A college classmate asked me if there’s anything to the stories that DD-WRT might potentially get locked out due to new FCC regulations.
Unfortunately the answer is yes, there may be something to it.
A college classmate asked me if there’s anything to the stories that DD-WRT might potentially get locked out due to new FCC regulations.
Unfortunately the answer is yes, there may be something to it.
I’ve been using and recommending DD-WRT for years, but inexpensive DD-WRT routers aren’t quite as easy to find as they were a year or two ago. A lot of inexpensive routers these days are using non-Broadcom chipsets that DD-WRT and other third-party firmware don’t support well, or at all.
But there’s still a way to get inexpensive, compatible routers that isn’t likely to change any time soon.
My neighbor asked me for advice on setting up wi-fi in his new house. I realized it’s been a while since I’ve written about wi-fi, and it’s never been cheaper or easier to blanket your house and yard with a good signal.
Blanketing your house and yard while remaining secure, though, is still important.
A good way to eliminate dead zones in your house where wifi doesn’t work is to add one or two wireless access points to your setup.
Access points, thankfully, are no longer stupid expensive–they used to cost twice as much as a router in spite of being nothing more than a cut-down router–but almost every access point I’ve looked at has one or more compromises built in. That said, if you want something you can plug in and configure by filling out three or four things, you might be willing to live with those compromises.
Earlier this year at CES, HP introduced its HP Stream Mini ($180) and Pavilion Mini ($320 and $450) mini-desktops. They’re small, inexpensive, and in the case of the Stream, silent. They turn out to be surprisingly upgradeable as well. Ars Technica has details and benchmarks, but of course I have my own priorities based on their discoveries.
If you’ve been procrastinating about deploying 450-megabit (802.11n) wi-fi to your house, I have a reason for you to procrastinate a while longer: Gigabit wireless (802.11ac).
It’s only about twice as fast as its predecessor, which pales next to the 8x improvement 802.11n provided over 802.11g, but if you’re wanting to stream HD media through your house, you’ll notice the difference.
Continue reading If you’ve been delaying upgrading your network, keep delaying
A 7-inch, underpowered Android tablet that may or may not be available at your corner Walgreen Drug Store is made some big waves today. It’s underpowered, but it’s supposedly on sale for 99 bucks. Regular retail price is $129.
Yes, for 99 bucks, it’s a toy. But it could be a fun toy. Continue reading Attack of the $99 Droid-Pads
It’s not enough to know what to look for in a router. I wanted to get some solid advice on wi-fi network security. Who better to give that advice than someone who built an airplane that hacks wi-fi? So I talked to WhiteQueen at http://rabbit-hole.org, the co-builder of a wi-fi hacking airplane that made waves at Defcon.
Hacker stereotypes aside, WhiteQueen was very forthcoming. He’s a white hat, and I found him eager to share what he knows.
“Hypothetically speaking, if you lived next door to me, how long would it take you to get into my wi-fi network?” I asked him.
Surprisingly–at least it surprised me–if you use WPA2 with a strong password, you can make it take years. While I can’t keep him out indefinitely, it’s entirely possible to make it so difficult that anyone not specifically targeting me will just move on to someone else. And you can too.
Why should I care?
Perhaps you heard in the last couple of years about credit card information being leaked out of TJ Maxx and Marshalls store networks. A 29-year-old Cuban-American named Albert Gonzalez admitted to the theft and re-selling of 170 million credit card numbers from 2005-2007. He stole them off poorly secured wireless networks.
The September 2010 issue of Hakin9 magazine (hakin9.org) details the crime, and how it could have been prevented.
WhiteQueen pointed me to page 47, which showed a diagram of Gonzalez’ wardriving setup. All of the equipment is easily obtained, or fabricated using instructions that are readily available.
If your password is something like “popcorn,” he can break it in less than 45 minutes. Dictionaries containing a couple million possible weak passwords exist.
