News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • How old is your router?

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog How old is your router?

    Viewing 21 reply threads
    • Author
      Posts
      • #2315283
        Susan Bradley
        Manager

        I saw a recommendation yesterday that you should review your router and if it was older than two years, consider replacing it. I think that’s a bit ex
        [See the full post at: How old is your router?]

        Susan Bradley Patch Lady

        9 users thanked author for this post.
      • #2315307
        anonymous
        Guest

        I see no option on mine even mentioning anything resembling updating. I’m forced to assume it’s automatic and I have no say in any of it. Lovely.

        • #2315309
          HiFlyer
          AskWoody Plus

          Check it out on the maker’s website?

          • #2315314
            Microfix
            AskWoody MVP

            Sometimes there are no settings within ISP provided router interfaces to check, as well as having branded things to the ISP and not the OEM. Hence, a user is at the mercy of the ISP and their update cadence.(whether it be security astute or not)


            No problem can be solved from the same level of consciousness that created IT- AE
            4 users thanked author for this post.
      • #2315311
        Kathy Stevens
        AskWoody Lounger

        We just lost an ASUS AC3100 RT-AC88U that was just under two years old and still covered under its warranty.

        Don’t know if it just gave up the ghost or got hit with a power surge.

        We have also recently lost a modem and the C drive on one of our workstations.

        All were fed through a Cyber Power 685AVR battery backup and backup power provide by a generator.

      • #2315312
        Seff
        AskWoody Plus

        A lot of the security concerns seem to relate to WiFi – would that be a fair comment given that some users, myself included, do disable WiFi and only use a router to make wired connections from the modem to multiple PCs?

        2 users thanked author for this post.
        • #2315391
          Paul T
          AskWoody MVP

          A lot of the security concerns seem to relate to WiFi

          The only issue with WiFi is the KRACK attack, and that needs updates to all WiFi devices, not just your router.

          Router issues are separate and can allow your network to be attacked from the internet, without any local access required.
          To check your basic router security you should check ALL ports using the GRC ShieldsUP! port scanner.

          cheers, Paul

          2 users thanked author for this post.
          • #2315524
            ve2mrx
            AskWoody Plus

            AFAIK, GRC scanner checks for open ports, not software vulnerabilities!

            For vulnerability scanning, better use something like Nessus. Scan from the inside AND outside for a good picture.

            Martin

            • #2315616
              Paul T
              AskWoody MVP

              I did say “basic security”.
              If none of the router ports are open it is extremely difficult to find software vulnerabilities from the internet, so hackers will move onto easier targets.

              Due diligence is all you can do from a normal user perspective.

              cheers, Paul

      • #2315324
        Sinclair
        AskWoody Lounger

        For years and years routers have been getting amazing custom firwares by many very talented people mostly for free.

        You need to have a router with the right chipset offcourse. One that that firmware makes use off. When you make use of this then the age of your router from a safety standpoint becomes meaningless. Often such firmwares add extra abilities that where not even there when you bought your router.

        The list of custom firmwares is way to long to list here but some famous ones are:

        dd-wrt, tomato, merlin, etc.

        For my own router an Asus RT-N66U like 10 years old! I use a Fork of Merlin:

        [Fork] Asuswrt-Merlin 374 LTS release 45EC

        Buying a router model today that is not supported by homebrew in some way is a crime against the environment! Not to mention your wallet. Buying a second hand router to then flash with a custom firmware is a great money saver. Such a router provides a secure connection to the internet for many years.

        W7 x64 Pro&Home

        2 users thanked author for this post.
        • #2315409
          access-mdb
          AskWoody MVP

          Am I doing something wrong as when I click on the Shields up link I just get a message saying Browser reload suppressed and to just go back with the browsers back button? This on FF, Chrome and Edge.

          • #2315412
            Sinclair
            AskWoody Lounger

            I think you ment that reply for Paul T.

            The GRC site uses a dynamic link for the Shields Up page that is different and unik to every user.

            Try navigating to the GRC main page then follow the links to the Shields Up page.

            W7 x64 Pro&Home

            1 user thanked author for this post.
      • #2315325
        pHROZEN gHOST
        AskWoody Lounger

        Great marketing ploy. Replace your computer, car, house etc too.

        Update the firmware. Don’t contribute to the people behind that comment.

        Byte me!

        2 users thanked author for this post.
      • #2315328
        wdburt1
        AskWoody Plus

        Michael Horowitz’s web site is excellent, and I have purchased and am using the router he recommended.  His emphasis on putting the user in control and addressing vulnerabilities in practical ways was just what I was looking for.

