I set up a DD-WRT router on Charter’s Spectrum broadband, and had a hard time getting it to work. It wouldn’t pull an IP address on the WAN side, or it would pull a 192.168 address rather than a Charter public address.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.
For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
If you have a router and want to run DD-WRT on it, but can’t find the router in the router database, you may have learned the hard way that the router database is a couple of years out of date.
But not all hope is lost. Here’s how to find a build, if one exists.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
I’ve been using and recommending DD-WRT for years, but it’s getting harder to find inexpensive routers to run DD-WRT. Many inexpensive routers now use non-Broadcom chipsets that DD-WRT and other third-party firmware don’t support well, or at all.
But there’s still a way to get inexpensive, compatible routers that isn’t likely to change any time soon.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
My neighbor asked me for advice on setting up wi-fi in his new house. I realized it’s been a while since I’ve written about wi-fi, and it’s never been cheaper or easier to blanket your house and yard with a good signal.
Blanketing your house and yard while remaining secure, though, is still important.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
A good way to eliminate dead zones in your house where wifi doesn’t work is to add one or two wireless access points to your setup.
Access points, thankfully, are no longer stupid expensive–they used to cost twice as much as a router in spite of being nothing more than a cut-down router–but almost every access point I’ve looked at has one or more compromises built in. That said, if you want something you can plug in and configure by filling out three or four things, you might be willing to live with those compromises.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
In 2003, Dan Geer called the combination of Microsoft’s market dominance and the flimsy security of its products a threat to national security.
Today, he’s calling the security holes in consumer routers a threat to critical infrastructure.
These two things are related in more ways than being utterances from the same person. These routers were designed to protect flimsy PCs from the horrors lurking on the Internet. In 2003, they were arguably adequate. But since 2003, Microsoft operating systems have improved dramatically from a security standpoint while routers have stood still. Many of them are still running on the same outdated Linux kernels and userspaces, just on newer, faster hardware. These routers are now less secure than the computers they are supposed to protect. This isn’t a knock on Linux; Linux has improved in the last 11 years too, but router makers generally haven’t incorporated those improvements. So these routers are easy to attack, easy to use to build botnets, and the user will never be the wiser since they keep the devices until they break. The only good news here is that many of them break after a year or two, and that’s supposed to be bad news.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
I’ve said before how to eliminate wifi dead spots, but perhaps I didn’t give it the focus it deserves. I think almost everyone has wifi dead spots in their house that they would like to eliminate. It turns out you can do it, and it doesn’t have to cost a fortune either.
The idea is to supplement your existing router with one or two additional access points. Read more
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
I found a couple of old Linksys WRT54G routers and decided to load DD-WRT on them. The first one, an abandoned-by-Linksys WRT54GS model, gave me some trouble, which led me to buying a TP-Link unit to run DD-WRT on. The second unit, which was a vanilla WRT54G, still had firmware available on Linksys’ site, so the upgrade was somewhat straightforward–it went by the book, at least. I installed the latest Linksys firmware, then installed the DD-WRT mini build, then upgraded to the full build.
After getting DD-WRT running on it, I configured it to behave as an access point on channel 6. I was surprised at how strong the signal was. Years ago, I ran a pair of WRT54G routers, and they struggled to cover the house. It’s possible that was due to age, or perhaps I was getting too much interference from my neighbors since we were probably all running our wireless on the default channel in those days because none of us knew better.
As for my WRT54GS, when I tried to upgrade it, I got a nice message stating, “Upgrade are failed!” Nice. Too bad it didn’t add “All your base are belong to us.” That’s when I learned you need to install the last Linksys upgrade first, then upgrade from that. So I downloaded that from some forum, tried flashing that, and received the same message. So I set it aside, figuring I bricked the unit. A few days later, after getting the WRT54G running, I fired up the GS, visited its configuration page, and… found DD-WRT running on it! Upgrade are failed? More like all your upgrade are belong to ME.
In all honesty, I probably got lucky. It’s always best to go by the book on things like this. Including the 30-30-30 reset.
The WRT54G is limited, of course, to 802.11b and 802.11g (54 megabits max) but as a complement to a more modern router, it still has a few tricks left. If you have one laying around, it won’t cost anything aside from about 30 minutes’ worth of effort to load DD-WRT on it and see what it can still do for you.
And if you don’t happen to have one laying around, it’s not hard to find a used WRT54G. I find them at estate sales, garage sales, and rummage sales pretty frequently because a lot of people set them aside when they either buy newer, faster routers or their ISP forces them into an all-in-one unit. Don’t pay too much for it, because it’s aging technology, but I’d say they’re worth grabbing for $5 or less.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.