Do you guys have any experience with routers? because i have some questions

[gexecuter]

So recently my sisters got a notebook as a christmas gift and we decided it was better if we had WIFI in our house so that they could connect to the internet using the notebook. Anyway my ISP installed a zyxel router and ever since then i have been having some problems. sometimes i can't surf at all because i get redirected to 192.168.1.1/zCfgTryAgain.html and i see the following message :

"object not found

The requested URL '/zCfgTryAgain.html' was not found on the RomPager Advanced server."

Turning the router on and off seems to fix it tough but it's very annoying. Another thing is that i am worried that someone might leech off my bandwidth even tough it's password protected and i have been thinking how to prevent that, any software i can use to detect thiefs?. Also I know that the 192.168.1.1 address is for router configuration but it's password protected so i can't access it, do i even need to access the router configuration?.

Anyway help would be apreciated since you guys seem pretty knowledable.

[4wd]

So recently my sisters got a notebook as a christmas gift and we decided it was better if we had WIFI in our house so that they could connect to the internet using the notebook. Anyway my ISP installed a zyxel router and ever since then i have been having some problems. sometimes i can't surf at all because i get redirected to 192.168.1.1/zCfgTryAgain.html and i see the following message :

"object not found

The requested URL '/zCfgTryAgain.html' was not found on the RomPager Advanced server."

Turning the router on and off seems to fix it tough but it's very annoying. Another thing is that i am worried that someone might leech off my bandwidth even tough it's password protected and i have been thinking how to prevent that, any software i can use to detect thiefs?. Also I know that the 192.168.1.1 address is for router configuration but it's password protected so i can't access it, do i even need to access the router configuration?.

Anyway help would be apreciated since you guys seem pretty knowledable.

-gexecuter (January 09, 2009, 03:38 PM)

I've been running a Zyxel Prestige 660HW-61 for more than 2 years and it's been very reliable apart from 2 or 3 small problems.

The only protection I use for the WiFi is 128bit WEP, MAC filtering and no SSID broadcast

IIRC, the default password for Zyxels is: 1234

I can probably help you with the configuration of it, what model are you running ?

[Ehtyar]

The past few years I've had two NetGear products. The first was a WGR614 which was fine, but its range was too limited for my sister to use wireless in her bedroom, so now we have a WPN824v2. Anyway, now that you know my life story both products have been extremely stable (the dlink we had prior to the WGR crashed weekly) and I would most definately purchase a netgear product again.

Netgear are generally considered to be at the economical end of the higher quality routers. If you wanted something really powerful, you probably go for a Linksys or a CISCO, but you'll pay a lot more for those.

Experience with routers varies significantly. You'll find it difficult to pinpoint a brand that has good reviews across the board. If you're going to purchase a new unit I would suggest choosing something that it's brand new to the market and that has solid reviews.

Ehtyar.

[gexecuter]

So recently my sisters got a notebook as a christmas gift and we decided it was better if we had WIFI in our house so that they could connect to the internet using the notebook. Anyway my ISP installed a zyxel router and ever since then i have been having some problems. sometimes i can't surf at all because i get redirected to 192.168.1.1/zCfgTryAgain.html and i see the following message :

"object not found

The requested URL '/zCfgTryAgain.html' was not found on the RomPager Advanced server."

Turning the router on and off seems to fix it tough but it's very annoying. Another thing is that i am worried that someone might leech off my bandwidth even tough it's password protected and i have been thinking how to prevent that, any software i can use to detect thiefs?. Also I know that the 192.168.1.1 address is for router configuration but it's password protected so i can't access it, do i even need to access the router configuration?.

Anyway help would be apreciated since you guys seem pretty knowledable.

-gexecuter (January 09, 2009, 03:38 PM)

I've been running a Zyxel Prestige 660HW-61 for more than 2 years and it's been very reliable apart from 2 or 3 small problems.

The only protection I use for the WiFi is 128bit WEP, MAC filtering and no SSID broadcast

IIRC, the default password for Zyxels is: 1234

I can probably help you with the configuration of it, what model are you running ?

-4wd (January 09, 2009, 03:48 PM)

The model that i have looking at the bottom of the router is Zyxel P-660HW-T1 V2. The password that you provided didn't work, maybe my ISP changed it? if i reset the router i should be able to configure it because the password would be cleared right?

