The Lemon Fool

As it's a topic that has come up fairly regularly, here's a nice little overview.

https://www.ispreview.co.uk/index.php/2 ... outer.html

The “free” routers that so often come bundled alongside broadband ISP packages are usually nothing to write home about, not least because they’re often budget models and frequently come with key features disabled. But should provider’s be preventing customers from using their own kit?

The majority of internet users are probably quite happy to use the kit supplied by their ISP and many of them may never even bother to touch the device’s admin panel, except while setting it up for the first time. However a lot of people still prefer to use their own third-party router and that can be due to a number of reasons.

Cont.

I found I could not run an authoritative DNS using the supplied router (although I could run servers). That is why I went to Draytek.

I went 3rd party when the ISP router supplied kept being "upgraded" by the ISP and the administrator password removed!

Netgear first, but that was bricked by a firmware update, so I went Draytec and discovered partial security, which is better than no security at all.


Slarti

Slarti wrote:so I went Draytec and discovered partial security,

As I am using Draytek I am interested in what you mean by this.

Slarti wrote:Netgear first, but that was bricked by a firmware update...
Slarti

Did you ever have a go at unbricking it? It can be done (JTAG or other routes.)
I've always been very nervous of BIOS or firmware updates.
Gigabyte do dual BIOS chip motherboards, it would make sense for the more expensive routers to have a similar facility, especially as there are so many decent custom firmware options available these days like Open/DD WRT, Tomato et al.

johnhemming wrote:

Slarti wrote:so I went Draytec and discovered partial security,

As I am using Draytek I am interested in what you mean by this.

Apparently, so I'm told by those who should know, almost any router is vulnerable to attack. Especially if you use wifi.

Comments on the line of "if you hide your SSID, you just make me more interested" are typical. With the right equipment wifi is vulnerable.

The router firewall, while much better for routers like Draytek, is not perfect and often won't be updated. Plus people often have admin access from outside available. Oh, and the admin password is often not strong.


But, compared to the items issued by ISPs, routers like Drayteks are like the difference between using a mortice lock on your front door and relying on a Yale type one.

Slarti

Infrasonic wrote:

Slarti wrote:Netgear first, but that was bricked by a firmware update...
Slarti

Did you ever have a go at unbricking it? It can be done (JTAG or other routes.)
I've always been very nervous of BIOS or firmware updates.
Gigabyte do dual BIOS chip motherboards, it would make sense for the more expensive routers to have a similar facility, especially as there are so many decent custom firmware options available these days like Open/DD WRT, Tomato et al.

As during the update, smoke was issued and it would then no longer even show any lights, no.


Slarti

Slarti wrote:But, compared to the items issued by ISPs, routers like Drayteks are like the difference between using a mortice lock on your front door and relying on a Yale type one.

Thanks for this. None of these are, however, new vulnerabilities.

Found this security focused channel on YouTube the other week...

https://www.youtube.com/user/TWiTSecuri ... eosecurity

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific at https://twit.tv/live

Very geeky, sometimes a bit overly long winded on explanations, but ultimately useful to improve the security knowledge.

johnhemming wrote:

Slarti wrote:But, compared to the items issued by ISPs, routers like Drayteks are like the difference between using a mortice lock on your front door and relying on a Yale type one.

Thanks for this. None of these are, however, new vulnerabilities.

I never said any of it was new, just the difference between ISP supplied routers and the better 3rd party ones.

Slarti

I also had to deal with the server after configuring