[Coco] My web page

Gene Heskett gheskett at wdtv.com
Tue Jan 7 16:26:52 EST 2014 

On Tuesday 07 January 2014 16:14:14 Louis Ciotti did opine:

> I must say in all the years I have have the various broadband internet
> services I have never had any of the various routers I have had over
> the years hacked....   Not even an old headless 486 running Linux I
> used to share my ISP connection before routers were cheap.  The 486 ran
> for years unattended until the hard drive failed.  And even then it
> took a power failure for me to even notice it.
> 
> Sent from my iPhone
> 
> > On Jan 7, 2014, at 3:25 PM, Gene Heskett <gheskett at wdtv.com> wrote:
> > 
> > Greets all;
> > 
> > Sometimes you have to be a little schmardter than the average bear.
> > 
> > I got tired of noting the extremely poor upload performance of my
> > buffalo hi-power router in recent weeks, a speed test showed what
> > should have been a 2 megabit upload speed was actually doing under
> > 100k bits a sec.
> > 
> > So I tried to reset it and reflash it, but managed to about half brick
> > it because I couldn't find the reset button, turns out you have to
> > snap the snap on base off it for access to the reset button hole.
> > 
> > But when I put another netgear in its place, I DHCP'd a different IP
> > address from the one my registered name below points at.  Not good.  I
> > found a mini-dd-wrt install for it and put that in.  Same but wrong
> > address.
> > 
> > Called shentel, who gave me a run-around about how my address was
> > dynamic. Wanted to charge me another 5 bucks a month for a fixed
> > address, but it wouldn't be the old one.  Then they wanted the MAC
> > from my router so they could set it up, and the leds all came on
> > spelling out _bingo!_
> > 
> > So I reset the Buffalo, hooked it up long enough to get its DHCP
> > derived address, which was indeed the old one and wrote down its WAN
> > MAC.  Then I switched cables around, logged into the netgear, and
> > "cloned" that MAC into its WAN port.   Bingo was right, and after a
> > minor adjustment to httpd.conf since this router cannot port forward
> > AND translate the port #, so it is now listening on port 6309, and my
> > web page should be back up and accessible again.
> > 
> > That netgear, a WNR-3500U/WNR3500L, running its own firmware, did not
> > last the night last night, when I woke up this morning it was
> > working, but my username and password had been changed.  Black Hat or
> > NSA, same diff, somebody got in and played.
> > 
> > There are not any backdoors in dd-wrt since its not even a US built
> > software.  I highly recommend it, if your router has enough flash and
> > ram to handle it.  The failed buffalo has 32 megs of flash, and 16
> > megs of ram so it can do it all in one swell foop.  The netgear is
> > much more resource limited, so the install is a 2 step install, but
> > it will fit in the 4 megs of flash in that unit and do 95% of what
> > the full version can do.  Setup a decently long username and
> > password, and NSA will be forced to use their still a long ways from
> > ready, Quantum computer to hack it before the universe runs down.
> > 
> > Gotta love it when a plan comes together.  In the meantime I'll buy
> > another buffalo or similarly souped up router now that I know how to
> > make the switch invisible to shentel. :)
> > 
> > Now, if that pair of SALT chips would appear, but I think they may be
> > sealed in a bottle, thrown in the harbor in Shanghai so it will drift
> > to the US eventually.  I hope...
> > 
> > Cheers, Gene

I ran an old k6-III box, headless and keyboardless, internally stripped 
down to an CF adaptor on the end of an IDE cable, no drives at all, running 
the registered version of dd-wrt for 4 or 5 years but eventually decided I 
needed to cut down on the power draw, which was probably a good 200 watts 
even with that stripout.  That is when I bought the Buffalo, which used 
maybe 10 watts.  It, despite being a highly rated unit, needed a re-install 
occasionally else the dhcp server would die.  So I am assuming it had some 
other hardware problem when the upload speeds took a swan dive into the 
dumper.

I don't trust this netgear to be secure, or for that matter any router 
running US sourced software because its just a matter of time before 
somebody hits it hard enough to get in and play.  But when its running the 
version and configuration of iptables that comes with dd-wrt, it IS going 
to take a while to get in if they don't have screwdriver access.

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Avoid the Gates of Hell.  Use Linux
		-- unknown source
A pen in the hand of this president is far more
dangerous than 200 million guns in the hands of
         law-abiding citizens.

More information about the Coco mailing list