Linksys EA6200 DD-WRT installation

I picked up a couple of refurbished Linksys EA6200 routers this past weekend. For whatever reason, DD-WRT isn’t officially supported on them, though it does seem to be a popular DD-WRT router. A lot of people make the upgrade far more difficult than they need to. With some simple hacks, Linksys EA6200 DD-WRT installation is pretty straightforward.

I came up with an 18-step process that I simplified just as much as I could. Unlike some methods I’ve seen, I don’t have you editing any binary files or creating custom startup scripts.

Read more

When DD-WRT doesn’t work with Charter

I set up a DD-WRT router on Charter’s Spectrum broadband, and had a hard time getting it to work. It wouldn’t pull an IP address on the WAN side, or it would pull a 192.168 address rather than a Charter public address.

Here’s what I had to do to fix it.

Read more

How to find inexpensive routers to run DD-WRT

I’ve been using and recommending DD-WRT for years, but it’s getting harder to find inexpensive routers to run DD-WRT. Many inexpensive routers now use non-Broadcom chipsets that DD-WRT and other third-party firmware don’t support well, or at all.

But there’s still a way to get inexpensive, compatible routers that isn’t likely to change any time soon.

Read more

Kickin’ my wireless oldskool, WRT54G-style

I found a couple of old Linksys WRT54G routers and decided to load DD-WRT on them. The first one, an abandoned-by-Linksys WRT54GS model, gave me some trouble, which led me to buying a TP-Link unit to run DD-WRT on. The second unit, which was a vanilla WRT54G, still had firmware available on Linksys’ site, so the upgrade was somewhat straightforward–it went by the book, at least. I installed the latest Linksys firmware, then installed the DD-WRT mini build, then upgraded to the full build.

Linksys WRT54g obsolete
This Linksys WRT54G was one of the best pieces of computer hardware of its day. I can’t recommend it as a router anymore but it can still help you out as an access point.

After getting DD-WRT running on it, I configured it to behave as an access point on channel 6. I was surprised at how strong the signal was. Years ago, I ran a pair of WRT54G routers, and they struggled to cover the house. It’s possible that was due to age, or perhaps I was getting too much interference from my neighbors since we were probably all running our wireless on the default channel in those days because none of us knew better.

As for my WRT54GS, when I tried to upgrade it, I got a nice message stating, “Upgrade are failed!” Nice. Too bad it didn’t add “All your base are belong to us.” That’s when I learned you need to install the last Linksys upgrade first, then upgrade from that. So I downloaded that from some forum, tried flashing that, and received the same message. So I set it aside, figuring I bricked the unit. A few days later, after getting the WRT54G running, I fired up the GS, visited its configuration page, and… found DD-WRT running on it! Upgrade are failed? More like all your upgrade are belong to ME.

In all honesty, I probably got lucky. It’s always best to go by the book on things like this.

The WRT54G is limited, of course, to 802.11b and 802.11g (54 megabits max) but as a complement to a more modern router, it still has a few tricks left. If you have one laying around, it won’t cost anything aside from about 30 minutes’ worth of effort to load DD-WRT on it and see what it can still do for you.

And if you don’t happen to have one laying around, it’s not hard to find a used WRT54G. I find them at estate sales, garage sales, and rummage sales pretty frequently because a lot of people set them aside when they either buy newer, faster routers or their ISP forces them into an all-in-one unit. Don’t pay too much for it, because it’s aging technology, but I’d say they’re worth grabbing for $5 or less.

Two more questions about wireless security

I got two good questions last week, via Facebook, that I answered briefly in the comments, but are worth further exploration: Does it beef up wireless security to hide the SSID and only allow the MAC addresses of hardware you own?

Those are good questions. Smart questions. I like those kinds of questions.

Unfortunately, neither measure gets you a whole lot. Against a sophisticated attacker, that buys you minutes, compared to the security of a strong password, which buys you years. It’s like having a locked screen door in front of the vault door at Fort Knox. (Assuming you’re using a strong password–if you’re using a weak password and these measures, it’s like having multiple locked screen doors.)

Then again, not everyone is a sophisticated attacker.
Read more

Disabling WPS by upgrading to DD-WRT

Tom Gatermann told me he succeeded in disabling WPS by upgrading his Linksys router–I didn’t ask what model and probably shouldn’t post that anyway–with DD-WRT.