        3 users thanked author for this post.
      • #2315335
        R
        AskWoody Lounger

        Replacing a router so often is useless. ONLY then when your manufacturer never brings out updates. Often the el cheapo routers are affected. One of the advantages of most routers is that they are easily maintained and kept safe by new firmware. The jumps forward in speed are not worth mentioning anymore, especially not wired connections. Wireless: if you have AC, you’re good to go for years to come.

      • #2315337
        CADesertRat
        AskWoody Plus

        My router is ooooold, 2006/2007 era with last firmware update in 2008. I have WPA2 set and I’m away from any population in the desert. The speeds I get are not worth updating the router since it still works great.

        I have thought about getting a new router but it seems like they all want to go through the “Cloud” which I do not want to do. There is no 5 GHZ out here so that would be a waste also since they all seem to come with that now.

        Don't take yourself so seriously, no one else does 🙂
        4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

        • #2315390
          Ascaris
          AskWoody_MVP

          My router is ooooold, 2006/2007 era with last firmware update in 2008. I have WPA2 set and I’m away from any population in the desert.

          I’m not suggesting anyone throw away their old routers (I loathe planned obsolescence), but it’s not necessarily about the wireless connection. It is possible that there may have been vulnerabilities in the wifi stack in the router’s operating system that could expose it to wireless attackers if they’re within range, but that’s not the only potential threat. If you connect the router to the internet (and it is not behind another router or gateway), any vulnerabilities to unsolicited packets from the WAN (internet) are coming directly to the router, and that can still present a risk. That’s the kind of vulnerability that the recommendations are really trying to address.

          I have thought about getting a new router but it seems like they all want to go through the “Cloud” which I do not want to do.

          You can turn that off and do it all locally. My new router (Linksys) has that ridiculous cloud feature, but it is off by default, and until you create a Linksys account and link it to the router and the device you want to use to control it, it will remain off. I can’t imagine why I would want to control the router settings from a smartphone when I am not at home, aside from some highly unlikely hypotheticals where I may have left the router in an insecure state but forgotten about it, only to remember it when I am out and not able to get back home right away to secure it. Other than that, I am only concerned that my router is working properly when I am at home using my home LAN. When I am out, I’m not home, so not being able to use my home network isn’t a concern until I am home.

          It’s a marketing gimmick, as far as I can tell. It’s got to have an “app” and the word “cloud” in its description for maximum coolness value. In practical terms, anything I could do with the app, I can do locally in the conventional way from within the network itself.

          There is no 5 GHZ out here so that would be a waste also since they all seem to come with that now.

          The 5 GHz connection is used to connect the router and the client devices, just like the 2.4 GHz band you’re presumably using now, so you can use 5 GHz anywhere there is electricity to power the router (you don’t need internet service to have a wireless LAN connection). All you need is a router or WAP that can use 5 GHz and a client device that can also use it, as pretty much all new laptops, tablets, and smartphones can. If not, laptops can usually have a new wifi card installed to give them new capabilities, which I have done with several laptops in the past, including the G3 (now two years old) that I am using now to write this. The notable exceptions are HP laptops manufactured more than a few years old and Lenovo laptops, which will reject unapproved wifi cards and refuse to boot.

          My router from 2008 or so (no longer in service) is dual-band, and I have been using the 5 GHz band since I bought it new with my 2008 Core 2 Duo laptop, which came with a dual-band wifi card (an Intel 4965AGN).

          Those are wireless-N devices, which could connect at bit rates up to 300 Mbps, good for up to about 25 megabytes per second transfer. That’s well above my 40 Mbps internet speed, but I also use the wireless connection to transfer files and perform backups over my LAN.

          The most common current type of dual-band routers or wifi cards is wireless-AC, which is what my Linksys router (which I got for 25 dollars some months ago) and my laptops use. It connects at 866 Mbit/s, good for up to about 70 megabytes a second. It’s not quite as fast as my wired ethernet (gigabit, up to about 115 megabytes a second), but it’s good enough that I often don’t bother to connect the cable to back up the laptops to the backup server.

           

          Group "L" (KDE Neon Linux 5.20.5 User Edition)

          3 users thanked author for this post.
          • #2315485
            Susan Bradley
            Manager

            Keep in mind that more and more people are moving to a household with no traditional computers.  The entire house is full of ipads and android tablets and -zero- traditional networking devices.  So this move to the app is needed because for many households there is no way to get to a traditional networking device.

