New Wireless Router

loudbagel

loudbagel

Pre-takeoff checklist
Joined
Jan 16, 2011
Messages
102
Display Name
Display name:
Hummingbird Saltalamacchia
As we finish our basement, we decided to get an upgrade of our internet and now we have Time Warner Extreme (up to 50 mbps downstream). The other reason is that at any time we have 8-15 devices connected.

The question is would a new wireless router compliment the upgrade to extreme...or should the current one be ok?
 
loudbagel said:
As we finish our basement, we decided to get an upgrade of our internet and now we have Time Warner Extreme (up to 50 mbps downstream). The other reason is that at any time we have 8-15 devices connected.

The question is would a new wireless router compliment the upgrade to extreme...or should the current one be ok?
Click to expand...

EXXXXXXXXXXXXTREEEEEEEMMMMMMMMMMMMMMMEEEEEEEEEEEEEE... I hate IT marketing.

Keep the old one, save your money. I hunt down and pounce on every old WRT54G I can find..
 
What is the old wireless router? If it's not at least 802.11g, upgrade to 802.11n. (And upgrade all your devices.)

I run video around the house on a dual-band n device and sometimes I'd like it to go a little faster.

Any b or g devices on an n network will require it to down-speed for their traffic and affect overall throughput on the network.

The AppleTV is hard wired to a Gig port but my Cablemodem is 15Mb/2.5Mb so that's really the limiting pipe for inbound video. Backup storage is also hardwired but available via wireless also.

Anything less than video being pushed around or huge filesystem backups, it doesn't matter. If you're doing those things, give your network some bandwidth headroom do it's not the limiting factor.

Only other consideration is to remove anything utilizing WEP instead of at least WPA2 since WEP is crackable in just a few minutes of monitoring a "secure" network.
 
Wireless networking. :mad2::mad2::mad2::mad2:

I've lost days of my life to our wireless network. :mad::mad2:
 
I work for a cable company and 90% of my low speed internet trouble calls are end user hardware.

Number 1 problem is g routers. You will not get the speeds you are paying "up to" when dealing with a g wireless network. If you are looking for 50 meg , figure about 45 downstream .

You will get closer when hardwired but even then its a gamble.
The number 2 issue is the machines trying to be used. If they are older and slower , lacking RAM and processor power , it will also slow things down a bit.

Get yourself a decent N wireless and make sure the cards in the machines are also N if possible.


I hope your modem has been upgraded to a docsis 3.0 . That is the only way it will work and the beautiful thing with 3.0 is the channel bonding. Instead of using One upstream and one downstream , they use a minimum of 3. ( some companies use 4-5) . It will take the bandwidth being used and share it across the board , instead of trying to shove 10lbs of crap in a 2" hole.


Signal levels to the modem also play a big part . You can keep an eye on them by entering 192.168.100.1 into your browser and see what the upstream levels, down stream levels are and also the downstream SNR
( signal to noise ratios are) The docsis standards are + - 15 dbmv on the downstream , and up to 55 dbmv on the upstream , but absolute perfect is 0 down and 45 up. plus or minus 5 and 30's on the SNR.


Stay away form belkin , d-link routers and same with modems if you own your own. In my experiences , we have the least issues with linksys , then followed by netgear. Netgears seem to have issues when the modem IP changes but usually fixed by a reboot.

Another thing to do is a site survey by scanning wireless networks. You will probably see allot of your neighbors on the same channels. Change your router to one that is not the same as everyone else. It keeps the interference at a minimum. And if you have cordless phones , make sure they are a different frequency range as the wireless.
 
Last edited:
My cable company loves dictating to the end user what modem they are to purchase and then not support their choices, but have no problem changing their requirements every 6 months, as though the end user has more money than they know how to spend.

As to brands, the ones giving the greatest problems are Linksys. And their customer service is also the worst of the various brands.

Security: Do you find WPA2 to be significantly superior to WPA?
 
WPA/WPA2 are mostly safe if strong pads phrases are utilized.

Dictionary words? 10 minutes to completely own your network with a laptop using aircrack-ng.

Look up the Backtrack toolset (currently at version 5) via Google for tons of docs, examples, etc.

It's a lot of stuff to read and understand and complex enough that people make a living doing nothing but network security these days, so I say that to point out that there's always changes going on. Keeping up with news is half the battle. SANS.org newsletters are a good start if you're ready to have your life sucked away by it. ;)

Best advice: Treat wireless (even encrypted) as insecure and anything that needs security should add end-to-end encryption beyond the network's. (Example, SSL for online transactions. They may be capturing every packet you send over the wireless network after cracking it, but then they still have to contend with the packets themselves being encrypted.)
 
oldShar said:
My cable company loves dictating to the end user what modem they are to purchase and then not support their choices, but have no problem changing their requirements every 6 months, as though the end user has more money than they know how to spend.
Click to expand...