Explicitly disabling WPS in DD-WRT is unnecessary because DD-WRT doesn’t implement WPS at all–which is a good thing. There’s no setting to look for, it’s just automatic.

Read more

Balancing safety and versatility

John C Dvorak has a very simple solution to the HP printing problem. Lock down the firmware so it’s not upgradeable. And while we’re at it, do the same thing to routers and other equipment.

This solves the problem of loading rogue firmware on the devices, but there are several problems with such a draconian approach.
Read more

How to make a DMZ with two routers

I’ve alluded in the past to why it’s a good idea to make a DMZ with two routers, but I’ve never gone into depth about how and necessarily why to do it.

If your ISP gave you a combination modem/switch/access point/router and it only supports 100 megabit wired and 54-megabit (802.11g) wireless and you want to upgrade to gigabit wired/150-meg (802.11n) wireless, here’s a great way to make the two devices work together and improve your security.

Read more

How to power your computer up from away from home

The low-tier, DIY VPN has proven popular. The biggest drawback with its approach has been that it requires you to keep a PC on at home. But if your computer is configured to hibernate after a period of inactivity, or if the power goes out, you’ll have a problem.

If you’re willing to do some work, you can use Wake-on-LAN over any Internet connection to solve that issue and power on the computer at will.
Read more

How to secure your wi-fi router

It’s not enough to know what to look for in a router. I wanted to get some solid advice on wi-fi network security. Who better to give that advice than someone who built an airplane that hacks wi-fi? So I talked to WhiteQueen at http://rabbit-hole.org, the co-builder of a wi-fi hacking airplane that made waves at Defcon.

Hacker stereotypes aside, WhiteQueen was very forthcoming. He’s a white hat, and I found him eager to share what he knows.

“Hypothetically speaking, if you lived next door to me, how long would it take you to get into my wi-fi network?” I asked him.

Surprisingly–at least it surprised me–if you use WPA2 with a strong password, you can make it take years. While I can’t keep him out indefinitely, it’s entirely possible to make it so difficult that anyone not specifically targeting me will just move on to someone else. And you can too.

Why should I care?

Perhaps you heard in the last couple of years about credit card information being leaked out of TJ Maxx and Marshalls store networks. A 29-year-old Cuban-American named Albert Gonzalez admitted to the theft and re-selling of 170 million credit card numbers from 2005-2007. He stole them off poorly secured wireless networks.

The September 2010 issue of Hakin9 magazine (hakin9.org) details the crime, and how it could have been prevented.

WhiteQueen pointed me to page 47, which showed a diagram of Gonzalez’ wardriving setup. All of the equipment is easily obtained, or fabricated using instructions that are readily available.

Passwords

If your password is something like “popcorn,” he can break it in less than 45 minutes. Dictionaries containing a couple million possible weak passwords exist.

So, what’s a good password? He recommends something 14-25 characters long, mixed case, with a couple of numbers and special characters, not substituting numbers and symbols for vowels, l337-style. th!sIz@s3cur3p@ssw0rd! isn’t quite what it claims to be. Use a random password generator, he says. A Google search will turn up web pages that will generate them for you.

You don’t have to type that password all that often, he said, so the pain/security tradeoff isn’t all that high.

WPA2 vs. WPA vs. WEP

You can forget about WEP. There are enough vulnerabilities in WEP that he can break it in minutes. WEP is effectively like the lock on your screen door, only useful for keeping honest people out.

Consider this. There are free tools that run on Android that crack WEP. You can’t install it from Google’s app store–you have to root the phone–but anyone with a little determination can do it. It might take 30 minutes a typical Android phone from 2010 to break a WEP network, but 2011’s phones should be able to do it in about five, which is about how long it takes an Atom netbook, circa 2010, to do the job.

WPA is better, but it also has vulnerabilities. There are automated tools for breaking WPA too. For $17, WPA Cracker will attempt to break a WPA network, and on average, it takes 40 minutes. And it’s not the only option out there.

If you’re serious about keeping someone with his abilities out, use WPA2.

You can increase the security of your WPA or WPA2 network by hibernating or turning off your laptop when you’re not using it. Attacks against WPA require something with an active connection to be using it at the time.

SSID

Setting your SSID to not broadcast is an old security trick, but it doesn’t gain you much anymore.