            Susan Bradley Patch Lady

            • #2315505
              Ascaris
              AskWoody_MVP

              None of those devices has a web browser?

              Group "L" (KDE Neon Linux 5.20.5 User Edition)

            • #2315519
              Ascaris
              AskWoody_MVP

              None of those devices has a web browser?

              Not meant to sound snarky, if it came off that way, btw.

              Group "L" (KDE Neon Linux 5.20.5 User Edition)

          • #2316229
            anonymous
            Guest

            Same here 🙂 Some old netgear wpn824 2007 that was free from isp but its behind ics on win10 for a couple of mobile phones.

        • #2315526
          ve2mrx
          AskWoody Plus

          I think you might be confusing the 5G (5th generation) wireless phone technology with Wi-Fi that’s using the 5GHz radio frequencies. Absolutely not related.

          As for firmware updates (or keeping up-to-date anything touching Internet!), if it hasn’t been updated in 18 months, it’s probably vulnerable.

          Martin

      • #2315359
        Nathan Parker
        AskWoody_MVP

        My router was manufactured more than three years ago, but it was replaced earlier in the year due to a hardware failure. My router and WAP are separate since I need the WAP installed in a different area of my home to get a solid Wi-Fi signal everywhere (tried mesh networking, and even it was flakey due to my wall insulation). My WAP is less than a year old.

        I’m “set” because I’m using all Cisco Business grade gear for the router and WAP. Both have active service contracts I keep renewed, and both are set to automatic firmware updates, so they usually receive firmware updates shortly after a firmware update is released.

        I recently also signed up for a branch license to Cisco Umbrella that’s installed on the router, and it’s already protecting my network from malware.

        Nathan Parker

      • #2315360

        Very interesting read, as Networking is one of the “Terra Incognito” areas on my IT map. (A little bit known, some signs saying “Here there be dragons,” lots of white areas etc.) Everything checked out pretty well on the GRC and other sites mentioned.

        Only problem is, I have a Sagemcom Fast 5260 which I rent from my ISP; this has advantages and disadvantages:

        Disadvantages:

        1. It nicks me for $7 a month; (I wasn’t planning on having to stay here later than February/March when the Pandemic hit, so much for that.)

        2. It’s made by Sagemcon; they have horrible reviews.

        3. For some reason, when you try and re-name the connection, it totally freaks out and can’t even find the computer. As I have had just about enough of offshore support’s bad phone connections and broken English (sometimes together), I just let the *&^% thing advertise it’s own SSID.

        4. The ISP never tells you WHEN they do this or WHAT is being updated. (I guess the average person couldn’t make heads or tails of it anyway.) Having a connection issue I can’t troubleshoot right now, this is a real pain; for all I know, it could be due to some firmware update they slipped in. (Yes, I have tried the Networking forum here; no joy.)

        Advantage (one, but significant):

        1. It belongs to my ISP, and force-feeding it firmware updates is THEIR problem. (Oh, they swear they do this regularly.)

        As to turning it off when not in use, well, it’s in use at all hours of the day and night here, so it just would be more of a pain than anything, IMHO.

        Inasmuch as I am entitled to have an opinion of this, I take a teeny-tiny but of an issue with Steve Gibson’s attitude on Ping!; He seems to think it’s horrendous, but a lot of things break when you disable it, as I have found. A lot of info out there suggests that this is no longer the horror it once was as a vulnerability to hacking. My router is set to “low ping” (there’s Low, Medium and High settings. I don’t know the technical difference, but mine is set by default to “Low”.)

        I always owned my own router/gateway, and had a fellow from my old PC group who was excellent at Networking set it up for me; it was a Linksys DD-WRT with Linux firmware, and seemed to be pretty good save for it’s broadcast signal strength.

        Unfortunately, as I move around a bit, we lost touch, and I’m pretty much on my own with this stuff. Articles and sites like those indicated really help! Thanks!

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
        --
        "A committee is the only known form of life that can have least four legs and no brain."

        -Robert Heinlein

        1 user thanked author for this post.
        • #2315393
          Paul T
          AskWoody MVP

          It belongs to my ISP, and force-feeding it firmware updates is THEIR problem.

          Except when their lack of updates allows hackers onto your network.
          You should check the basics yourself.

          cheers, Paul

          3 users thanked author for this post.
          • #2315531

            True. It comes down to “Who do you trust?”

            The ISP  is Charter/Spectrum, so one would THINK a large outfit would want to protect themselves against Liability lawsuits* and do it right….but you have a point. I’ll add it to my list of “the 1000 things”.

            *OTOH, I’ll bet there’s something in the T&C that exonerates them from hackers, along with fire, “Inherent Vice”, etc…I’ll have a look at that too. :/

            Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
            --
            "A committee is the only known form of life that can have least four legs and no brain."

            -Robert Heinlein

          • #2315569

            According to a Reddit thread, there are no firmware updates available, and this is an ISP-only model.

            However, it checked out as secure on two test sites, and Routercheck.com says “There are no security issues for this router.” 🙂

            I think I have done my “due diligence”.

            Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
            --
            "A committee is the only known form of life that can have least four legs and no brain."

            -Robert Heinlein

            • #2315675
              ve2mrx
              AskWoody Plus

              Firmware for ISP-provided devices is usually installed remotely by the ISP when they see a need for it. If it causes service issues, increases support calls or causes bad publicity, chances are it will get fixed.

              I once ran a Nessus scan on my provider’s Sagemcom all-in-one DSL/fiber router and the report was appalling. It took a while to get in contact with the right people and report the issue list to them. I had tried normal tech support but got no return on that. I had to go to management to get a reply.

              I explained to them the severity of the vulnerabilities (worst was a remote ssh port open to Internet running on a years-old easily exploitable version of the software) and the risk it posed to their users and the resulting negative publicity it would generate. I then cited news articles on other ISP devices with vulnerabilities so they can read about the possible consequences.

              After a few weeks, I was told an update had been pushed and it had. I checked it and my issues where fixed!

              Still, that router has horrible firmware (after more than a year, it still hard-crashes if you give it an IPv6 packet, among others) so I “stack” my own EdgeRouter through it using PPPoE passthrough. Best of both worlds : IPTV just works, VoIP phone line just works, I get all the features I need on my stable, reliable router.

              Get the management or shareholders scared. They will fix it 🙂

              Martin

      • #2315425
        Chris B
        AskWoody Plus

        I always buy my own router rather than rely on the ISP router – I want to control my network myself, and also want a better grade of router. I have been using a Netgear R6300v2 router since Feb 2014, and it has been totally reliable throughout. It is a dual band 802.11ac router, with a Netgear EX3700 access point as a separate access point for house coverage. My internet connection is a 40mbps FTTC. Both devices get regular Netgear firmware updates – the last in July 2020 – advised to me by email.

        The setup is more than sufficient for my home needs, which generally has about 10-12 active devices and can have two HD streams running. From a performance point of view, I am very happy, and it falls into “if it ain’t broke…” category. If the firmware updates are coming, I assume I am reasonably secure, and I do occasionally check the GRC site.

        I’m not inclined to change it until I need a new feature or it breaks, but at nearly 7 years and running well, I think I bought quality. In these circumstances, 2 years looks incredibly short to ditch your router, and if it really were necessary that would be a massive criticism of the industry. After all, routers have been around for a long time.

        Chris
        Win 10 Pro x64 Group A

        1 user thanked author for this post.
      • #2315430
        anonymous
        Guest

        ? says:

        is anyone here using ax? Susan’s link to consumer reports about wi-fi 6 sent me looking:

        https://en.wikipedia.org/wiki/IEEE_802.11ax

        i usually go to the newest supported gateway my isp supports. right now it is xyxel c3000z ac…

        • #2315618
          Paul T
          AskWoody MVP

          AC is more than fast enough for home / small business computing requirements IMO.
          AC = 800Mb/s = near ethernet speed.
          AX = 11Gb/s = ultra high speed ethernet (10Gb).
          Internet = 20 – 100Mb/s = 10% of your network speed.

          cheers, Paul

          1 user thanked author for this post.
          • #2315641
            Chris B
            AskWoody Plus

            I agree. I have never had a problem with my ac network being able to keep up with my 40mbps broadband, nor with the demands I put on it on the LAN. Also, wifi6 kit is a good deal more expensive than ac, so why pay good money for capacity I will not use. The wifi6 prices will come down in due course, anyway.

            Chris
            Win 10 Pro x64 Group A

      • #2315451
        mn–
        AskWoody Lounger

        Inasmuch as I am entitled to have an opinion of this, I take a teeny-tiny but of an issue with Steve Gibson’s attitude on Ping!; He seems to think it’s horrendous, but a lot of things break when you disable it, as I have found. A lot of info out there suggests that this is no longer the horror it once was as a vulnerability to hacking. My router is set to “low ping” (there’s Low, Medium and High settings. I don’t know the technical difference, but mine is set by default to “Low”.)

