SoylentNews is people
SoylentNews
from the flash-alternate-router-firmware-for-protection dept.
janrinok writes "A recent survey carried out by Tripwire, reported by the BBC, claims that "80% of the 25 best-selling routers available on Amazon are vulnerable to compromise". Security researcher Craig Young from Tripwire said exploits had been publicly discussed and published for more than one-third of these devices.
In a separate report, the Internet Storm Center (ISC) warned about a continuing attempt to exploit a vulnerability in 23 separate models of Linksys routers. A worm, called 'The Moon' is compromising Linksys routers and then scans for other potentially vulnerable systems. So far, wrote ISC researcher Johannes Ullrich in his blogpost, it is not clear why the routers are being compromised and what might be done with them. There are hints in the exploit code that the routers will at some point be gathered together into a network of compromised machines. Currently, he added, all the worm was doing was spreading to other Linksys routers.
The reason for the current European concern is a recent large scale attack on home routers in order to gather usernames and passwords for online bank accounts, reported by the Polish Computer Emergency Response Team (CERT) and elsewhere."
(Score: 5, Interesting) by clone141166 on Monday February 24 2014, @03:23AM
I for one am surprised it has taken this long for larger numbers of home routers to become compromised. I suppose they are not susceptible to the malware-installed-by-the-user attack avenue that computers/tablets/phones are though.
I have actually been looking for a good fully open source router for a while, but they are tough to find (in Australia at least). At the moment I have been considering just building a mini-ITX, Atom-based PC and putting linux on it to run as the router. Then attaching a consumer ADSL router to it via ethernet, but placing the consumer ADSL router in bridged mode so that it just acts as a transparent modem only.
Interested to know if anyone else has any working setups for an inexpensive, open source, home DSL router?
(Score: 4, Informative) by codersean on Monday February 24 2014, @03:35AM
(Score: 3, Informative) by stormwyrm on Monday February 24 2014, @03:53AM
Why an Atom-based PC when a Raspberry Pi or one of the other small ARM-based boards like the Beaglebone Black would do, probably even better? Last time I checked a Raspberry Pi can still beat the Atom in terms of power consumption. Power consumption for a Raspberry Pi is something like 6W even at full tilt, while a mini-ITX Atom-based PC of the type you describe goes to 30 W (see here [outervision.com]). For a device that you want to keep on 24x7x365 this difference adds up to something like 200 kWh per year, which is close to my household's total monthly energy consumption (280 kWh).
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by clone141166 on Monday February 24 2014, @04:02AM
I did have a look at Raspberry Pi's, they are fantastic, but I should have specified I was looking for a wired ethernet based solution rather than wireless only. Afaik you can't get Raspberry Pi's with 2 or more ethernet ports? I supposed it could be possible to connect up some sort of USB-based ethernet dongle to obtain more than 1 ethernet port though?
(Score: 1) by stormwyrm on Monday February 24 2014, @04:27AM
Yeah, I've tried that. Most USB Ethernet dongles should work just fine with the Raspberry Pi. Generally if it will work on x86/amd64 Linux, Raspbian should have no trouble with it.
Numquam ponenda est pluralitas sine necessitate.
(Score: 1) by isostatic on Monday February 24 2014, @07:53AM
I bought 5 pis, with grand intentions of putting them on networks that other devices just couldn't reach.
Sadly the power connector (mini usb) is just too unreliable. I lost sight of 4 of the 5 pis within 2 months of deployment.
Now a pi which could power itself off POE, that would be a device worth having.
As for routers, I'm afraid I don't do open source :( I use mikrotiks. £30 for a wireless device that does PPPoE (via my BT VDSL modem) and OSPF? Not to mention it's use in slightly larger networks where running BGP is handy.
(Score: 2, Informative) by dabiged on Monday February 24 2014, @04:00AM
I am in australia and I purchased an Asus RT-N16 router from my local supplier. I am running TomatoUSB by shibby with a bridged modem. Cost me about $150 AUD to setup and it is infinitely better than my old netgear.
