I picked up a couple of refurbished Linksys EA6200 routers this past weekend. For whatever reason, DD-WRT isn’t officially supported on them, though it does seem to be a popular DD-WRT router. A lot of people make the upgrade far more difficult than they need to. With some simple hacks, Linksys EA6200 DD-WRT installation is pretty straightforward.
I came up with an 18-step process that I simplified just as much as I could. Unlike some methods I’ve seen, I don’t have you editing any binary files or creating custom startup scripts.
I’ve talked before about the infamous Jeep hack, but there’s more to learn from it than just that cars are vulnerable. The way Charlie Miller and Chris Valasek hacked the Jeep has implications for any computer network.
I’ve been using and recommending DD-WRT for years, but it’s getting harder to find inexpensive routers to run DD-WRT. Many inexpensive routers now use non-Broadcom chipsets that DD-WRT and other third-party firmware don’t support well, or at all.
But there’s still a way to get inexpensive, compatible routers that isn’t likely to change any time soon.
The TP-Link TD-8616 is a low-priced, acceptable replacement for whatever DSL modem your ISP issued you. As such, it’s less exciting than a can opener, but a DSL modem is one of those things that you shouldn’t ever think about. Just like your can opener, the only time you’re likely to have any opinion at all about your DSL modem is when it’s not doing its job well. This is my review of the TD-8616.
The TD-8616 is just a modem, but then you can pair it with a router with whatever capabilities you want, including the ability to run third-party firmware on it, which I recommend of course. Might I suggest a TL-WR841n running DD-WRT?
In 2003, Dan Geer called the combination of Microsoft’s market dominance and the flimsy security of its products a threat to national security.
Today, he’s calling the security holes in consumer routers a threat to critical infrastructure.
These two things are related in more ways than being utterances from the same person. These routers were designed to protect flimsy PCs from the horrors lurking on the Internet. In 2003, they were arguably adequate. But since 2003, Microsoft operating systems have improved dramatically from a security standpoint while routers have stood still. Many of them are still running on the same outdated Linux kernels and userspaces, just on newer, faster hardware. These routers are now less secure than the computers they are supposed to protect. This isn’t a knock on Linux; Linux has improved in the last 11 years too, but router makers generally haven’t incorporated those improvements. So these routers are easy to attack, easy to use to build botnets, and the user will never be the wiser since they keep the devices until they break. The only good news here is that many of them break after a year or two, and that’s supposed to be bad news.
I spent some time over the weekend playing with Pfsense, and I can’t say much about it other than it does what it says. I didn’t throw a ton of hardware at it–the best motherboard I have laying around is a late P4-era Celeron board, and the best network card I could find was, believe it or not, an ancient Netgear 10/100 card with the late, lamented DEC Tulip chipset on it. Great card for its time, but, yeah, nice 100-megabit throughput, hipster.
If you actually configure your routers rather than just plugging them in, you can do this. Plug in a couple of network cards, plug in a hard drive that you don’t mind getting overwritten, download Pfsense, write the image file to a USB stick, boot off the USB stick, and follow the prompts. Then, to add wireless, plug in a well-supported card like a TP-Link and follow the howto. Read more