So, what’s a good password? He recommends something 14-25 characters long, mixed case, with a couple of numbers and special characters, not substituting numbers and symbols for vowels, l337-style. th!sIz@s3cur3p@ssw0rd! isn’t quite what it claims to be. Use a random password generator, he says. A Google search will turn up web pages that will generate them for you.
You don’t have to type that password all that often, he said, so the pain/security tradeoff isn’t all that high.
WPA2 vs. WPA vs. WEP
You can forget about WEP. There are enough vulnerabilities in WEP that he can break it in minutes. WEP is effectively like the lock on your screen door, only useful for keeping honest people out.
Consider this. There are free tools that run on Android that crack WEP. You can’t install it from Google’s app store–you have to root the phone–but anyone with a little determination can do it. It might take 30 minutes a typical Android phone from 2010 to break a WEP network, but 2011’s phones should be able to do it in about five, which is about how long it takes an Atom netbook, circa 2010, to do the job.
WPA is better, but it also has vulnerabilities. There are automated tools for breaking WPA too. For $17, WPA Cracker will attempt to break a WPA network, and on average, it takes 40 minutes. And it’s not the only option out there.
If you’re serious about keeping someone with his abilities out, use WPA2.
You can increase the security of your WPA or WPA2 network by hibernating or turning off your laptop when you’re not using it. Attacks against WPA require something with an active connection to be using it at the time.
Setting your SSID to not broadcast is an old security trick, but it doesn’t gain you much anymore.
He said you might as well broadcast your SSID. Wireless networks just work better if you broadcast it, and you don’t slow a hacker down very much by not broadcasting it. You just make the hacker stop and run a tool to look for hidden SSIDs. Not broadcasting the SSID hurts you a lot more than it hurts him, he said.
But don’t include easily identifiable information in your SSID. Keep your last name, house number, and street out of it. Personal information not only helps an attacker identify his target, but it also helps a hacker create a personalized dictionary to run against your network.
Pick something with no connection to you. The more meaningless, the better. The more bland, the better. Don’t make it something that identifies your network as belonging to you, and don’t make it something that makes it look like you’re hiding something interesting.
The best is just a plain old number (other than your house number), or random gibberish.
WhiteQueen said there are mainly two reasons a lowlife might want to get into a network. Either you have data he wants, or he wants to use your network to jump off and do something else. That could be jumping off to hack another network, effectively using you to cover his tracks. Or it could be downloading illegal stuff he doesn’t want to use his own network to download.
Preventing the second case is easy. If your network is harder to hack than your neighbors’, that guy will always pick the guy whose network is wide open, or the guy who never changed his password from the factory default, or the guy who’s still running WEP.
So, the simple advice of using WPA2 with a strong password protects you from that guy.
For extra protection against someone who specifically wants to get into your network to get at your data, he recommends a second router. Or turn off wi-fi completely.
Plug one modem into your router. Assign that router an address space of 10.something. You can set the password to something your laptop-toting houseguests won’t mind typing in, but of course, you want to balance enough strength into it so that passers-by jump on someone else’s network instead of abusing yours. Ten characters, mixed case, with one number and one special character would be reasonable.
Then, plug a second router’s WAN port (not one of its Ethernet ports) into a LAN port in the first router. Assign that router a 192.168 address space. Either turn off its wireless, or turn on WPA2 and assign a nice, strong password to it. Plug your desktop PCs, your NAS, and that kind of stuff into the second router.
For the security paranoid, the two routers should be different. Different revisions of the same model could be OK (such as an early, pre-v5 Linksys WRT54G or WRT54GL based on Linux and a later v5-v8 WRT54G based on VxWorks), but different models or different brands entirely is better. That way, if someone uses a vulnerability in one to get through, he still has to get through a second one to get to your network. Of course, don’t forget to change the default passwords on your routers.
Vulnerabilities in wireless routers do come up from time to time. http://www.cvedetails.com/ has a nice database of vulnerabilities, which you can search by vendor and product. Fortunately, vulnerabilities that crash the router are a lot more common than vulnerabilities that let someone come in and do something.
Fixing them is just a matter of downloading the latest firmware from the vendor and installing it.
