Yesterday Ars Technica ran an article once again detailing how millions of consumer and SMB routers are vulnerable to exploit. This exploit, dubbed Misfortune Cookie, leaves the network open to those who would penetrate your systems and steal your personal information. The vulnerability is many years old, and the fix almost a decade old. Even so, it seems that there are still devices being offered that include the vulnerable code.
Announcements like this make me glad that we rely on well-proven, open source software for our network edge. We’ve long used m0n0wall and pfsense around here. Software such as these running on a small, single board computer, are a compelling solution. Sure, it costs more than a bargain router from Frys. The piece of mind is worth the extra $100.
A recent little project that I’ve been working on has used some Buffalo routers, but in that case we use those models that run DD-WRT, the open source firmware for small consumer router hardware.
There are so many great, open source solutions available. I see no reason to risk the cheesy consumer routers.
The article describes how he published the script used to run the exploit. That allowed others to try the exploit against various makes/models of consumer hardware. It thus came to light that the same trick works against various products from Linksys and Netgear, amongst others.
I recently received a promotional email from Amazon offering the Linksys Tmobile @ Home HiPort for just $15.99. This was the internet router device that has a UMA interface on-board. Add a T-Mobile SIM card and you have cellular trunk line for home use with a traditional wired telephone.
This device was the CPE for their long-dead T-Mobile@Home service. While that service is not longer offered, it remains functional. My brother-in-law still has the service locked in at $10/month.
The fact that these devices remain available is a curiosity. T-Mobile still supports UMA calling. That makes me wonder if they could be used in some novel way around the house. I have too many unfinished projects already, but these do seem interesting.
When last we left this story our protagonist had returned the Cisco AP to BUY.COM leaving le maison du Graves without functional wifi for about two weeks. Fortunately I was out of town a lot during that period so it wasn’t much of an inconvenience. If anything it gave me some time to evaluate my options regarding replacement gear.
I’ve noted that whereas I had a lot of problems with 802.11n type wifi APs I’d previously had far fewer issues with 802.11g type hardware. Very recently I was reminded by someone who should know that 802.11a/b/g is more mature hardware than 802.11n. This certainly rings true as my very old Linksys WAP-54G ran for literally years with no problems at all.
There are myriad inexpensive consumer routers available that include wifi functionality, but far fewer freestanding wifi access points (AP.) I surmise that this is because every broadband connected home needs a router and wants a wifi AP, so a converged device is the most affordable approach to this marketplace. Yet in many ways it’s less than ideal.
The fact that your router and wifi access point are in one device makes that device a major possible single point of failure. It dies and your entire network goes down. While merely inconvenient for the kids coming home after school to play World Of Warcraft, it’s a whole different kind of failure if you’re a full-time home office worker who relies on internet access to be effective in your job.
This is part 2 in the continuing saga of my fight with replacing a dead Netgear WNR-2000 that had served a my wifi AP. Please recall that I just RMA’d the Cisco WAP4410N that was to be its replacement.
Firstly, I think that I was a very early adopter of both residential broadband and wifi. Linksys was the obvious leader in devices for this market. I bought a Linksys WAP-11 when they were brand new and fairly pricey. I wired it into my trusty Linksys BEFSR-41 4-port wired router. That device was fed by a Time-Warner Road Runner cable modem back in 1998.