ROUTER66
Where Router66 Sits — And Why Nothing Bypasses Us
ATTACK PATH
📶
Access Point
WiFi / LAN entry
→
🏢
LAN
Attacker inside
→
🛡️
Router66
Enforced exit
→
🌐
Internet
C2 / exfil target
7
Application Layer
HTTP · FTP · SMTP · DNS
⚠ C2 callbacks · data exfiltration · DDoS
CONTROL PLANE
LEASE + PORTAL
Authorization control · kill switch · MSP portal
6
Presentation Layer
TLS · SSL · encoding · compression
⚠ SSL stripping · encoding attacks
OUT OF SCOPE
5
Session Layer
Sockets · session management
⚠ Session replay · fixation · MITM
OUT OF SCOPE
4
Transport Layer
TCP · UDP · port management
⚠ UDP flood · SYN flood
OUT OF SCOPE
3
Network Layer
IP · ICMP · IGMP · IPsec · routing
⚠ IP spoofing · route manipulation · Smurf attack
PRIMARY ENFORCEMENT
FORWARDING LAYER
EGRESS ENFORCEMENT
No authorization = no forwarding
2
Data Link Layer
Ethernet · WiFi · frames · MAC addressing
⚠ MAC spoofing · ARP spoofing · switch flooding
DEVICE ID MODE
DEVICE-LEVEL AUTHORIZATION
Unknown device = no outbound access
1
Physical Layer
Fiber · cable · signals · hardware
⚠ Tapping · physical tampering · EM interference
OUT OF SCOPE
Primary
L3
Enforcement at the forwarding layer. No authorization = no forwarding.
Device ID Mode
L2
Device-level authorization. Unknown device = zero outbound access.
Control Plane
L7
Authorization control · kill switch · MSP portal.
R66 PRIMARY
R66 ACTIVE
OUT OF SCOPE
