[TriLUG] OT: best home wireless router?

Kevin Hunter hunteke at earlham.edu
Mon Jun 15 16:15:32 EDT 2009


At 2:50pm -0400 on Mon, 15 Jun 2009, David Matusiak wrote:
> I'd like to tap the collective intelligence of TriLUG and seek advice on a
> new home wireless access point.  My vintage Linksys is still going strong,
> but I'd really love to have a whitelist for known friendly MAC addresses. 
> I'm pretty sure this is a common feature these days, but I'm more
> interested in what new whiz-bang things are out there that I don't know
> about.

I, too, like Linksys.  On the other hand, it's the first one I got, and
I got the coveted 3.x version.  Here's to primacy of learning!

Two thoughts:

1. Have you already installed new firmware on your current Linksys? Most
post-factory firmware already has the features you mentioned.  Firewall:
check.  MAC address "security": check.  Internal network routing: check.
My current favorite firmware is Tomato.  Ask Alan Porter to tell you
more about it.  (You're welcome, alpo!)

2. Depending on how much of a security nut you are, let me caution you
against using "known friendly MAC addresses."  At best you keep the
computer-noobs and honest folks from your router.  At worst, you think
you're secure, and the clever crackers have mimicked a MAC address that
works.  Worse, this method doesn't scale if you want to let any friends
use your router when they visit.  You have to manually keep the MAC
address list up-to-date.

This also means that any traffic on your internal WLAN is openly
broadcast.  Not a big deal if you're sole setup is individual computers
talking to the net, but you want to transfer docs between computers on
the WLAN, that is openly transmitted.

The better suggestion is to use WPA2 encryption.  As far as I'm aware,
the only known crack is a brute force method, which takes a LONG time,
for any decent length and randomish password (>10 characters).  This
encrypts internal communication, lets you easily tell your friends the
password, and you don't have to worry about keeping the MAC address list
up-to-date.

(Further note: don't hide the SSID either.  Other security issues
involved with that one, and it does little more than maybe slow a real
cracker down.)

Cheers,

Kevin



More information about the TriLUG mailing list