[Darwin]

While I am running MAC filtering on my DLink WB-1310 router, it is a waste of time, according to the pundits. If your hardware supports it, you should be running WPA-2 encryption. Can't help you with network access monitoring software, but there is probably some rudimentary functionality for this built into the router browser interface. On D-Link, the default password is nothing - ie, you leave the field blank. Try this, along with 40wd's 1234 suggestion and see how you get on.

Depending on where you live, unauthorized access to your network is not a huge risk. Of course, if you live in an apartment building or in a very urban area it is a HUGE risk... if you live, as I do, in a fairly quiet area with good sized lots, the risk is small.

[4wd]

Experience with routers varies significantly. You'll find it difficult to pinpoint a brand that has good reviews across the board. If you're going to purchase a new unit I would suggest choosing something that it's brand new to the market and that has solid reviews.

-Ehtyar (January 09, 2009, 04:12 PM)

Actually, I would have said something that's been on the market for a while and has solid reviews.

No use buying something that's 'brand new to the market' and then 8 months later everyone suddenly finds that the mCPU in it blows up due to the date matching and IP address

The model that i have looking at the bottom of the router is Zyxel P-660HW-T1 V2. The password that you provided didn't work, maybe my ISP changed it? if i reset the router i should be able to configure it because the password would be cleared right?

-gexecuter (January 09, 2009, 04:29 PM)

Resetting will clear all settings including the login/password for your connection if there is one, so you'll lose your internet.  Ideally, you want to get in before you have to resort to resetting - I don't suppose your ISP would give you the password ?

Or, it may be something simple like your phone number or the ISP uses a default password for all their routers, doing a Google for your ISP name router "default password" might bring up something.
Also try things as simple as 'admin' or 'root'.

BTW gexecuter, if you manage to get into the config of your router BEFORE you do anything, go through every single config screen and use a screen capture program to note the settings.  Also, find out what your login/password for the connection is from your ISP is before you change anything.

While I am running MAC filtering on my DLink WB-1310 router, it is a waste of time, according to the pundits. If your hardware supports it, you should be running WPA-2 encryption.

-Darwin (January 09, 2009, 04:37 PM)

Yes well, one of the 2 or 3 things that used to cause problems on the Zyxel was spontaneous reboot when using WPA - ergo, don't use it.  Don't know whether it's been fixed with a firmware update or the implementation is slightly different on the T1.

WPA-2 has been cracked anyway, so it's not much better than WEP.

128bit WEP, MAC filtering, non-broadcast SSID, static IPs and the SPI firewall are a lot simpler and just as good - the idea is to keep Joe Public out, you've got no hope against someone who's determined to get in.

gexecuter, there are two other things that affected the 660HW-61 that you can try before having to get into the config:
1) It's susceptible to power blips, it'll go into TTM¹.  Try and put it on an UPS if you're in an area with supply fluctuations.
2) It's susceptible to heat.  Under the middle base it gets warm and then just stops communicating.  Either support it at both sides on something, (I use 2 matchboxes - hi-tech, huh), or mount vertically to let air flow and cool it.

1 - Thumb Twiddling Mode

[Ehtyar]

Manufacturers should not be permitted to advertise MAC address filtering as a security feature. Put your wireless NIC on ad-hoc mode and you'll see the MAC addresses of all nearby wireless interfaces. It is then a trivial operation to fake (or spoof) the MAC address of one of the interfaces permitted to access the network.

Resetting the router (via a reset switch or button) should clear the password.

Experience with routers varies significantly. You'll find it difficult to pinpoint a brand that has good reviews across the board. If you're going to purchase a new unit I would suggest choosing something that it's brand new to the market and that has solid reviews.

-Ehtyar (January 09, 2009, 04:12 PM)

Actually, I would have said something that's been on the market for a while and has solid reviews.

No use buying something that's 'brand new to the market' and then 8 months later everyone suddenly finds that the mCPU in it blows up due to the date matching and IP address

-4wd (January 09, 2009, 04:47 PM)

That was indeed what i meant to say. My bad, ty 4wd.

Ehtyar.

[Darwin]

128bit WEP, MAC filtering, non-broadcast SSID, static IPs and the SPI firewall are a lot simpler and just as good - the idea is to keep Joe Public out, you've got no hope against someone who's determined to get in.