        This is a bit of a problem with oversimplification in a lot of places.

        Some people get the idea that, because “ping” is a security issue, you need to disable ICMP altogether.

        And disabling ICMP completely leads to all kinds of problems whenever any component along your traffic path does something unexpected. For example a “destination-unreachable / reason code 4” is perfectly normal if any number of completely normal equipment type boundaries happen to exist along your route, and if that’s blocked…

        1 user thanked author for this post.
      • #2315463
        Alex5723
        AskWoody Plus

        Update the firmware

        Update the firmware? Most, if not all, Manufacturers of routers don’t update firmware beyond a year.
        The best way is to test your router for open ports (GRC) and harden the settings, authorize access using MAC address, set your connected hardware with fix IP and block any other IP, install DD-WRT, OpenWrt, .. providing router support.

        • This reply was modified 1 month, 3 weeks ago by Alex5723.
      • #2315477
        Chris B
        AskWoody Plus

        Update the firmware? Most, if not all, Manufacturers of routers don’t update firmware beyond a year.

        My router (Netgear) is still getting firmware updates 6+ years on. See my post above.

        Chris
        Win 10 Pro x64 Group A

      • #2315497
        Alex5723
        AskWoody Plus

        My router (Netgear)

        My previous router (Netgear) never got firmware support.
        My current Optic Fiber router (Technicolor DGA2232) got 1 update in a year.

        • #2315514
          Ascaris
          AskWoody_MVP

          My Netgear WNDR3700 (v1) stopped getting updates waaaay back in the day, even though updated revisions of the unit (with the same model number) were still listed as current models.

          I kept using that router for ten years after I bought in in 2008, with DD-WRT, but otherwise, I would have been stuck with the old, old firmware, while the company that made it reserved its updates for newer revisions of the same model. I’d shake a fist at Netgear in particular, but it’s a problem across the consumer router industry. You just never know how long its support will last when you buy it– and that’s not just a router problem.

          As I mentioned before, I have an Android tablet (from a Korean manufacturer whose name rhymes with Samsung)… it came from the factory with Android 4.0.4 (Ice Cream Sandwich), released in March 2012, and its final update came that same year, to Android 4.1.2, Jelly Bean. Not even a whole year after I bought it brand new in the store, and it got its last update. Now, eight years past my last update, I still have it and it still works well, and the apps that still run on it work fine, despite its slow performance compared to more recent models. Like a router that works fine but is cast aside because its manufacturer doesn’t bother to release updates once they already have your money, it’s obsolete artificially, not as a natural result of the progression of technology, and I loathe that.

          All of this discussion has gotten me off my butt to get DD-WRT onto the Linksys router I mentioned above, and it is not going well. The procedure for installing it is convoluted and difficult, but I should be able to handle it… yet I haven’t been able to get it done. All of the steps reported as working by the various people out there haven’t, and I am tired of messing with it already.

          I bought the unit because it was on sale super cheap ($25 for a dual-band AC router, and this was some time ago), but I did check to make sure it had DD-WRT support before I bought it. I just didn’t realize how convoluted the process would be (compared to my WNDR3700, which was very easy).

          As such, I think I will buy a new unit that’s on sale now for Black Friday and give that a shot. I hadn’t planned on this until now, so it is fortuitous that this discussion came up right now, when the sales are still on (most of them aren’t just the actual Friday anymore). I see the TP-Link Archer C7 has a DD-WRT installation procedure that looks as easy as that of my WNDR3700, and OfficeMax has it in stock for pickup for $50.

          I have never used a TP-Link before, and maybe it will come with great firmware that does all I want it to… but for how long? This way there’s a plan B if they don’t support it, or if their firmware has missing features.

          I’ve criticized MS much recently, but at least with Windows, you know when you buy it exactly how long the OS will get security support, and the support period dwarfs just about everything else. That’s one thing I applaud MS for.

          People may think of a router differently than a laptop or desktop PC, but (like a tablet or phone), it is a small computer in there running an OS (Linux, nearly always), and all the same reasons to get updates apply. Do any of them have a predefined support period other than “buy it and find out?” I’d be interested to know if anything in the consumer segment has such a promise.

          Without such a guarantee, if I can’t get aftermarket firmware onto it, I’m not interested (unless I get it at a bargain basement price). I now know to check not just that it has a DD-WRT/OpenWRT/etc. firmware available, but that the procedure for installing it is reasonable and doesn’t take black magic to make it happen.

