I’ve spent the last several years breaking into corporate networks professionally. Last weekend I finally turned those skills on my own home network. I expected to find a few issues. I found six, including one that genuinely surprised me.

Finding 1: My Router Was Running Firmware From 2021

My router was five major versions and 47 months behind. Cross-referencing with the vendor’s security advisories: 11 CVEs, 3 rated critical including a pre-auth RCE public for 14 months. I’d disabled auto-updates years ago because an auto-update had once broken my port forwarding rules. Updated immediately.

Finding 2: The IoT VLAN Wasn’t Actually Isolated

I had set up a separate VLAN for IoT devices. The VLAN existed. The firewall rules allowing traffic from the IoT VLAN to the main LAN also existed. Someone (me, years ago) had added a rule for “testing” and never removed it. The cameras could reach my NAS. True IoT isolation: IoT VLAN can reach the internet, cannot reach any other VLAN.

Finding 3: The NAS Had a Web Interface Exposed Externally

I’d enabled the web management interface on the same port as the WebDAV backup service. From the internet: the NAS login page was publicly accessible. Fixed by separating ports, blocking management interface from WAN, and moving backup to VPN-only.

Finding 4: One of My Research VMs Had Been Compromised

I was scanning my home lab subnet and noticed unusual outbound traffic from a VM I hadn’t actively used in four months — it was participating in a cryptocurrency mining pool. The attack path: a Metasploitable VM exposed to my internal network, a compromised Jupyter notebook on the same VLAN, and an attacker who pivoted between them.

Finding 5: Jupyter Notebook Exposed with No Auth

A Jupyter notebook running with default config, no password, no token, accessible from anywhere on the internal network. This is embarrassingly common. Always run Jupyter with authentication. Shut down notebooks when not in use.

Finding 6: Smart Thermostat Phoning Home to Suspicious IPs

Several outbound connections going to IP ranges belonging to a third-party analytics vendor in a jurisdiction with weak data protection rules. The best I can do: VLAN isolation, egress filtering, and accept that some data leakage is the price of smart home convenience.

The Takeaway

Six findings in 48 hours on a network I’d built myself and thought I understood. None exotic. All fixable. Start with: nmap -sn 192.168.1.0/24 to enumerate everything connected. You’ll probably find devices you forgot about.