Why it’s a good idea to schedule your router to reboot

Many routers, notably Belkins, have a feature in them to schedule an automatic reboot periodically, usually once a week. Frequently this “feature” is there as a workaround, because something about the router’s software gets unreliable if it’s been running longer than a week. So it’s a kludge, but it keeps the thing working without a lot of effort, so the feature is there.

The respectably rock-solid DD-WRT also has the ability to schedule a reboot built in. I don’t know if it’s there to make life easier for developers, or if it’s there to deal with second-rate hardware, or if there was a time when it was necessary and they just never took the feature back out. Regardless, it’s there, though many DD-WRT stalwarts brag about never needing it because their router’s uptime is more than six years.

It’s fun to get into uptime contests, but it’s poor security. If you have a router, it’s a good idea to be rebooting it every so often, so you might as well turn on that feature, even if it costs you some pride.I was talking with the CISO of the company where I work, and one of us brought up the subject of uptime. We both administered some boxes in the late 90s that had ludicrously long uptimes–years–and at the time we were really proud of it.

He chuckled, nodded, and said, “Boy, we practiced some bad security in the ’90s.” Then he changed the subject.

It was bad then, but it’s worse now. Today it’s common for malware to never write itself to disk, and just live forever in memory. This evades detection, and now that systems are stable enough that they would run for years without a reboot except for those pesky monthly or quarterly security updates that force a reboot, it’s perfectly safe for malware to live exclusively in memory. It can live a long life, doing what it wants to do, and you compensate for reboots by reinfecting the host later.

Router malware almost exclusively lives this way, because there’s no directly writable storage on consumer routers. And since nobody reboots them or pays attention to them, the malware can survive as long as the power does, if it happens to land on a reasonably stable router.

So periodic reboots are a good thing. Maybe you slip up and you get infected, but if you’re rebooting once a month or once a week, you’ll only stay infected that long. If you don’t slip up again, you’re fine indefinitely.

I configured my mother in law’s router to reboot once a week. It’s running DD-WRT, so I know it can probably survive the 11 months that pass between times I lay hands on it, but scheduling the reboot seemed like a good idea, just in case a sub-par memory chip made it in to that router or something. And besides that, it’s a good security measure.

And, speaking of hardware, let’s talk about that for a minute before calling it a day. There’s an enormous amount of price pressure on these consumer routers. So when they get built, they get the cheapest flash memory and RAM available on that given day. They don’t design with a particular manufacturer in mind. Some days the stuff they’re getting may not be all that great, but that’s the price they have to pay to hit the price point they’re trying to hit. Because let’s face it, it’s only the high-end dual-core, dual-band, gigabit b/g/n/ac combo router/switch/NAS/print server devices that they really make a significant amount of profit on.

So if you’ve always had good luck with one particular brand of router but the last one you bought from them crashes a lot, that’s probably why. You can try loading aftermarket firmware on it to see if it’s a software problem, but sometimes you just get subpar hardware. And it can happen just about as easily with any brand. But if you are in the market for a new router, here’s what I look for.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux