Hanging Myself Wirelessly

Around mid­night, while typ­ing ping -t with one hand while the oth­er held a tiny flat­head screw­driv­er point across two Flash ROM pins, I thought to myself “Self, what the hell do you think you’re doing?”

I’ve been lis­ten­ing to Steve Gib­son’s pod­cast called Secu­ri­ty Now! since it began a few months ago. It is a great pod­cast for every­one who wants to learn about how to keep both home and cor­po­rate com­put­ers safe from threats. They’ve had a great series on wire­less (WiFi) secu­ri­ty that boils down to this: if you’re not using WPA (or deriv­a­tive, such as Radius), you’re sim­ply not secure. Dis­abling SSID broad­cast and MAC fil­ter­ing don’t help squat. Any­one using KisMAC or Net­S­tum­bler can be on your WEP “pro­tect­ed” in less than an hour just by lis­ten­ing (or, sniff­ing, if you like that term bet­ter).

So all this has had me very wor­ried since our net­work is far less secure than I thought it was. We’ve been hacked once, although I’m pret­ty sure it was a neigh­bor just try­ing out Net­S­tum­bler for fun. I did­n’t want any­one get­ting on our net­work and using our broad­band for free or worse, get­ting onto our sys­tems and snoop­ing. I don’t need some­body get­ting my old tax files or any­thing1 Why did we have a WEP net­work in the first place, you ask? TiVo can’t use WPA encryp­tion meth­ods. Okay, the solu­tion there is to use a USB eth­er­net adapter (as opposed to the USB WiFi adapter we have now) and then bridge it onto the wire­less net­work with some­thing that can use WPA. Sim­ple enough, right? No, not real­ly.

First of all, TiVo has very lim­it­ed dri­vers for net­work adapters. I final­ly went with the Net­gear FA120, and it works great. For the wire­less bridge, I first thought I’d use a wire­less access point by Linksys. I’ve had great luck with their routers and oth­er net­work gear, this seemed promis­ing. Well no amount of tin­ker­ing seemed to get the access point to act in repeater mode (think of a wire­less bridge that also acts as a sig­nal boost­er), despite all the firmware upgrades that claimed to fix that exact same prob­lem.

Sveasoft Firmware

I suc­cess­ful­ly installed the Svea­soft firmware on my old­er router.

Next, I tried to use two of the same wire­less routers with third par­ty soft­ware by Svea­soft which allows the sec­ond router to act as a repeater and access point. This seemed ide­al since routers are cheap­er than access points and have rebates to help the cost even more. I was able to upgrade the firmware on my old router with­out prob­lem, but sad­ly things did­n’t go so well for the new router (both have to have the third par­ty firmware).

Router Guts

You ever won­der what you’re router looked like on the inside? Hard to believe that’s a 125Mhz Lin­ux com­put­er, huh?

The firmware upgrade froze up and the pow­er light just start­ed flash­ing. If you own a Linksys WRT54G, let me tell you that the blink­ing pow­er LED is sort of like see­ing a human bleed­ing from the ears: a small sign that some­thing ter­ri­ble has hap­pened. I tried hard resets as well as try­ing flash­ing the router with old­er Linksys firmware. I even tried a war­ran­ty void­ing, last ditch effort to get it into fail­safe mode. Around mid­night, while typ­ing ping -t with one hand while the oth­er held a tiny flat­head screw­driv­er point across two Flash ROM pins, I thought to myself “Self, what the hell do you think you’re doing?” I fan­cy myself as pow­er user, but this was way above and beyond what I should be attempt­ing for a piece of hard­ware I could sim­ply return as being defec­tive.

The next day, I returned the “bricked” WRT54G to Com­pUSA and tried to look for a replace­ment. The prob­lem is, they did­n’t have any of the old­er, Lin­ux OS ver­sions; they only had the new V5.0 mod­els, which can’t use any of the fan­cy third par­ty firmware. Same thing at Office­Max, Cir­cuit City, and Best Buy: only the new, improved easy set­up mod­els. Final­ly, at Best Buy (as I was about to dri­ve over to check Sta­ples), I though that maybe I was going about this all wrong. Would­n’t pow­er-line adapters do the same trick, and negate the need for dumb­ing-down my wire­less net­work just for TiVo? So that’s where I stand now. I may still have issues with the old­er wiring in our home, but could it be worse than find­ing every way con­ceiv­able to break our wire­less net­work? I hope not.

  1. My ide­al solu­tion is to even­tu­al­ly have a net­work stor­age that will only allow machines I assign to it access, and then via pass­word. This way I can even just remove it from the net­work, or iso­late it, all togeth­er. []