What's new
  • Please do not post any links until you have 3 posts as they will automatically be rejected to prevent SPAM. Many words are also blocked due to being used in SPAM Messages. Thanks!

Simple network isolation for smart stuff?

Lysrin

Well-known member
Joined
Mar 10, 2014
Messages
4,963
Location
Nova Scotia
The original ones I ordered were lost in shipping, and then of course out of stock. I got a refund and then ended up buying some other ones branded Meross. They have had some security issues in the past, but have said they fixed those. They are made in China. So... yeah. All good reasons to isolate them.

Finally got a chance to set up a couple, but the behaviour I am seeing is confusing me. This is what I expected:

1. Set up the units on my guest network.
2. Have to be on my guest network for the related mobile app to see and manage the devices.
3. Have to be on the guest network to interact with the devices using Google Assistant.

However, I am able to access the devices with the app and Google Assistant from either the guest or my main network.

That caused me to look into what I can see in the Bell HH3000 about the connected devices. Can't see tonnes of info but it does recognize devices connected on either the main or the guest distinctly, and it assigns them unique IPs - main being 192.168.2.nnn and guest being 192.168.5.nnn.

Revealing my lack of network knowledge here again likely, but this doesn't seem as isolated from each other as I had hoped. Am I thinking about it wrong or is the guest network created by the Bell router not very good? It seems like devices, and least my phone to the smart plugs, can interact across the networks, defeating the purpose of the guest network.
 

JD

Moderator
Staff member
Joined
Jul 16, 2007
Messages
10,790
Location
Toronto, ON
Try something like: https://play.google.com/store/apps/details?id=net.techet.netanalyzerlite.an on your phone to do a ping from the guest network to a device on your main network. You could use the network scanner feature too.

Assuming that "fails" as expected, then my guess would be these devices are going out to the cloud and that's how your interacting with them, not a direct local connection.
 

Izerous

Well-known member
Folding Team
Joined
Feb 7, 2019
Messages
1,968
Location
Edmonton
Well google assistant and stuff goes through the cloud. I can turn my lights on and off etc when I'm not even home.
 

Lysrin

Well-known member
Joined
Mar 10, 2014
Messages
4,963
Location
Nova Scotia
Try something like: https://play.google.com/store/apps/details?id=net.techet.netanalyzerlite.an on your phone to do a ping from the guest network to a device on your main network. You could use the network scanner feature too.

Assuming that "fails" as expected, then my guess would be these devices are going out to the cloud and that's how your interacting with them, not a direct local connection.
Well google assistant and stuff goes through the cloud. I can turn my lights on and off etc when I'm not even home.
The devices don't respond to a normal ping request on the LAN, at least from a ping from a terminal on my PC, which makes sense to me given they're on different subnets. But I wasn't sure if the devices themselves just weren't able to respond to normal ping. I'll give that app a look too @JD

I didn't even think about going out to the cloud and back. Duh... Thanks guys. That likely explains it because they are on my guest network that of course has Internet access.

Some things I read suggest preventing your IoT devices from accessing the Internet, increasing security at the cost of some functionality. If I did that, then Google Assistant control, as you mentioned @Izerous , wouldn't work anymore. That would be a reduction in functionality for sure. I wonder would they still work through the company's own application or does it actually need to talk to the mothership? Worth a test perhaps so I know my options. Having to use their app perhaps raises concerns too. It is installed on my phone that of course is on my main network. Messy business this security stuff!

At least I wasn't out to lunch in my thinking about what should be able to talk to what.
 

JD

Moderator
Staff member
Joined
Jul 16, 2007
Messages
10,790
Location
Toronto, ON
I don't think the Bell router is going to give you the ability to restrict outbound internet access anyhow.

If the device has that many security issues, then it shouldn't be in your house at all :)
 

Lysrin

Well-known member
Joined
Mar 10, 2014
Messages
4,963
Location
Nova Scotia
I don't think the Bell router is going to give you the ability to restrict outbound internet access anyhow.

If the device has that many security issues, then it shouldn't be in your house at all :)
lol Yup I know. There are just things you can find online about devices made in China and then the cloud servers being in China and them collecting all this data... yada yada yada :) It never ends. Separation from my main network sufficiently reduces the risk in my mind. They might figure out when I turn the Christmas lights on and off, and perhaps the guest network password, but shouldn't be much more than that accessible :)

Doing the network scan with the Network Analyzer app (nice app btw, paid the $6 for the full one) the networks certainly appear to be separate. None of the devices on guest show up in a scan of main and vice versa.
 

Latest posts

Twitter

Top