          Group "L" (KDE Neon Linux 5.20.5 User Edition)

          • #2315660
            Ascaris
            AskWoody_MVP

            I have never used a TP-Link before, and maybe it will come with great firmware that does all I want it to

            Nope, it didn’t.

            Grabbed the latest DD-WRT and flashed it on the router, and it’s up and running nicely with the new firmware. Definitely recommended for anyone who wants an inexpensive 802.11AC router that is easy to set up with custom firmware.

            Group "L" (KDE Neon Linux 5.20.5 User Edition)

            • #2315814
              Paul T
              AskWoody MVP

              I use an Archer C7 with DD-WRT, works nicely for not a lot of money.
              DD-WRT is not the easiest to configure and the doco leaves a lot to be desired, but if you have a spare machine you can dedicate to setting it up and know what you are doing, it is very powerful.

              cheers, Paul

      • #2315542
        ve2mrx
        AskWoody Plus

        I used DD-WRT in the past but although there were frequent new firmware builds available, much time was lost figuring out, while reading 20+ pages threads, what recent version was stable for long term use. If you want to tinker and have time to spare, fine, but it’s not for most people. So, I gave up wasting time on this.

        I got Ubiquiti EdgeRouter Lites for me (and my family, I am their IT support department) with UniFi WAPs. No more monkeying around, no more “you’re on your own”, much less time lost. Bonus: I can manage everything from my management server. I already manage their ESET  antiviruses, why not the network too?

        Sure, those routers are ISP-grade, not user-grade, but I learned to do it. Then, I just have to look at the management server to see if updates are available, backup the routers and trigger the updates! Of course, I read the release thread on the forum first and wait a week or two before I do, but it is EASY.

        Looking for something simpler to configure? Get some router in the UniFi line instead of the Edge line.

        My rule of thumb: If it’s been more than 18 months since the last router firmware update, replace it. It’s been abandoned!

        Regarding automatic updates: Trust, but verify! Sometimes, they fail to work.

        Remember : Vulnerabilities in networking equipment makes them suceptible to remote attacks. This is also true for ANY network-connected devices! (The “s” in IoT is for security 😉

        Martin

        • #2315565
          Ascaris
          AskWoody_MVP

          I used DD-WRT in the past but although there were frequent new firmware builds available, much time was lost figuring out, while reading 20+ pages threads, what recent version was stable for long term use. If you want to tinker and have time to spare, fine, but it’s not for most people. So, I gave up wasting time on this.

          With my WNDR3700, I would typically just grab the most recent version and install it, and see how it worked for me. Nearly always, it worked well. There may have been bugs in features I didn’t use, but if I didn’t notice them, they didn’t bother me. If one build didn’t work, I would go back and try another one. One of them managed to soft brick the router, but it was not hard to use tftp to debrick it and get it working. If you’re not a techie-type, that possibility may not be for you, but if you are, it’s not hard.

          I know what you mean regarding the long threads of people commenting about any given release on the DD-WRT forum, but if the people commenting about things not working are not using the same model router as you (each forum is based on the maker of the router CPU/SoC, not the model of router), what they report may not have any relevance to you. I sometimes would search for the model number of my router and see if anyone with my actual model had posted. If not, I would just give it a shot, knowing that if it gets bricked again, I can fix it in a few minutes.

          I’ve had more trouble with the official firmware for my Netgear WNDR3700 router than most builds of DD-WRT. The Netgear forums were packed to the rafters with complaints about the buggy official firmware (and I encountered several of these bugs), and Netgear representatives would visit the forum and try to gather information about the issue, and they would tell us the new firmware is being worked on.  Then everyone would momentarily be happy when they did release that new version, often to be disappointed yet again.

          And then Netgear just stopped, both with the posting in the forum and with the updates. That experience played a role in how I view aftermarket firmware versions (where if one does not work well, you have many others to pick from) vs. the factory firmware (where if the factory versions all stink and they decide not to fix it, you have no other choice).

          I had similar experiences with D-Link back in the day. The Zyxel I had was solid from the start, and remained so until it was obsolete. I had a Motorola router that had some bugs in the firmware when I first got it, but the update fixed it, and it was solid afterwards.

          I don’t grab every new build DD-WRT comes out with. Every so often I would go to the forum and see how things are going, reading just the first bit of the thread about the newest build, and see whether I wanted to give it a shot. Of course, being the nerd I am, I find this kind of thing to be a recreational activity, not a chore.