-4wd (January 09, 2009, 04:47 PM)

Very true - and pretty much what I was getting at WRT more rural locations being less risky than urban ones... WRT WEP vs WPA-2, you're quite right as well, my point was more that if you might as well use the highest level of encryption supported by your hardware. My understanding is that WEP is pretty much useless at keeping someone out, WPA can be cracked in minutes, and WPA-2 is secure. For now.

FWIW, I use static IPs, MAC filtering, and WPA-2. I don't hide my SSID, though I keep meaning to do it. DO note, however, that the pundits do not consider this worth the time or the effort, either.

I'm with 4wd on this, though - you really want to keep Joe Q. Public from stealing bandwidth, because a determined hacker will get in now matter what you do. To that end (keeping the 12 year old in the apartment above you out of your network), any/all of these "tricks" should be applied.

[4wd]

My understanding is that WEP is pretty much useless at keeping someone out, WPA can be cracked in minutes, and WPA-2 is secure. For now.

-Darwin (January 09, 2009, 05:00 PM)

OK, so maybe 'cracked' was a bit premature on my part but the end is nigh 

FWIW:

Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocol that today de-facto protects public WIFI-airspace.

I'm with 4wd on this, though - you really want to keep Joe Q. Public from stealing bandwidth...

-Darwin (January 09, 2009, 05:00 PM)

As long as I can keep Joe Public out of my data I don't mind if he grabs a little internet action over my WiFi if that's what turns him on.
Mind you, he'd have to compete with my usenet downloader which runs max bandwidth 24/7/365(6) - the most effective bandwidth stealing deterrent is when there's no bandwidth left to steal 

[Darwin]

s long as I can keep Joe Public out of my data I don't mind if he grabs a little internet action over my WiFi if that's what turns him on.

-4wd (January 09, 2009, 05:44 PM)

  Point taken! Only compelling reason to keep someone from stealing your bandwidth is that in some US states what someone does with YOUR bandwidth is your responsibility ie the onus is on you to secure your network. Failure to do so leaves you vulnerable to prosecution for any criminal activities that are conducted using your bandwidth... I am not sure what the regs are WRT this in Canada, but I have this niggling feeling that they are the same. My big "thing" with security is my data, though - someone who can get on my network is in a position to start stealing my info. Identity theft, anyone? 

Quite right about the end being nigh with WPA-2. I don't actually know why I bothered to upgrade my hardware to support it (I did, about four months ago) given that it's "cracking" is likely imminent!

[4wd]

I don't hide my SSID, though I keep meaning to do it. DO note, however, that the pundits do not consider this worth the time or the effort, either.

-Darwin (January 09, 2009, 05:00 PM)

Interesting people these "pundits".

Hiding the SSID is usually nothing more than ticking a checkbox in your routers' config - so it can't hurt to do something that simple.
If anything, it will stop someone just turning on their laptop and clicking on 'DarwinNet' to connect

If given a choice between loading up software to do a scan for WiFi or clicking on 'EhtyarNet', (because 'DarwinNet' is invisible), to connect....what would you do ? 

Zyxel routers are good for other things too...........like wardriving

Here's a couple of interesting papers on the Zyxel P660HW-T1:
Hacking Zyxel Gateways
ZyXEL Gateways Vulnerability Research (Part 2)

Only compelling reason to keep someone from stealing your bandwidth is that in some US states what someone does with YOUR bandwidth is your responsibility ie the onus is on you to secure your network.

-Darwin (January 09, 2009, 07:16 PM)

I'd agree with that if WiFi routers were sold with secure settings in place from the beginning and it was your fault that you disabled them....but they're not.

Do they really expect Mr/Mrs Joe Public, (who only wants the convenience of being able to browse a website from their laptop while floating on an inflatable horse in the middle of their pool), to go into the config of a router and configure it for secure WiFi when a lot of people have enough trouble just getting the damn printer to work ?

But then if the router was sold with WiFi secured you'd have a lot of calls to tech-support, store returns, etc, etc because they just want to take it home, plug it in, turn it on and click the button that says 'Connect'.........only it wouldn't.

