router

Combination Wi-Fi Routers Are Dumb

The FCC made big news last month when it move to ban consumer routers made overseas. This got me thinking about consumer routers in general, and recalling back to when reliable Wi-Fi was something I was struggling to achieve. That was in the early days of this blog. I think that, in solving our Wi-Fi problem I failed to clearly state something that bears repeating now…combination Wi-Fi routers are dumb and should be avoided.

If you want to have consistent, reliable, Wi-Fi coverage, in a larger home or across an entire property, a combination Wi-Fi router at an arbitrary location is not going to be a good solution. You should be using dedicated Wi-Fi access points. And the location of each access point should be carefully considered.

Read More

Chances Are Your Router’s Firmware Blows

Linksys WRT-54G RouterYou surely have a lock on your front door. Do you have such a lock on your network? Though you may think so, but it may well be wholly unlocked. Or at least, you may not be able to know for certain that it’s locked. If you use a commercial Wi-Fi router from your ISP, or one of the big names like Linksys, Belkin, DLink et al, your network may not be as secure as you think.

At the outset let me state that, as someone who reads hereabouts, you’re no dummy. You’ve taken steps to ensure that the router doesn’t still have  the default admin password. You’re using modern encryption on your Wi-Fi. You’re being responsible, but there are things beyond your grasp.

The simple fact is that the firmware the runs most retail, commercial routers is closed source. As such, you have no ready way to verify it’s behavior. Yet, the manufacturer, by virtue of necessity, uses various common software modules to create their firmware. They may even use some open source modules, but end up with an closed source binary in the end.

The upshot of this reality is that you have a very small team of developers responsible for maintaining the code. That means updates come along slowly, if at all for older devices. By extension, serious security issues get addressed slowly, if they ever get addressed at all.

Read More

Owning The Comcast CPE

Motorola Arris SB6141 cable modemFor the past few weeks I’ve been thinking about the Comcast issued CPE that lives in my office. It’s a modem/router combination from SMC. We’ve had the service a long while. All the while we’ve been renting the device for $12.95 a month.

I can’t recall exactly when we transitioned from consumer to business class service. If I assume that it was five years ago, then we’ve paid over $750 in device rental! This for a device that can be purchased outright for under $200.

Clearly, this makes no sense at all. So last week I replaced the Comcast CPE with a Motorola/Arris SURFBoardSB6141. The choice of the SB6141 was made by consulting Comcast’s list of approved devices, and cross-referencing the SmallWall forums where Lee Sharp had some helpful advice to offer.

Read More

Recent Thoughts About The Edge of My Network

monowall-pfsense-alix-kitIn recent weeks I’ve been accumulating some thoughts about the edge of networks, and the edge of my home office network in particular.

This all started last month where there was an Ars Technica article describing how someone found a backdoor that allowed an evil-doer to gain admin access to a common consumer combination DSL Modem/router/Wifi AP. The author initially proved the exploit by hacking his Linksys WAG200G wireless gateway.

The article describes how he published the script used to run the exploit. That allowed others to try the exploit against various makes/models of consumer hardware. It thus came to light that the same trick works against various products from Linksys and Netgear, amongst others.

Read More
Back To Top