbox to contact strata for internet issues? :P
Businesses are built upon others mistakes!
Dodgaholic!
Guess they've never heard of VLANs and firewall rules....
When strata thinks it’s an ISP 😂. Well if you’re daft enough to buy anything built in the last decade you have problems beyond the internet
Fark those Mikrotiks are ugly and too many people love them.... Shitty Wi-Fi noise makers too. Seen these setups before of locked-in providers in buildings. People don't check before buying and then have to deal with getting these MIM (Man In Middle) tossers out the way.