Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is connecting a factory defaulted router a potential vulnerability?

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 824 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      votsor
      last edited by votsor

      Hi, I am admittedly a newbie, I have been running a home network on pfsense 2.4.4-RELEASE-p2 for a couple of weeks. I am pretty happy with it and learning. But today I brought the entire network down by plugging in a factory defaulted linksys E1500 wifi router. It took over the LAN 192.168.1.1 (my pfsense lan ip) and killed everything else, so I had to disconnect the E1500 and reboot pfsense. Is this normal? How do I prevent this in the future, when all I want is to add say an access point whith the default IP that happens to match my pfsense box?

      Thanks,

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @votsor
        last edited by

        @votsor

        Since you know it was an address conflict, just change the E1500 address.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • V
          votsor
          last edited by

          I didn't know until it crashed the network.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Use a non common IP for you pfsense setup... I use .253 as pfsense IP vs the normal .1 or .254 for a /24

            Nor do I use the typical 192.168.0 or 192.168.1 networks either

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            JKnottJ 1 Reply Last reply Reply Quote 1
            • JKnottJ
              JKnott @johnpoz
              last edited by

              @johnpoz said in Is connecting a factory defaulted router a potential vulnerability?:

              Use a non common IP for you pfsense setup.

              Or better yet, fire it up on it's own and see how it's configured. He'll have to configure it anyway, before placing it on an existing network.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                ^
                Also very valid option/point

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • GrimsonG
                  Grimson Banned
                  last edited by

                  For connecting new devices I have separated two ports on my switch into a single dedicated VLAN. So I connect the new devices to one of these ports and patch the Ethernet connection of one PC to the other port, this way they are in their own L2 and can't impact the network.

                  Another solution is to use a Laptop and connect a new device there first for setup purposes. Just don't connect a device with unknown/conflicting settings to your production network.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.