What they need, (and Zyxel implemented this in their WiFi adapters - OTIST, One-Touch Intelligent Security Technology), is a way to secure the WiFi by doing the same as they do for wireless keyboards and mice, (I'm talking w.r.t. home based WiFi not public area WiFi).

eg. Plug in the main WiFi station/router and then push a button, (hardware or software), and then for each client push a button in their hardware/software within a fixed time period, (say 30 seconds), of the initial router initiation.  Then through a unique device ID each device becomes known to that router and so has access, other WiFi clients are ignored or can be given ad-hoc access on a time limited temporary basis.

[f0dder]

I'm not sure hiding the SSID is a good idea - it might make your network more interesting to hackers? "Ah, here's somebody who knows how to turn that off, they must have something interesting to hide". Especially if combined with weak protection like WEP or WPA-1. Same goes for MAC filtering.

Btw, what's the timeframe for cracking WPA-2? I thought that even with the latest GPU stuff, we were talking at least months with a decent passphrase?

[4wd]

I'm not sure hiding the SSID is a good idea - it might make your network more interesting to hackers? "Ah, here's somebody who knows how to turn that off, they must have something interesting to hide". Especially if combined with weak protection like WEP or WPA-1. Same goes for MAC filtering.

-f0dder (January 09, 2009, 11:41 PM)

Interesting to hackers, maybe...but mainly to keep Joe Public from arbitrarily logging on and knocking off a bit of your bandwidth.

Btw, what's the timeframe for cracking WPA-2? I thought that even with the latest GPU stuff, we were talking at least months with a decent passphrase?

The problem is very few people use decent passphrases and I doubt whether the majority of people who are knowledgeable enough to turn on any form of WiFi security protocol bother to use decent passphrases.

And once set, how many people actually bother to change it occasionally ?

So if a hacker wants to get in he probably has a very large time frame within which he can try and achieve it.

Here the Pyrit guys talk a bit more about it, giving an example time frame based on a 2006 NIST whitepaper.

All-in-all, I think the following is the best solution for people who want to steal your bandwidth - it'll probably annoy them enough to go elsewhere.
My neighbours are stealing my wireless internet access.

[Darwin]

The issue with SSID (where the pundits are concerned) is that it is perceived to be a waste of time - anyone who wants onto your network is going to get onto your network, hidden SSID or not. I think the caveat they are trying to make is that one shouldn't get a false sense of security as a result of enacting these measures.

I take the general attitude that these measures may well be a waste of time, but it doesn't cost me anything to put them in place! I haven't enabled a hidden SSID because I haven't had time to explore the ramifications of doing so for hardware connected to my network.

[Paul Keith]

Thanks for making this thread. I am having this dilemma too.

I'm still paranoid about it. Still haven't touched the damn router because of this. The whole "it's not worth it" security vs. "extra layers for the better" security sides further makes the issue confusing.

[cranioscopical]

Off topic a bit here (surprise!)

Please put aside your initial reactions of "Good heavens, are you mad/what about...?/haven't you considered...?"

I have just set up a machine that is to be used for a limited set of business purposes only.
It has no need to be connect to another machine in any way.
It just sits there, isolated, doing its job.
None of its capacity is wasted on trying to protect itself.
What a relief it is to deal with something so simple.

Those Luddites had something!

[Darwin]

Chris - is it connected to the internet...? I take it that the answer is "no".

[Darwin]

@Paul - my position is this: educate yourself about the effectiveness of each of these security options and implement the top security "cocktail" that you are able to within the limitations of your hardware. The key is to be aware of the risks. I think the "pundits" I keep referring to are attempting to debunk myths about wireless security because to the uneducated the perception is that there is either no need for any of these measures (or people are completely unaware of the need for them) or that some of the older measures are sufficient and they then never give the security of their home network another thought. I have a friend who simply enabled MAC filtering and left it at that. He's not had any trouble, but then he lives on a rural road with about 25 metres separating him from his neighbours on either side and about 50 separating him from the road and easily 150 from his neighbour to the rear. The likelihood of anyone making the effort to sit outside his road to try to hack into his network, and to do so unnoticed, is pretty slim! If he did that on the second floor of an apartment building in Vancouver, New York, Seoul, or Beijing he'd be asking for very serioius trouble indeed!