Hackin9 adds another step: Lock down the router to allow a limited number of connections. If you have two computers, set the router to only allow two connections. Then hard-code the MAC address of those machines. The procedure to do this varies from router to router.
The moving target
It took about five years for a vulnerability to be found in the original WPA. And brute-force attacks–trying every possible password–are much more practical now than they were in years past. The typical $500 consumer PC of today is a supercomputer compared to anything that was available in 2001.
So far, there are no known vulnerabilities in WPA2, so in 2010 the only way in is to use brute force.
Here’s some good news: A dictionary suitable for cracking 8-character passwords using all 95 of the easily typable characters on the U.S. keyboard would require approximately 11.91 petabytes to store. The largest available hard drive in 2010 is 3 terabytes–an order of magnitude smaller–so it’s safe to say we’re still a few years away from being able to store that kind of information on the desktop.
A dictionary file suitable for hacking 14-character passwords goes consumes a mere 4 brontobytes. What’s a brontobyte? One brontobyte would hold approximately 1,000 copies of the World Wide Web, circa 2010, in its entirety.
This is a bit of an oversimplification, but in 1990, consumer hard drives were measured in megabytes. In 2000, they were measured in gigabytes, and today, in 2010, they’re measured in terabytes. We may be pushing 2020 before we get to petabytes. So it’s more likely that someone will discover a flaw in WPA2 before that’s practical to store. But that, too, will take time.
But don’t feel too secure. A hacker who wants in will throw every dictionary he has at you. And WhiteQueen said hackers tend to collect passwords as they discover them, and add them to their dictionaries. He said humans aren’t very good at being random, so when they find a password one human used, there’s a good chance another human will use it.
The second-best thing you can do is stack the odds in your favor. The best thing you can do is keep your wi-fi turned off.
What to look for in a router is a common question, and an important one. I’m glad to see people are taking security seriously. I visited that topic in 2004, but that was a long, long time ago. Things have changed somewhat in those six long years.
Of course, any router is better than having no router at all. And when you crack open the case, there’s not a lot of difference between them. But there are some things to look for.
Brand. Linksys, of course, is the brand most people know about. They’ve been making them the longest (the Linksys BEFSR41 wired router has been on the market in one form or another since 1999 or 2000), and they’ve been owned by Cisco, the biggest name in corporate networking, since 2003.
The other brands you’ll see in most stores that sell consumer electronics are Netgear and D-Link. Neither have the backing of a company like Cisco, but I haven’t seen much difference between the three. In a home environment, all three are likely to hold up. I’ve personally used all three in home environments with roughly equal success. All three made lemons in the 2001 and 2005 timeframes, but all consumer electronics from those two years is somewhat suspect so it’s not fair to single any of those companies out.
I trust Asus, but have no experience with their networking equipment.
Support-wise, any of those companies stop supporting their products after a time, and they’ll all send you to outsourced customer support in India.
It used to be that you wanted to buy your wireless network cards and router from the same company if you could. I found I had fewer issues that way. Interoperability works better now than it did then, fortunately.
I do favor brand names over whatever no-name stuff Dealextreme.com can ship you straight from Hong Kong this week. They have a reputation to uphold, after all. Whatever Dealextreme can sell could be an exact clone of a much costlier Linksys device. Or it could die on you after two weeks.
Customer ratings. It’s always a good idea to see what customers on Newegg and Amazon are saying about a product, regardless of where you plan to purchase it. If a thousand people give it their thumbs-up, that’s a good sign you’ll be happy with it too. If there are only a couple dozen ratings out there and most are negative, stay away from it.
Some of the people writing reviews on those sites are clueless, of course, but when I see a product with more than a hundred reviews and four stars (out of five) overall, that tells me it’s something worth looking at.
To me, that’s more important than my experience with a particular brand.
Third-party support. Ideally, you want any router you buy to be capable of running DD-WRT or Tomato. This gives you an out if and when the original maker stops supporting the product. DD-WRT and Tomato are both highly capable, free aftermarket firmware upgrades for routers that add lots of capability.