          And if DD-WRT isn’t your thing, the other alternative firmware versions (like OpenWRT) will usually have a version for your router if DD-WRT does.

           

          Group "L" (KDE Neon Linux 5.20.5 User Edition)

      • #2315758
        Cybertooth
        AskWoody Plus

        AFAIK, GRC scanner checks for open ports, not software vulnerabilities!

        For vulnerability scanning, better use something like Nessus. Scan from the inside AND outside for a good picture.

        Martin

        I looked up Nessus and it looks interesting, but I stopped when I read the EULA and it says they claim the right to audit my usage of the software.

        The standard response to that is that this is a free version of the software, why would they audit the use of that. The reply to this response is that if they have no intention of auditing usage of their free software, then they could explicitly exclude it from the audit provision, but they have not.

        Any other router security-checking software out there that one might use?

         

        • #2315782
          ve2mrx
          AskWoody Plus

          Well, the free license is for non-commercial use. I guess they reserve the right to audit if they suspect you are avoiding paying for a commercial license by using the free personal license for commercial use?

          At least, they never audited me while I use it to check my personal network… And I never expect them to.

          Martin

          1 user thanked author for this post.
      • #2315831
        Alex5723
        AskWoody Plus

        Your router’s security stinks: Here’s how to fix it

        Most home Internet routers have serious security flaws, with some so vulnerable to attack they should be thrown out…

        “If a router is sold at [a well-known retail electronics chain], you don’t want to buy it,” independent computer consultant Michael Horowitz said in a presentation.

        “If your router is given to you by your internet service provider [ISP], you don’t want to use it either, because they give away millions of them, and that makes them a prime target both for spy agencies and bad guys.”

        Horowitz recommended that security-conscious consumers instead upgrade to commercial routers intended for small businesses, or at least separate their modems and routers into two separate devices. (Many “gateway” units, often supplied by ISPs, act as both.) Failing either of those options, Horowitz gave a list of precautions users could take….

        • #2315847

          Interesting enough, Spectrum supplied both WiFi router AND modem separately. The router is an Arris.

          There’s also the 800-lb gorilla in the room no one’s spoken of: MONEY.

          Mr. Horowitz probably has an unlimited budget, and maybe gets paid for reviewing routers, not to mention routers supplied by vendors for test and review. The rest of us without a money bin sometimes have to make a choice on a scale with performance/security on one end, and $$$ on the other.

          The question being hitting the right price/security=value point.

          And, IMHO, anyone who buys a router from NetGear is walking a teetery line; I used to know someone who worked there, and, well…they’ve made good ones and some real bombs…or Nest for that matter. Personal Experience with The Chocolate Factory’s hardware has led to a lot of swearing. Uh-uh, no thanks.

          This is a LARGE subject! Susan, you sure know how to pick the topics! Thanks! This is fun. 🙂

          Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
          --
          "A committee is the only known form of life that can have least four legs and no brain."

          -Robert Heinlein

          1 user thanked author for this post.
          • #2315864
            Chris B
            AskWoody Plus

            Interesting comment NTDBD. I have bought quite a number of Netgear routers, switches and a NAS and always been happy with them.

            Chris
            Win 10 Pro x64 Group A

          • #2316071
            Ascaris
            AskWoody_MVP

            And, IMHO, anyone who buys a router from NetGear is walking a teetery line; I used to know someone who worked there, and, well…they’ve made good ones and some real bombs…

            Probably true, but are any of the other consumer routers any better? I’ve had firmware quality issues (some that were later fixed, some not) with several different brands of routers (all three of the ones I’ve had long enough to judge: Netgear, D-Link, Motorola), and the problem with not releasing new firmware updates after the unit is out of warranty has hit all three too.

            In terms of components, I did have my Netgear WNDR3700 router start slowing down in wireless speed some time ago, and I opened it up to check the electrolytic capacitors, and sure enough, several of them were bulged. I replaced them and the router was back up to speed, but it was disappointing that Netgear had used low-tier capacitors. My D-Link, by contrast, had top-tier capacitors, and they never bulged. I never looked at the capacitors on the Motorola.

