← Home security index

Network

Routers and Wi‑Fi: the boring box with a very important job

A router is an internet-facing computer that also happens to make Netflix work. Attackers use badly maintained home routers for botnets, proxy traffic and hiding infrastructure. Treat the box like infrastructure, not furniture.

Nigel version

Buy supported, keep it patched, turn off dangerous convenience features, and replace it when support dies. If it joins a botnet, the first person who suffers the abuse complaint, strange blocks or reputation damage may be you.

Ubiquiti UniFi Dream Router 7
Wikimedia Commons: UniFi Dream Router 7
ASUS Wi‑Fi router
Wikimedia Commons: ASUS router
OpenWrt LuCI firewall interface
Wikimedia Commons: OpenWrt LuCI firewall

Router exposure map

Where the outside world can touch the house

A home router sits between random internet scanning and the devices people actually use. The goal is not a perfect lab network. It is fewer doors from the street, and less reach when a cheap device misbehaves.

internetrouter1 open edge checkphonesTV / IoTlaptopsworkflat LANcheap devices can wander

Internet edge

There are still obvious things for scanners to try: old firmware, WPS or admin exposure.

Inside reach

IoT, laptops and work devices share one room. A compromised gadget gets more places to poke.

Explain the jargon

Small terms, big consequences

Tap a term for the plain-English version and the practical move. No fake mystique, just the bit that changes what you do at home.

?WPS

The push-button or PIN pairing feature for Wi‑Fi. It was built for convenience, not for a world where routers sit online for years.

Do this: Turn it off after setup. Use the normal Wi‑Fi password for new devices.

?UPnP

A feature that lets devices ask the router to open ports automatically. Handy for games, risky when cameras, NAS boxes or malware ask for the same favour.

Do this: Review UPnP-created rules. If nobody needs it, disable it and add deliberate port forwards only when you understand the exposure.

?Remote admin

Router management reachable from the internet. Attackers scan for these panels constantly because they are valuable chokepoints.

Do this: Keep admin access local unless there is a strong reason, then protect it with vendor-supported MFA/VPN and patching.

Do this

  • Find the router model and firmware version.
  • Turn on automatic firmware updates or set a quarterly reminder.
  • Change the admin password; disable WPS and internet-facing remote admin.
  • Remove stale port forwards and review UPnP-created exposure.
  • Use WPA2-AES/WPA3 with a long passphrase and guest Wi‑Fi for visitors/IoT.

Check

  • Can you log in to the router?
  • Is the model still supported?
  • Is WPS off?
  • Are there exposed services?
  • Do cheap devices live away from work devices?

Avoid

  • Keeping a router because the lights still blink.
  • Assuming botnets only care about cameras and servers, not the cheap router doing NAT in the laundry.
  • Exposing NAS/cameras/game servers without understanding the open path.
  • Building fancy segmentation nobody maintains.

Full guidance

More than a slide title

By the end, you should know what to check, what to switch off, why botnets want home routers, and when the answer is replacement rather than another Saturday of fiddling.

Home routers are botnet real estate

Mirai made the point loudly: weak defaults and neglected internet-facing devices can become attack infrastructure. More recent advisories show home and small-office routers being abused by serious actors too, including state-linked operations. Your router has a clean residential IP, sits online all day, and is often ignored for years. That is exactly why it is useful to someone else.

What a compromised router can do

A hostile router can proxy other people's traffic, take part in DDoS activity, hide scanning, interfere with DNS, expose internal devices, or make your home IP look suspicious to banks, games, streaming services and work portals. You may not see malware on a laptop because the problem is upstream, quietly turning the internet edge into someone else's tool.

Selection by household skill

Low-maintenance homes should prefer supported auto-updating ISP/eero/Nest-style gear. Moderate homes can run ASUS, Synology, Netgear or simple UniFi if somebody reads notices. Technical homes can run UniFi, OpenWrt, pfSense or OPNsense, but the owner must document rules and replacement triggers.

Replacement triggers

Replace when the vendor no longer ships security fixes, the admin UI is unknown, firmware cannot be verified, or the device requires unsafe features to remain usable. Sentimentality is for photos, not unsupported internet edge devices.

Segmentation without theatre

Guest Wi‑Fi for visitors and IoT is useful because it is simple. Fine-grained firewall artistry is only useful if a real person maintains it.

Scenario

Five-year-old router

Nobody knows the admin password and UPnP is on.

Better response

  • Check support first
  • Reset/replace if unknown
  • Disable WPS/remote admin/UPnP where practical

Worse habit

Treating blinking LEDs as a support lifecycle.

Residential IP starts getting blocked

Banking, games or streaming services start challenging the home connection and nobody knows why.

Better response

  • Check router firmware and exposed services
  • Review port forwards/UPnP
  • Replace unsupported gear
  • Rotate DNS/router admin settings after reset

Worse habit

Only blaming the website while the router keeps acting as someone else's exit point.

More pages

Routers & Wi‑FiPasswords & MFAUpdates & AppsVPNs & ProxiesFamily RulesSmart HomeWork BoundaryAI AgentsRecoveryHome DevOnline SafetyProducts