Results 1 to 10 of 28
Thread: I'd like a new router.
Enjoy an ad free experience by logging in. Not a member yet? Register.
I'd like a new router.
Both are DD-WRT(from what I gather) and have VPN capabilities so I can set up a VPN on the router and link into it when I'm out and about for more security.
Here's links to both:
Amazon.com: Linksys N300+ Wi-Fi Wireless Router with Linksys Connect Including Parental Controls & Advanced Settings (E1200): Electronics
There's really not that much difference in price, just a few bucks so for all practical purposes the price is the same but what about features and performance, is one a bit better then the other or are they about the same there as well? Any input will be appreciated. Thanks.No matter where ya' go, there ya' are.
Personally I like the WNR1000 v3.
Amazon has it for almost 1/3 less than what you're looking at spending and I know for a fact that it is proofed against current gen script kiddie hijacking tools. Reaver can't touch it.
I've got some butt wipe in my complex that is running a Kali Doom attack server that hits every new SSID in range, has taken over most of the routers in our complex and set them up as kind of a botnet.
He cracked more than a dozen of my routers before I found this one. He hasn't been able to get in to my network since I've been running it, almost a year now.
08-27-2014 #3No matter where ya' go, there ya' are.
Not sure about DDWRT on this one; which IMHO is not all that it's cracked up to be.
I followed all the steps *exactly* to flash a 100% verified compatible router and turned it in to a brick. So I bought two that were pre-flashed. He cracked both of them; one in under 15 minutes. And no matter what kind of config I did I couldn't keep him out of them. I played with it for weeks.
And no, OOB the WNR1000 v3 won't do VPN. AFAIK you need a server to get VPN secure forwarding from a remote location to the web. The VPN in routers and gateways is for "road warriors". I.E. you need to log in to your net and access a file you forgot to DL to your lappy before you went to see your client or access a DB, etc corp type stuff.
To be out and about, call home on VPN and then be pushed directly securely to the web over your home hardwire you need a combo VPN / web proxy server. Otherwise you'll have to call home, log in to a machine you left at the house and then fire up its web browser and go from there.
Last edited by Steven_G; 08-27-2014 at 09:41 PM.
So what are they talking about here with the tweaks to the router that's suppose to give you a VPN via your router?
https://www.youtube.com/watch?v=mmsI...fwWBYg&index=1No matter where ya' go, there ya' are.
I'm not familiar with gargoyle. Maybe it can use port forwarding and a combo client / server to do it all in one box inside a modified router? But if it's built on DDWRT I'd be leary of it for the reasons above. On the second one (PFSense) they are setting up a dedictaed OpenVPN server to forward the connection from the dedicated server to the web.
If you can buy a router pre-flashed with gargoyle from a shop that guarantees its work I'd go that way rather than trying to flash one yourself. That way you're not SOL with a brick you paid good money for if the flash goes wrong like it did on me.
The 2 I tried I bought already flashed and I was able to return them when I couldn't get them to stay secure. There are a couple of shops on Amazon that sell them pre-flashed.
There are a lot of variables involved and I'm not saying that all DDWRT installs are unsecure. But both of the ones I tried my local butt wipe was able to crack with no problem. Now part of that could have been the hardware that the installs were on, b/c that makes a difference too.
But for my money, I'd go with a good, secure cheap router and then set up a dedicated vpn/web proxy on an old junker or a pi.
As a matter of fact I have a pi on the way from Amazon so I can set it up as a vpn/web proxy.
I think I may try to pick up that WNR1000 v3 next week. I'm sure it's much better then what I have now and it's not so expensive that if it's not all that much better I'd feel like I was out anything. Thanks for the heads up on it.No matter where ya' go, there ya' are.
Just make sure that no matter what router you have you turn off the push button wifi protected set up crap. There is a flaw in the algo that generates the PIN and it can be backwards factored with no problem at all. As a matter of fact that's how reaver works. And reaver can crack most routers b/c even when you go in to the interface and shut off that feature most routers still end up leaking / broadcasting the PIN even though you told it not to due to issues with how the firmware and / or hardware is set up.
That's why hardware makes a difference, even with the open source router projects that are supposed to be secure.
With the WNR1000 v3 when you tell it to turn off "push to connect" (their name for WPS) it actually does turn it off.
And that link I posted was just first grab. I'm not 100% certain it's *version 3*. If you get one make darn sure it's v3 and not 1 or 2 b/c 1 and 2 are both listed as being known to be vulnerable to reaver.
Also, make sure you lock it down. There are lots of tutorials on wireless router sec. The big three are the WPS crap, locking out remote admin and locking out wireless admin. Basically you want to make sure that it can only be admined by wire from your LAN.
I did change the password to get into my router but I don't know if I can lock it down so that I can only get into it from an RJ-45 or not. Not sure about WPS either. I do have my router WPA2 password protected and I have the SSID hidden so anyone just driving by looking for Wifi won't see it unless they're looking for packets or something.No matter where ya' go, there ya' are.
Hiding the SSID is actually a bad idea and can make you less secure in the long run. It's just a network name and hiding it is not a security feature. Besides, if anyone wants to find it that's real easy to do.
And you can actually end up making yourself less secure by hiding the SSID depending on what connects to it and how. A lot of OS's, not just doze, actually end up broadcasting all kinds of info about hidden SSIDs b/c they are trying to connect to them all the time if they are set for auto-connect. And, hiding the SSID can also cause a lot of connection problems.
On the one you have now dig through the interface and see if it has options for remote admin, if it does they can be disabled. And I haven't seen a router made in the last 10 years that didn't have the ability to turn off admin over wireless; which forces it to wire only.