I’ve had a couple of small wireless projects lately and have really been having a great time playing around with the Linksys-Cisco WRT54GL Wireless-G Broadband Router and one of the many GREAT 3rd party firmwares dd-wrt. I know, for a couple years I’ve meant to get a hold of one of these little linksys boxes for testing. I had read about OpenWRT and found it an interesting idea. For those that don’t know, the original linksys wrt54g wireless routers were designed based around a customized linux firmware. What made this nice is linksys made the source code available for their firmware which made it a lot easier for others to improve upon linksys’ built in software.
Tag: router
-
Zeroshell Livecd – providing main network services
http://www.zeroshell.net/eng/ is an interesting bundle of linux designed to be an out of the box network service swiss army knife of sorts. Here are the network services that it provides…. Kerberos 5 authentication, LDAP, NIS, Radius authentication, x509 certificate authority, unix and windows compatible active directory services, router, implements bridging and vlan protocols, full radius server, captive portal capability, firewall, QoS management, multizone dns server, dhcp server (capable of managing multiple subnets), ntp server, dyndns client, ppoe client, syslog server, lan to lan vpn…..
-
Strange net problems with a Netgear FS608 switch
This was weird and now that the switch is replaced I haven’t been able to duplicate it, but let me explain. There was a netgear fs608 (8 port unmanaged) switch plugged into a linksys router (model number not noted.) The cable was straight (although the fs608 has support for link through straight or crossover cables.) This setup worked well for quite some time. 4 computers and a printer hooked up. 3 pcs with fixed address and 1 with DHCP for their IP address. Well, I had a call that two pcs were unable to connect to the network and when I got there and looked… sure enough 169.**** ip addresses from Microsoft’s “auto configure” pool.
-
I’ve NEVER liked UPNP…. now I have another reason….
I remember the first Windows XP vulnerability was a Upnp vulnerability. I have made one of my first visits on any new XP system a visit to grc.com to disable it on an XP workstation. But, it’s the great thing – makes life so much easier for setting up network devices. “You just don’t like it cause it puts you out of business….” It looks like Upnp is a really “malicious hacker friendly” kind of thing, especially when it’s installed and running on a gateway router… let’s say you have a hardware firewall with Upnp. Normally, you plug in an IP camera and maybe the IP camera uses Upnp to open a port so it’s accessible from the outside world. Nice, simple right? Well… what if you download a “browsing experience enhancement toolbar” that opens up another port on the firewall so you can act as a mail relay?
-
What a week….
I think it’s time to pass along a long story of what’s gone on over the last week or so here and some of the reasons there hasn’t been anything posted. Generally, I would say that work has been busy, but something happened last week that went a bit beyond the day to day and there might be some items worth considering. The short story is my internet access was suspended and I’ve been only connected to the internet for 30 minutes or so at a time to retrieve mail and spent dozens of hours reviewing system logs…. but the long story is needed to sort out what has happened. I’m not going to break this up into multiple posts, but I may pull out some details for seperate posts at some point.
-
Network Security – how should an open wireless access point be run beside a safe network?
So, let’s say we want to have an open wireless access point for some reason. (Maybe offering it to guests if you’re a business?) There are certainly a lot of BAD ways to give open wireless access. As we’ve seen in this series so far, it could be quite easy to hijack all connections in a network using arp spoofing. If you run business machines on a network you do NOT by any means want an open access point on the same subnet. Here are some possibilities though…..
-
Network Security – Defenses against arp spoofing
So, we’ve spent a couple articles talking about arp spoofing. It sounds really bad, it’s a frighteningly easy way to do a “mitm” or man in the middle attack and anyone using arp spoofing could capture ALL network traffic including passwords. There’s got to be an easy fix right? Um…. well. This is not something you’re going to want to read, but there aren’t a lot of good options. It’s possible to setup a static arp table. With a static arp table, a machine ( switch/router ) has a list of known good MAC addresses and which IP addresses they should match.
-
Linksys changing WRT54G wireless router
Linux devices has a story on the Linksys WRT54G wireless routers. The WRT54G has been known for quite a while to be running linux and a community has sprouted up with customized software to add many neat features to the access points. However, Linksys is moving to VxWorks as the operating system for the routers in a move that will cut memory and flash sizes installed. (VxWorks is more of an embedded OS and many other network hardware makers have made the move.)
-
Linux on a Linksys wireless router
This is one of those projects I’ve been tempted to undertake for some time… Newsforge has an article on Linux on the Linksys wireless WRT54G and WRT54GS routers. The distribution designed for it is openwrt which is an embedded linux flavor.
-
Bad week for Cisco, security headaches
For starters, there was this advisory last week in response to a planned talk at a hacker convention on the possibility of a cisco router ipv6 exploit. The advisory detailed a LOCAL exploit and not the remote exploit that the talk was centered around. There was legal action against the speaker and materials detailing it were destroyed (literally ripped out of notebooks) at the convention by Cisco. Apparently this is the kind of vulnerability that could “shut down the internet”. Of course, much of the internet’s backbone runs on Cisco equipment. Next….