These days, some routers advertise DD-WRT compatibility, and even come from the factory with DD-WRT installed. There’s nothing at all wrong with that.
Installing either product voids your warranty if it didn’t come with it in the first place, so I suggest waiting until the warranty is up before upgrading to it. And if the factory firmware is working for you, I don’t blame you at all if you leave well enough alone. But compatibility with DD-WRT and especially Tomato gives you extra insurance, and increases the potential resale value of the product if you ever upgrade.
You can search DD-WRT’s database to verify compatibility in advance.
Antennas. It’s best to get a router with two or, better yet, three external antennas. One external antenna is the minimum you want. And you want the antenna(s) to be replaceable. Those specs won’t necessarily be on the box, so check the online reviews of anything you’re considering.
There are two reasons you want to be able to replace antennas. For one, they can break, and it’s a shame to throw away a piece of equipment when a $2 antenna breaks.
The other reason is to improve coverage. You may get lucky and be able to get coverage throughout your house right out of the box, but I’m 0 for 5 in that department, so you’ll have to be luckier than me. Chances are, no matter what you buy, you’ll be replacing antennas.
A box with internal antennas looks nicer, of course, but you don’t buy a router for looks. You buy it for functionality.
The higher dBi antenna the router comes with, the better. But I’d say your chances of needing to replace one or both antennas with aftermarket 5 or 8 dBi antennas is pretty good.
Don’t be too disappointed if you end up spending as much on antennas as you did on the router in the first place.
The other thing to keep in mind is that if you’re putting desktop PCs on your network, you can put your high-gain antennas on the computer rather than on the router, which improves security. If I put an 8 dBi antenna on my desktop computer, I haven’t increased the visibility of my network at all, but if I stick multiple 8 dBi antennas on my network, there’s a pretty good chance that I’ll have better signal in my yard (or my neighbor’s house) than I do in some parts of my own house. Wireless networking just seems to work that way.
But if you have one or more laptops, you probably don’t have any choice but to put big, heavy antennas on your router if you want to be able to use those laptops everywhere in your house.
While we’re talking about coverage, let’s talk repeaters. If you just can’t get wireless coverage everywhere, one option is to put repeaters on the edge of your coverage area to increase it. Dedicated repeaters are expensive and not necessarily easy to find, but this is where DD-WRT support comes in. Buy an inexpensive router that’s capable of running DD-WRT, and you can configure it to run as a repeater instead and save yourself a bundle.
You don’t have to use identical routers, but if I were starting from scratch, I would. That way if your main router fails, you have the option of raiding your repeater for, say, an AC adapter and keep limping along. In the unlikely event that your router drops dead at 10 PM and you’re facing an early morning deadline and all the stores are closed, it’s nice to have options.
802.11 what? Virtually anything on the market today will support 802.11b (11 megabits) and 802.11g (54 megabits). Newer and more expensive products support 802.11n (150 megabits and beyond).
In the United States in 2010, paying extra for 802.11n won’t make any difference in your Internet access speed. But in countries where you can get an Internet connection speed of 100 megabits or faster, you will want 802.11n.
But no matter where you live, 802.11n will make your local network faster. This can make a significant difference if you have networked printers and storage set up.
The other upside to 802.11n is that it operates in the 5 GHz space as opposed to the extremely overcrowded 2.4 GHz space, where cordless phones, microwaves, baby monitors, and a myriad of other consumer electronics can interfere.
But keep in mind that just because a device is rated at 150 megabits or 54 megabits, you probably won’t get full speed everywhere in your house. Interference will usually keep your network from hustling along at 100 percent.
Sometimes you’ll see a product offering “draft-n” support. These are pre-release versions of 802.11n. They’re supposed to be fully compatible with the fully official, blessed version of 802.11n. Given a choice between full 802.11n and draft-n, pick the released version.
Security. If you want wireless, make sure whatever router you buy supports at least WPA2. If it supports some kind of EAP, so much the better, but you may not find that on the box.