(Score: 3, Informative) by sibiday fabis on Monday February 24 2014, @03:18PM
FYI - make sure you have good airflow, it might help prevent capacitor failure on that RT-N16. They are great when they work, but I had two units die of popped caps.
(Score: 2, Informative) by Anonymous Coward on Monday February 24 2014, @04:23AM
You can request to open the box at the computer shop and if it has GNU/Linux on it there will be a small (cheap paper) leaflet with the GNU license in there (Manufacturers should advertise this more openly on their websites anyways -aka- tech specs.)
Also check-out the alternative firmware sites (WRT, tomato) and if they have firmware version for a specific hardware modem/router chances are that it has GNU/Linux on it already.
You might want to check out D-link (for ADSL). I'm not saying they are bomb proof but they are one of the few (cheap) manufacturers that have resisted re-branding cheap chinaware -aka- porcelain-firmware like linksys, zyxel, billion etc. do.
As for a "PPPoE" router I recommend getting a AMD based mainboard and slapping vmware esxi on it. AMD because all 64-bit processors have the virtualization stuff required by esxi.
you can then try all the open-source router software, each in its own virtual machine .. plus you might try other stuff (webserver, chat server, print server, torrent, tor, email-server etc. etc.) in additional virtual machines ... and easy to nuke if it goes south : )
Also it is more safe and easy to make a virtual machine then having to flash firmware.
in conclusion: get a good solid modem, put it in bridge mode and let a REAL computer do the heavy lifting / natting.
(Score: 0) by Anonymous Coward on Monday February 24 2014, @04:46AM
the asus "E35M1-M PRO" uses about 45 watts.
usb3
max 8 GB Ram
2 x pci (!) slots
(Score: 5, Informative) by evilviper on Monday February 24 2014, @04:36AM
Look at the DD-WRT list of supported models. Even better if the unit has USB:
http://www.dd-wrt.com/wiki/index.php/USB_storage#C ompatible_units [dd-wrt.com]
The D-Link DIR-632 was a great deal, selling for $35 on Amazon, trivial to upgrade to DD-WRT, and having a USB port for network attached storage or printer sharing, and 8 wired switch ports. Now that stocks are gone, prices have gone very high... $75 currently. Too bad.
You can also look for devices preloaded with DD-WRT, like the Buffalo brand.
DD-WRT is a bit finnicky in the UI department, but it can do anything you'd want... WiFi to wired bridge, WiFi repeater, WiFi AP, static/dynamic, QoS & throttling, SSH, WDS, etc.
I wouldn't recommend using an old PC, because of power consumption, alone. Never mind size, noise, maintenance, etc.
Hydrogen cyanide is a delicious and necessary part of the human diet.
(Score: 1) by razza on Monday February 24 2014, @10:01PM
The main problem always seems to be ADSL support.
(Score: 1) by AnythingGoes on Wednesday February 26 2014, @04:47AM
An older netbook like Asus EEE 2G/701, on the other hand, is pretty decent and can be booted from a read-only SD card. The power consumption is less than 15W during normal operations if you turn off the screen. Comes with 3 USB ports too :)
(Score: 2) by evilviper on Wednesday February 26 2014, @06:47AM
An Eee 701 has 100BaseT ethernet, needs even slower USB-ethernet adapters for a second port. Only very slow 802.11g wireless on 2.4Ghz. etc. It'll use far more power than a purpose built router, and costs several times more. And you STILL need an ethernet switch to connect multiple wired devices. It's not a TERRIBLE option, but it's certainly not a good one, either.
Hydrogen cyanide is a delicious and necessary part of the human diet.
(Score: 1) by ls671 on Monday February 24 2014, @06:17AM
I have been using a linux firewall/router for 15 years. Wireless access is on a dedicated subnet with special rules. I do not mind the power usage (70 watts/ 5$ a month) since that machine is also used as a file server and what not.
Those cheap routers aren't any good under load anyway. Nat table gets full usually after 1024, hard to do things like traffic shaping for VOIP etc. etc.
With this setup, you get the full benefits of a full fledged router. As long as you use the machine for something else like a file server, backup server, than forget about the power usage.
Everything I write is lies, including this sentence.