Out of curiosity , if you own the equipment , what support should the cable company provide regarding that equipment? I do not understand where you are going that statement.

If you want to own your equipment , no problem , but it does need to meet certain criteria for it to work properly within their system. But when you purchase that equipment, that equipment is your responsibility , as you own it.
 
Last edited:
I recently purchased a new Lenovo laptop. It is a long story, but its location is so far from the router that I needed a range extender, so I got a Linksys RE-1000. The extender would not play nice with my old Linksys WRT54G router, so I upgraded to a Linksys E-3000 "n" router. Best thing I've done in awhile for the network. It is so good I "almost" did not need the range extender for it, but used it anyway to get more speed, since the E-3000 slowed down a lot being on the edge of it's range limits for a good strong signal. I use WPA2 encryption and MAC filtering. Can't say enough good about the new router. I have 3 laptops and a digital picture frame running off the router's wifi.
 
denverpilot said:
Best advice: Treat wireless (even encrypted) as insecure and anything that needs security should add end-to-end encryption beyond the network's. (Example, SSL for online transactions. They may be capturing every packet you send over the wireless network after cracking it, but then they still have to contend with the packets themselves being encrypted.)
Click to expand...

Maybe you know a good answer: I use a firewall to create a little satellite of our office network in my home office. That way I have a workstation, a NAS box for backups and a printer that are transparent to everything in the main office via an IPSEC tunnel. Now, I intentionally dont have have wireless 'inside' of this island as to not open it up to the vulnerabilities you mention. What is in your opinion the most secure way to be able to work from a laptop inside of that network short of dragging a 100ft cat5 cable from my office to the living room :) (or dialing into the firewall via VPN using my promiscuous 'houseguest' WLAN).
 
If you generally control that laptop and keep it updated I wouldn't worry much about it dragging anything inappropriate into the office wired network.

Scan it regularly and the VPN connection should be about as good as you can do.

Also making sure the laptop doesn't accept connections from anything when it's "out on the town" on some doozy of a network... using at least the built in firewall as a minimum. It should be "invisible" to a network portscan, etc.

And any connections it makes outbound are encrypted, like SSL and encrypted mail connections, etc. Never open SMTP without SSL/TLS, same for PPP and/or IMAP.

Another tactic I've seen used is to use Remote Desktop (with filesystem mounting turned OFF) or VNC over an encrypted tunnel or VPN
to access the "work" machine in that secured network, never really letting the laptop fully on the secure network. But you mentioned the NAS and I'm guessing you back up to it, so the NAS is probably your most likely attack vector... Get a virus/malware on the NAS, it's kinda game-over at that point.

You're doing more than 90% of folks out there.

I once had a family member explain how "cool" it was to look through other people's shared files via CIFS/Windows File Sharing at a local coffee shop.

My jaw just dropped. "So you're accessing files you got off of some unknown computer at a coffee shop?" Sigh.

Apple's new "Airdrop" feature looks insidious if the bad guys figure out how to utilize it without your knowledge. Ugh. Bad idea.
 
bartmc said:
I hunt down and pounce on every old WRT54G I can find..
Click to expand...
Just remember that WRT53G tops at 30 mbit/s, in part because it uses VLAN intenally, in part because its CPU is puny. The platform is obsolete these days.
 
Oh almost forgot. If you're just surfing on unprotected networks, "portable" versions of browsers are great. Even whole "portable" operating systems that'll boot from a USB stick.

Boot USB stick, diddle around in the browser, shut down. Save the whole OS for networks you trust. Great for Road Warriors.

And of course, whole disk encryption. TrueCrypt or FileVault or similar... if there's any serious data on the laptop that you care about. Lose the laptop, make it hard(er) for someone to get at your data than simply booting and bypassing the password (which is pretty trivial on both Windows and Mac).
 
denverpilot said:
Best advice: Treat wireless (even encrypted) as insecure and anything that needs security should add end-to-end encryption beyond the network's.
Click to expand...
I eventually created a separate wired network for TiVo and Wii, in case someone uses them in an attack vector. Who knows what garbage those are running.
 
I ended up picking up an apple Airport Extreme.... It's very fast and handles the load of computers very well. It now has my recommendation
 
denverpilot said:
If you generally control that laptop and keep it updated I wouldn't worry much about it dragging anything inappropriate into the office wired network.
Click to expand...

My question was more whether there is a way add some sort of proprietary wireless access point that is:
- invisible to my neighbors
- locked down to only accept connections from a particular wireless card.
- has some fancypants encoding for the network traffic beyond the standard WPA type stuff

That way I could use the laptop within the network without having to go through the VPN client.