I mis-stated security in an earlier version of this. That really is a separate topic. I discussed, at length, hacking into wireless networks with someone who’s done it, and he gave me very candid answers when I asked, “If I lived next door to you, how could I keep you out of my network?” I’ll get that posted later this week or early next week. For now, it’s sufficient to enable WPA2 and use a password of a minimum of 14 characters, including upper and lowercase letters, at least one number and one special character.
AC adapter. This is something you may not think of. Make sure the AC adapter has a standard plug on it, and that its wattage, voltage and polarity specifications are written down on the router itself, the adapter, or better yet, both. The reason is that the AC adapter itself is much more likely to fail than the router itself is. When that happens, you want to be able to get a replacement at Radio Shack.
At most Radio Shack stores, they’ll let you bring the device in and try it out in the store with a replacement AC adapter to make sure it works. You’ll end up paying $15 or $17 for the adapter, but if your router stops working suddenly at 8 PM one night, you’ll probably be willing to pay that to get it working again in 30 minutes.
Frankly, I’d open the box in the parking lot to check the power adapter, and if it has anything other than a standard barrel connector on it, I’d march right back into the store to return it.
Used vs. New? Fundamentally, I have no problem with used equipment. I’ve been buying and using secondhand computer equipment for 20 years. And used equipment can have some advantages. Some revisions of popular routers are better than others, due to cost-cutting measures that the manufacturer might take in order to meet a price point.
And there certainly are legitimate reasons for selling their gear. Maybe they got a combo modem/router and don’t need their old router anymore. That was the reason I sold one of my Linksys WRT54Gs. Maybe they upgraded to higher speed. So don’t just assume that “used” is a euphemism for “broken” or “stolen.”
When buying used, I would want to know the revision of the hardware in order to check compatibility with DD-WRT or Tomato. Some versions of the popular Netgear WGR614 are compatible. Some aren’t and never will be. Others are stuck in “coming soon” limbo with no ETA. Sometimes you can get a used unit pre-configured with DD-WRT or Tomato on it. You may pay a little extra for the convenience, but if it’s worth it to you, go for it.
The other thing I would want to know is the approximate age of the unit. The reason for many, many broken routers is an epidemic of bad capacitors shipped in 2001 and 2005. I’m automatically wary of anything that was manufactured in those two years, although if you’re handy with a soldering iron you can replace them. So if someone offers you a broken router for a couple of bucks, it could be an opportunity for you.
I have a couple of nearly dead routers that I suspect are due to bad caps. They power up, but don’t function completely, and both date to 2005 or thereabouts. And, come to think of it, my original, wired-only Linksys router just mysteriously up and quit on me several years ago, and I’m pretty sure it was made in 2001. It, too, may have fallen victim to bad caps.
For hints on securing a router, look here.
I upgraded a Compaq Evo D51S today. This was also sold under the name D510, and may have also been sold under the HP or Hewlett Packard brand. It was intended to be a low-profile, relatively affordable business computer.
Upgrading it poses some challenges, but there are some things you can do with it.This one has a 2.0 GHz Celeron in it. It will support a 2.4 GHz P4 without any issues (and a lot of them were sold with that chip), but I think that’s as high as you can go with the CPU.
The 2.0 GHz Celeron that came in this system will bog down with a heavy Photoshop filter and I’m sure some of the things I do in Adobe Premiere would bring it to its knees at times, but if your primary use of the machine is word processing, spreadsheets, web browsing and e-mail, it’s plenty fast. I would max out the system RAM before I replaced the CPU.
You can forget about motherboard replacements in this machine. Everything about the motherboard inside is odd, to get everything to fit in a smaller case. Compaq used to be criticized (sometimes unfairly) for using proprietary motherboards, but this one’s definitely proprietary.
Inside, you’re limited to two DIMM slots. I pulled the memory and replaced it with a pair of PC2100 DDR 1 GB DIMMs, which is the maximum the system supports. According to Crucial, PC3200 memory is compatible. Of course if you’re buying new memory, it makes sense to buy the faster stuff, in case you ever want to put the memory in another system.
