Page 1 of 1

ISP v Third Party Routers

Posted: April 4th, 2018, 4:35 pm
by Infrasonic
As it's a topic that has come up fairly regularly, here's a nice little overview.

https://www.ispreview.co.uk/index.php/2 ... outer.html
The “free” routers that so often come bundled alongside broadband ISP packages are usually nothing to write home about, not least because they’re often budget models and frequently come with key features disabled. But should provider’s be preventing customers from using their own kit?

The majority of internet users are probably quite happy to use the kit supplied by their ISP and many of them may never even bother to touch the device’s admin panel, except while setting it up for the first time. However a lot of people still prefer to use their own third-party router and that can be due to a number of reasons.
Cont.

Re: ISP v Third Party Routers

Posted: April 4th, 2018, 4:58 pm
by johnhemming
I found I could not run an authoritative DNS using the supplied router (although I could run servers). That is why I went to Draytek.

Re: ISP v Third Party Routers

Posted: April 4th, 2018, 6:55 pm
by Slarti
I went 3rd party when the ISP router supplied kept being "upgraded" by the ISP and the administrator password removed!

Netgear first, but that was bricked by a firmware update, so I went Draytec and discovered partial security, which is better than no security at all.


Slarti

Re: ISP v Third Party Routers

Posted: April 4th, 2018, 6:58 pm
by johnhemming
Slarti wrote:so I went Draytec and discovered partial security,

As I am using Draytek I am interested in what you mean by this.

Re: ISP v Third Party Routers

Posted: April 4th, 2018, 7:21 pm
by Infrasonic
Slarti wrote:Netgear first, but that was bricked by a firmware update...
Slarti


Did you ever have a go at unbricking it? It can be done (JTAG or other routes.)
I've always been very nervous of BIOS or firmware updates.
Gigabyte do dual BIOS chip motherboards, it would make sense for the more expensive routers to have a similar facility, especially as there are so many decent custom firmware options available these days like Open/DD WRT, Tomato et al.

Re: ISP v Third Party Routers

Posted: April 4th, 2018, 8:26 pm
by 1nv35t
Our home network is a Virgin Hub router, off which we have a single core Celeron PC as a server (OpenBSD installed and running http, https, ssh, wordpress, webcams etc), 192.168.x.x IP range with dynamic DNS so if the external IP address does change it doesn't matter. One of the Lan ports plugs into a netgear router Wan, behind which all other devices connect (10.0.x.x IP range).

From that link
However, using two devices is usually undesirable because it’s messy, consumes more electricity and can make it harder to diagnose problems

Personally I found it to be the easy option, and physical isolation of the public server is much better than using DMZ and a single router as integral DMZ aren't really isolated.

I've recently moved the headless server upstairs and it now connects via a mains plug LAN extender to the Virgin Hub downstairs. I've also added another network card to that PC in readiness for it to also be set up as a router.

Re: ISP v Third Party Routers

Posted: April 5th, 2018, 7:25 am
by Slarti
johnhemming wrote:
Slarti wrote:so I went Draytec and discovered partial security,

As I am using Draytek I am interested in what you mean by this.


Apparently, so I'm told by those who should know, almost any router is vulnerable to attack. Especially if you use wifi.

Comments on the line of "if you hide your SSID, you just make me more interested" are typical. With the right equipment wifi is vulnerable.

The router firewall, while much better for routers like Draytek, is not perfect and often won't be updated. Plus people often have admin access from outside available. Oh, and the admin password is often not strong.


But, compared to the items issued by ISPs, routers like Drayteks are like the difference between using a mortice lock on your front door and relying on a Yale type one.

Slarti

Re: ISP v Third Party Routers

Posted: April 5th, 2018, 7:26 am
by Slarti
Infrasonic wrote:
Slarti wrote:Netgear first, but that was bricked by a firmware update...
Slarti


Did you ever have a go at unbricking it? It can be done (JTAG or other routes.)
I've always been very nervous of BIOS or firmware updates.
Gigabyte do dual BIOS chip motherboards, it would make sense for the more expensive routers to have a similar facility, especially as there are so many decent custom firmware options available these days like Open/DD WRT, Tomato et al.


As during the update, smoke was issued and it would then no longer even show any lights, no. :cry:


Slarti

Re: ISP v Third Party Routers

Posted: April 5th, 2018, 7:29 am
by johnhemming
Slarti wrote:But, compared to the items issued by ISPs, routers like Drayteks are like the difference between using a mortice lock on your front door and relying on a Yale type one.

Thanks for this. None of these are, however, new vulnerabilities.

Re: ISP v Third Party Routers

Posted: April 5th, 2018, 1:47 pm
by Infrasonic
Found this security focused channel on YouTube the other week...

https://www.youtube.com/user/TWiTSecuri ... eosecurity

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte.

Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific at https://twit.tv/live


Very geeky, sometimes a bit overly long winded on explanations, but ultimately useful to improve the security knowledge.

Re: ISP v Third Party Routers

Posted: April 6th, 2018, 11:01 am
by Slarti
johnhemming wrote:
Slarti wrote:But, compared to the items issued by ISPs, routers like Drayteks are like the difference between using a mortice lock on your front door and relying on a Yale type one.

Thanks for this. None of these are, however, new vulnerabilities.


I never said any of it was new, just the difference between ISP supplied routers and the better 3rd party ones.

Slarti

Re: ISP v Third Party Routers

Posted: April 16th, 2018, 3:24 pm
by Miaw
I also had to deal with the server after configuring