I mostly use RDT onto a workstation. How secure is that from someone simply peeking onto my desktop ?
 
weilke said:
- invisible to my neighbors
Click to expand...

Turn off SSID broadcasts. Won't see it in network lists but a sniffer will still see traffic and know that it's there. Whether they'll know it's your network depends on what else is around. If it's transmitted, someone can receive it if they're in range.

Brings up another point. AP in a basement helps limit its range to mostly just your house. Put it on the second floor of a house and it'll easily cover a city block in most environments. Control where the RF goes, less risk... someone would have to be parked in my driveway or aiming a high gain antenna at my property to receive my AP's packets for example.

weilke said:
- locked down to only accept connections from a particular wireless card.
Click to expand...

Many wireless access points can filter traffic by MAC address. It's possible for an attacker to spoof a valid address but that assumes they have gotten past the other layers of defense. Never a bad idea to lock a wireless network down to only known computers. Takes a little effort to round up all the MAC addresses though. I don't bother...

weilke said:
- has some fancypants encoding for the network traffic beyond the standard WPA type stuff
Click to expand...

Not really.

weilke said:
That way I could use the laptop within the network without having to go through the VPN client.
Click to expand...

Hmm. I kinda liked your VPN client setup. But they can be a bit of a pain I suppose.

weilke said:
I mostly use RDT onto a workstation. How secure is that from someone simply peeking onto my desktop ?
Click to expand...

Not sure what you mean here. You mean versus someone shoulder-surfing while you're at the desktop or watching the RDP session over the air?

RDP is encrypted by default but will fall back to lower encryption or none at all on really old versions of RDP. Group Policy can be used to disable the auto-fallback is my understanding.

I'm a Unix geek by trade so I'm usually SSH tunneling VNC and or X itself and not using much Microsoft RDP. I have the Microsoft RDP client loaded on my Mac for occasional use is about all.

You could port forward only RDP in through the firewall. More convenient than having to VPN first but makes the machine running RDP service a bigger target if other people can get to it from outside.

The beauty of the VPN setup is that you're a complete insider when it's up and you don't have to expose any services to the external network.

Moving things to odd-ball port numbers won't stop a motivated hacker targeting you but it will typically kill any chances of an automated script (often poorly written) finding a particular service. Security by obscurity as they say. Not the best but it does work for a lot of things.
 
cavmedic said:
Out of curiosity , if you own the equipment , what support should the cable company provide regarding that equipment? I do not understand where you are going that statement.

If you want to own your equipment , no problem , but it does need to meet certain criteria for it to work properly within their system. But when you purchase that equipment, that equipment is your responsibility , as you own it.
Click to expand...

It isn't that I WANT to own it. They don't sell/rent/lease it. They tell you what is acceptable then let you go through the frustration of trying to figure out who sells it and what it does or doesn't do and what other technical support you have to find and pay for in addition to the frequent purchase of replacement equipment, instead of THEM providing the equipment, technical support, and the responsibility of keeping it operating
 
oldShar said:
It isn't that I WANT to own it. They don't sell/rent/lease it. They tell you what is acceptable then let you go through the frustration of trying to figure out who sells it and what it does or doesn't do and what other technical support you have to find and pay for in addition to the frequent purchase of replacement equipment, instead of THEM providing the equipment, technical support, and the responsibility of keeping it operating
Click to expand...

A company that won't lease you a modem seems odd to me. Of the 3 companies in this area, all of them offer a lease on equipment. Some won't sell modems because they are not authorized resellers . As for saying where to purchase your own device, we are not permitted to endorse one store over another.

As for device features and specifications and operation, that would be the end users responsibility to look into that and the sales staff where it was purchased to explain it. You wouldn't purchase an oven then call the electric company afterwards for tech support to set the clock or how to bake cookies.





Sent from my iPad using Tapatalk
 
g = gamble

Many vendors mfg'd products before the [cough] standard was finalized ...
and there can be interoperability problems. You improve your odds of 'g'
working by disabling all the fancy go-faster, go-farther options.

At this moment; almost every g & n router ever sold that uses the term WiFi
or their cute b&w logo is vulnerable to cracking. The only mfgr that seems to
have gotten it "right" is Apple's "Airport" family of WiFi routers. As of this
moment, I suggest avoiding TrendNet and Linksys/Cisco. Their security
defects are stunningly stoopid. Fixes are promised for March.

Whatever you already have or buy, DISABLE the easy-setup mode named
WiFi Protected Security (WPS). Some vendors call it by other/fancier/
g-whiz names.

I'll also suggest that you consider a product that provides (separate)
"guest" logins.
 
Last edited:
You must log in or register to reply here.
Back
Top