In late 2010, 2 GB of PC3200 RAM sells for about $90. That’s close to the price of the computer itself, but more memory is probably the best thing you can buy for one of these machines, especially if it came with 256 MB of RAM.
The onboard video is the Intel 845G integrated video. It was better than I expected, but it steals system memory and, at least theoretically, it reduces memory bandwidth. The AGP slot is oriented vertically, so there’s only room for a low-profile card. That limits your choices somewhat. I had a low-profile ATI card with an early Radeon chipset on it. It’s not the most exciting card in the world, and may not even be better than the integrated Intel video, but it freed up some system memory for me. For what I want to do with this system, it will be fine. I’m not sure that Sid Meier’s Railroads! will run on it, but Railroad Tycoon 3 will, and from what I understand that’s the better game anyway.
There are a number of low-profile AGP video cards on the market that would be a suitable upgrade for this machine. None of them are cutting edge, but there are a few that are DirectX 9-capable, and prices range from $20 to $40. The built-in video is adequate, and while my first impression of it was that it didn’t bog the system down nearly as badly as the integrated video in the P3 days did, I’m still not a big fan of it. I think adding a discrete video card is a good move.
The stock Seagate Barracuda 7200.7 is a pretty good performer. At 40 GB it’s relatively small, and it won’t keep up with a brand-new drive, but for a lot of uses it’s plenty fast. From what I understand it will support hard drives larger than 137 GB but you may have to mess with IDE modes in the BIOS to make it happen. The trick appears to be to set the BIOS to use bit shift instead of LBA. Additionally, you have to be running Windows 2000 SP4 or XP SP2 to see the full capacity of the drive. I don’t have a large drive to put in it, so I haven’t tested that.
There’s no room for a second drive in there, so if you want additional storage beyond what’s already there, it will have to be external. Or you can jettison the floppy drive, but then you’ll have a goofy-looking hole in the front of the computer. That’s the price you pay for a low-profile system.
The CD-ROM drive in my particular unit was pretty balky. I’m going to replace it with a CD-R/RW drive for the short term, and eventually (probably early next year) put a DVD burner in it. I’m primarily interested in putting home movies on DVD. For backup and data transfer, I pretty much use USB flash drives exclusively now. They’re a lot faster and more convenient than messing around with CD/DVD burning software. Any drive with an old-school 40-pin IDE connector will work.
Speaking of USB, the USB ports all seem to be USB 2.0, which is nice (installing software off a USB 2.0-based flash drive makes you want to swear off optical media forever), but the ports on the front are recessed far enough that only a standard cable or a very low-profile flash drive can plug into them. My SD reader would only plug into the back, which is inconvenient.
The system has two full-size PCI slots for expansion. I put an IEEE 1394 (Firewire) card in one of the slots, since I want to do some light video work with it. The other slot will probably get an 802.11b wireless card. If I needed that PCI slot for something else, I could plug in a USB adapter for wireless networking.
I used to be in the habit of buying the biggest case I could afford or find (they weren’t always the same thing), so a really low-profile desktop like this Evo 510 feels a little strange. But a lot of things are different now. I could put a 1 TB hard drive in this system if I needed an obscene amount of storage. USB ports eliminate the need for Zip or Jaz or Syquest drives and even, to a large extent, for CD or DVD burners. If it weren’t for my interest in video, I wouldn’t bother with a burner in this machine at all. And since sound and networking are built in, there’s no need for a lot of expansion slots. It would be nice to have three PCI slots instead of just two, but I would imagine a lot of people never even fill two.
As it is, this computer fits on a small desk, and if you put an LCD monitor on top of it, the combination will take less real estate than a 17-inch CRT monitor does.
There are a lot of these machines on the market now, either coming off lease or being replaced due to business upgrade policy. They’re cheap ($75-$150 depending on configuration) and I think they make an excellent home PC. They’re cheap, unobtrusive, and surprisingly expandable.
A decked-out 510 probably won’t run Vista all that well, but a lot of new PCs don’t run it very well either. I think a 510 running Windows XP or Linux can be a very useful computer for a good number of years.