He said you might as well broadcast your SSID. Wireless networks just work better if you broadcast it, and you don’t slow a hacker down very much by not broadcasting it. You just make the hacker stop and run a tool to look for hidden SSIDs. Not broadcasting the SSID hurts you a lot more than it hurts him, he said.

But don’t include easily identifiable information in your SSID. Keep your last name, house number, and street out of it. Personal information not only helps an attacker identify his target, but it also helps a hacker create a personalized dictionary to run against your network.

Pick something with no connection to you. The more meaningless, the better. The more bland, the better. Don’t make it something that identifies your network as belonging to you, and don’t make it something that makes it look like you’re hiding something interesting.

The best is just a plain old number (other than your house number), or random gibberish.

WhiteQueen said there are mainly two reasons a lowlife might want to get into a network. Either you have data he wants, or he wants to use your network to jump off and do something else. That could be jumping off to hack another network, effectively using you to cover his tracks. Or it could be downloading illegal stuff he doesn’t want to use his own network to download.

Preventing the second case is easy. If your network is harder to hack than your neighbors’, that guy will always pick the guy whose network is wide open, or the guy who never changed his password from the factory default, or the guy who’s still running WEP.

So, the simple advice of using WPA2 with a strong password protects you from that guy.

For extra protection against someone who specifically wants to get into your network to get at your data, he recommends a second router. Or turn off wi-fi completely.

Plug one modem into your router. Assign that router an address space of 10.something. You can set the password to something your laptop-toting houseguests won’t mind typing in, but of course, you want to balance enough strength into it so that passers-by jump on someone else’s network instead of abusing yours. Ten characters, mixed case, with one number and one special character would be reasonable.

Then, plug a second router’s WAN port (not one of its Ethernet ports) into a LAN port in the first router. Assign that router a 192.168 address space. Either turn off its wireless, or turn on WPA2 and assign a nice, strong password to it. Plug your desktop PCs, your NAS, and that kind of stuff into the second router.

For the security paranoid, the two routers should be different. Different revisions of the same model could be OK (such as an early, pre-v5 Linksys WRT54G or WRT54GL based on Linux and a later v5-v8 WRT54G based on VxWorks), but different models or different brands entirely is better. That way, if someone uses a vulnerability in one to get through, he still has to get through a second one to get to your network. Of course, don’t forget to change the default passwords on your routers.

Vulnerabilities in wireless routers do come up from time to time. http://www.cvedetails.com/ has a nice database of vulnerabilities, which you can search by vendor and product. Fortunately, vulnerabilities that crash the router are a lot more common than vulnerabilities that let someone come in and do something.

Fixing them is just a matter of downloading the latest firmware from the vendor and installing it.

Hackin9 adds another step: Lock down the router to allow a limited number of connections. If you have two computers, set the router to only allow two connections. Then hard-code the MAC address of those machines. The procedure to do this varies from router to router.

The moving target

It took about five years for a vulnerability to be found in the original WPA. And brute-force attacks–trying every possible password–are much more practical now than they were in years past. The typical $500 consumer PC of today is a supercomputer compared to anything that was available in 2001.

So far, there are no known vulnerabilities in WPA2, so in 2010 the only way in is to use brute force.

Here’s some good news: A dictionary suitable for cracking 8-character passwords using all 95 of the easily typable characters on the U.S. keyboard would require approximately 11.91 petabytes to store. The largest available hard drive in 2010 is 3 terabytes–an order of magnitude smaller–so it’s safe to say we’re still a few years away from being able to store that kind of information on the desktop.

A dictionary file suitable for hacking 14-character passwords goes consumes a mere 4 brontobytes. What’s a brontobyte? One brontobyte would hold approximately 1,000 copies of the World Wide Web, circa 2010, in its entirety.

This is a bit of an oversimplification, but in 1990, consumer hard drives were measured in megabytes. In 2000, they were measured in gigabytes, and today, in 2010, they’re measured in terabytes. We may be pushing 2020 before we get to petabytes. So it’s more likely that someone will discover a flaw in WPA2 before that’s practical to store. But that, too, will take time.

But don’t feel too secure. A hacker who wants in will throw every dictionary he has at you. And WhiteQueen said hackers tend to collect passwords as they discover them, and add them to their dictionaries. He said humans aren’t very good at being random, so when they find a password one human used, there’s a good chance another human will use it.

The second-best thing you can do is stack the odds in your favor. The best thing you can do is keep your wi-fi turned off.