The right thing to do is patch. But most exploits will assume that your router lives in the 192.168.0.x or 192.168.1.x space, whatever the factory default is. So you can get a degree of protection even against future vulnerabilities by moving your IP space somewhere else. Read more
Last year I bought my mother in law a D-Link router, an oddball DIR-615 revision E1 that was only sold at a few stores. It was supposed to be a Fry’s exclusive, but I bought hers at Micro Center. It worked for a while, then gave her trouble, so this year I was working with it again, and when I was setting it up, I noticed it had some security vulnerabilities–remote code execution, UPnP vulnerabilities, and who knows what else. So that got me some practice upgrading a D-Link DIR-615 to DD-WRT.
DD-WRT’s track record and attitude towards security research could be better, but I’d rather trust my mother in law to DD-WRT’s B+ security than D-Link’s F.
I see the advice going around, again, to disable the Windows firewall and rely on an external router, the justification being that it makes your computer “invisible.” It doesn’t. Only IPV6 can do that–and then, only if you don’t use it for anything.
The trouble with that advice is that there are botnets targeting routers. Routers are nothing special; they’re small computers running Linux on an ARM or MIPS CPU, typically outdated versions with old vulnerabilities that can be exploited by someone who knows what to look for. One example of this is the Aidra botnet. Typically Aidra is used to attack outside targets, but it’s not outside the realm of possibility for an infected router to turn on and attack the machines it’s supposed to protect. And if you’ve turned off your firewall, then you have no protection against that.
My mother in law didn’t have wifi set up, but she picked up a smart TV this year, so she asked me if I could help her with it. So I picked up a D-Link DIR-615 on sale, brought it with me and set up wi-fi securely (hints: set the SSID to whatever time it happens to be, disable WPS, disable WEP and WPA, and use WPA2 with a long password with some numbers and symbols in it) and once it seemed to be working right, I put her TV and laptop on it. Then, as other relatives trickled in, they asked me for the wireless key. Soon the air was full of Androids and Apples chattering away on wireless.
I’ve alluded in the past to why it’s a good idea to make a DMZ with two routers, but I’ve never gone into depth about how and necessarily why to do it.
If your ISP gave you a combination modem/switch/access point/router and it only supports 100 megabit wired and 54-megabit (802.11g) wireless and you want to upgrade to gigabit wired/150-meg (802.11n) wireless, here’s a great way to make the two devices work together and improve your security.
If you’ve been procrastinating about deploying 450-megabit (802.11n) wi-fi to your house, I have a reason for you to procrastinate a while longer: Gigabit wireless (802.11ac).
It’s only about twice as fast as its predecessor, which pales next to the 8x improvement 802.11n provided over 802.11g, but if you’re wanting to stream HD media through your house, you’ll notice the difference.
It was 1998. I was getting ready to network my two PCs, so I asked my friendly neighborhood networking professional what to buy. He didn’t hesitate. “Intel or 3Com,” he said. “Cheap NICs will talk, but they’ll start acting flaky after a while, dropping packets in the middle of transfers, stuff like that.”
I couldn’t afford 3Com or Intel at the time, so I bought a cheap “SOHOware” brand bundle that included two 10/100 NICs, a hub, and cables for around $150. A comparable first-tier setup would have run me twice that. The hub died after a couple of years. The cards fared better. “After a while” took 11 years or so to come, and I finally got sick enough of it to retire my last one.
A little over a week ago, WordPress started acting weird. First, it just got dog slow. Then my site stats page started freezing until I scrolled down and then back up again. Then I started seeing a WordPress.com logon screen on my site stats page. I had to look that account up. Thank goodness for Gmail. Then my Akismet spam filter quit working. Then my stats page stopped working entirely.
I lived with it for a couple of days. I figured maybe WordPress and Akismet had changed something. Or maybe my Linux distribution had. And maybe some update messed things up, and some other update would come along and fix it. No such luck. Read more
I revisit the topic of what to look for in a router every six or seven years. As important as it always was, I think it’s even more important today, as there are a number of underpowered routers on the market and it’s best to avoid them.
This post originated in 2010. I revised it for 2017 needs, and by the time I was done, I’m not sure much of my 2010 text was left. But that’s OK.