David L. Farquhar, computer security professional, train hobbyist, and landlord
I had a DD-WRT router that was dropping a lot of packets. I got a lot of errors and that caused poor playback in Netflix and especially MLB.tv. It wasn’t a bandwidth issue. My wireless network connection was just too noisy. I had to adjust my DD-WRT TX power to fix it.
I probably adjusted it the opposite way you would expect. Read more
If you want a nice router or access point, you can do a lot worse than upgrading a TP-Link TL-WR841N to DD-WRT. The TL-WR841N is inexpensive and reliable, and DD-WRT runs well on it once you get the right build.
You can configure it to be a router, an access point, or a repeater, based on what you need. It usually costs $25 and sometimes you can find one on sale for $20 or even $15, so it’s a huge bargain. Even if you want 802.11ac speeds, a TL-WR841N makes a fantastic secondary access point to improve your connectivity.
Let’s get on with the upgrade. In the case of the TP-Link TL-WR841N (or TL-WR841ND, which uses the same build), it’s really easy–10 steps. Read more
Ars Technica dropped this bombshell toward the end of the day yesterday: A backdoor in Linksys and Netgear (and possibly other) routers. The exploit works on a weird port, so it’s not remotely exploitable, nor is someone going to drop it with some crafty Javascript like the recent D-Link backdoor, but it’s not out of the question at all for malware to do a pivot attack. Here’s how it would work: Once a computer is infected, it could attack the router and infect it too, so that once someone disinfects their computer, the router could re-infect the computer at a later date. A router is a great place to hide, because nobody looks at it, and they have ample storage on them to exploit..
What can you do about it? Read more
Last year I bought my mother in law a D-Link router, an oddball DIR-615 revision E1 that was only sold at a few stores. It was supposed to be a Fry’s exclusive, but I bought hers at Micro Center. It worked for a while, then gave her trouble, so this year I was working with it again, and when I was setting it up, I noticed it had some security vulnerabilities–remote code execution, UPnP vulnerabilities, and who knows what else. So that got me some practice upgrading a D-Link DIR-615 to DD-WRT.
DD-WRT’s track record and attitude towards security research could be better, but I’d rather trust my mother in law to DD-WRT’s B+ security than D-Link’s F.
I warned a few days ago about Linksys routers being trivially easy to hack; unfortunately many other popular routers have security vulnerabilities too.
The experts cited in the article have a few recommendations, which I will repeat and elaborate on. Read more
If the vulnerability in WPS that I linked and talked about this week wasn’t bad enough, some of the commenters at the always excellent Hackaday found something terrible.
Many vendors use a predictable number as the WPS PIN, and don’t even bother to make it unique on a router-by-router basis. So much for it taking a couple of hours to get into a network. Since some vendors set the PIN to something like 123456789 or 123456780 (how clever), the vulnerability may not even be necessary to get in. Just try some of the known numbers, and chances are you can be on somebody’s network in a matter of minutes.
The low-tier, DIY VPN has proven popular. The biggest drawback with its approach has been that it requires you to keep a PC on at home. But if your computer is configured to hibernate after a period of inactivity, or if the power goes out, you’ll have a problem.
If you’re willing to do some work, you can use Wake-on-LAN over any Internet connection to solve that issue and power on the computer at will.
Read more
I revisit the topic of what to look for in a router every six or seven years. As important as it always was, I think it’s even more important today, as there are a number of underpowered routers on the market and it’s best to avoid them.
This post originated in 2010. I revised it for 2017 needs, and by the time I was done, I’m not sure much of my 2010 text was left. But that’s OK.