            My newer routers, a Linksys EA6500 and a TP-Link Archer C7, are too new to be able to know anything about reliability or future firmware support. The C7 specifically is already running DD-WRT, which was the reason I bought it. It’s as easy to flash the DD-WRT firmware as it is to flash the factory firmware in the C7 (as with my Netgear WNDR3700). The Linksys used to be that easy with older versions (before I had mine), according to the DD-WRT wiki, but they started signing the firmware, which meant that once it had the updated firmware on it, it would reject the unsigned DD-WRT firmware from that point forward. Mine already had the newest factory firmware on it before I discovered this, and it is probable that the one it came out of the box with was also too new for an easy DD-WRT installation.

            It was such a breath of fresh air to have all of the options in DD-WRT again… the factory firmware in most consumer routers is really lacking by comparison.

             

            Group "L" (KDE Neon Linux 5.20.5 User Edition)

      • #2315922
        Alex5723
        AskWoody Plus

        and always been happy with them

        If you are security conscious you shouldn’t be so happy, unless your setup your routers… as install-and-forget.

        79 Netgear Routers Vulnerable to Serious Security Flaw

        758 different firmware versions are vulnerable to a remote attack, and Netgear has yet to release security patches.

        1 user thanked author for this post.
        • #2315923
          Chris B
          AskWoody Plus

          That looks like the firmware update that was pushed to me on 12 July.

          Chris
          Win 10 Pro x64 Group A

          1 user thanked author for this post.
        • #2316059

          “In total, some 758 different firmware versions contain the vulnerability, which Netgear has used across 79 different router models for the past 13 years.”

          Thanks, Alex, I was trying to be diplomatic about it and not “Tell tales out of school,” but it looks like PC Magazine beat me to it last June.

          758? Gee, they’re not trying hard enough; I know they could make it to 800 if they really applied themselves…

          As for NEST, I have had three of their “SMART” CO2/Smoke detectors in standalone mode (no “Smart mode”) go toes up on me in three years. I am using the last one for skeet shooting.

          “Pull!” <sfx: both barrels-BOOM!>

          Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
          --
          "A committee is the only known form of life that can have least four legs and no brain."

          -Robert Heinlein

          1 user thanked author for this post.
        • #2316196
          Paul T
          AskWoody MVP

          This is why it’s essential to prevent outside access to your router and for you to test that there is no access.

          cheers, Paul

          • #2316242
            ve2mrx
            AskWoody Plus

            I am sad to write that if your router is vulnerable, having closed its firewall doesn’t necessarily prevent it from being abused.

            That’s because to know if the port is open or closed/stealth, the packet has to be handled. Pwnage can happen there! The test is there to protect the internal network and detect mis-configured routers, not defective or vulnerable routers.

            If your router is vulnerable, you have two options to secure it: fix the vulnerability with an update, or unplug it (WAN or power will do).

            Martin

            • #2316244
              Paul T
              AskWoody MVP

              That’s because to know if the port is open or closed/stealth

              This is not the case.

              For an exploit of the internal web server (for example) the packet has to be passed to the web server process.

              A firewall / router only needs to read the first segment of a packet to find the port and if there is no rule to pass that packet it is dropped and the firewall is “stealthy”.

              cheers, Paul

              • #2316248
                ve2mrx
                AskWoody Plus

                Exactly. I was oversimplifying.

                My point was that by the time the router knows to what port a packet is “going” to, it has been buffered and parsed. A vulnerability there and the router is potentially pwned, even if the port is closed/stealth/open. That’s the part of the stack that the GRC port test “abuses” to see if open/closed/stealth.

                This means that anything logically handling packets can be vulnerable. This includes network card drivers too! I can see a buffer overflow causing damage (with a bit of luck).

                Martin

              • #2316253
                Paul T
                AskWoody MVP

                Packets are a maximum size so it’s easy to drop oversized ones and prevent that sort of buffer overflow. It’s only when the content is handled incorrectly that you have problems and that is not done at the firewall or when passing packets on to the network / internal processes.

                cheers, Paul

      • #2316209
        Chris B
        AskWoody Plus

        Probably true, but are any of the other consumer routers any better?

        Good point. I also had major problems with a Linksys router some years ago. The DHCP server failed to work on the wifi part of the LAN. From the comments I saw, lots of people had the problem, and Linksys acknowledged the issue on the phone, yet they never solved it. What really annoyed me was they deleted all posts about it on their forum, and also the time I wasted trying to sort it out. I swore never to buy another piece of kit from them, and haven’t. Mind you, that was some time ago and I should probably lift the ban now!

        Chris
        Win 10 Pro x64 Group A

    Viewing 21 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: How old is your router?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

?
This website collects data via Google Analytics. Click here to opt in. Click here to opt out.
×