[f0dder]

I'm not blocking my SSID (because it makes things easier when friends with laptops come by - and they kinda often do). It's a non-standard SSID btw, so I'm not going to be hurt by precomputed attacks against "LINKSYS", "NetGear" etc SSIDs. The same goes for MAC filtering... both are pretty useless anyway. I run WPA2-PSK encryption... I don't expect that I'll be targeted by somebody who's committed enough to launch a distributed GPU cracking attempt

[cranioscopical]

Chris - is it connected to the internet...? I take it that the answer is "no".

-Darwin (January 10, 2009, 10:11 AM)

[gof]
No, it simply exists in it's own little world.
More and more I realize that the internet now is both the biggest convenience and the biggest curse on the planet.

This thread is another painful reminder of the prodigious amounts of money and time wasted on trying to make our machines safe.
[/gof]

[gexecuter]

gexecuter, there are two other things that affected the 660HW-61 that you can try before having to get into the config:
1) It's susceptible to power blips, it'll go into TTM1.  Try and put it on an UPS if you're in an area with supply fluctuations.
2) It's susceptible to heat.  Under the middle base it gets warm and then just stops communicating.  Either support it at both sides on something, (I use 2 matchboxes - hi-tech, huh), or mount vertically to let air flow and cool it.

-4wd

Funny that you mention power blips since in my house the power goes out very frequently. Something about the electrical sockets. I wish i could afford an UPS but i can't. About the heat stuff, i think i could come with something. even tough i can't think of something right now. btw any of those two issues can affect my speeds?

anyway reading the thread i have learned some useful info. I can't really stop a determined hacker from getting into my network, however i can stop everyday joe's. thankfully i don't live in a very urban place, just a small villa (that's is the word for a bunch of houses in location right?) so hopefully i should ok.


PS: i don't think my ISP would give me router's password because when the tech came to my home he said i couldn't change the Wifi network password or something like that.

[4wd]

gexecuter, there are two other things that affected the 660HW-61 that you can try before having to get into the config:
1) It's susceptible to power blips, it'll go into TTM1.  Try and put it on an UPS if you're in an area with supply fluctuations.
2) It's susceptible to heat.  Under the middle base it gets warm and then just stops communicating.  Either support it at both sides on something, (I use 2 matchboxes - hi-tech, huh), or mount vertically to let air flow and cool it.

-4wd

Funny that you mention power blips since in my house the power goes out very frequently. Something about the electrical sockets. I wish i could afford an UPS but i can't.

-gexecuter (January 10, 2009, 04:50 PM)

I also have semi-frequent power blips/brownouts, (of course they only happen when I'm not here), as I mentioned above somewhere I also have a PC that's on 24/7 downloading from usenet.  So when the power blips, the router could go down and the PC stops downloading until I can get to it to power cycle the router.

I also don't have an UPS, (one of those things I haven't got around to), but I have minimised the effect of power blips when I'm away, (as I will be in about 18 hours for 7 weeks), by doing the following:
1) the router is plugged into a time switch that's set to power off at around 0100 and then power on 15 minutes later - this will get it out of TTM.
2) the PC is set in BIOS to power on at AC restore and power on at a fixed time every day.

This combination has allowed it to weather 3-4 months of me being overseas without a problem.

Although, if the problem is in your electrical house wiring then you have bigger problems.  I have a rental property that kept blowing the controller in the central heating, we thought it was the grid supply fluctuating and had a surge protector fitted to the supply/meter board.  It happened again, except power was lost to half the house.

It turned out to be one power outlet in the family room where the wires hadn't been properly secured/screwed in from new, (it was only built 8 years ago).  Vibration caused intermittent connection, which caused intermittent surges through that circuit, (which just happened to have the central heating controller on it), and bang.......there goes the controller.

We got off light, it could just as easily have started a fire.

About the heat stuff, i think i could come with something. even tough i can't think of something right now.

Come on, four matchboxes, one at each corner - you only need to raise it about 12-20mm

btw any of those two issues can affect my speeds?

Not that I'm aware of, both my mate and I run the P-660H(W)-61 and these are the only real problems we've found with them.  I even bought one for my parents i.l.o. these minor faults because it's features far outweigh them for the price.

However, without knowing how your ISP has set up the config it can't be ruled out that something in there is affecting it, eg. they've turned on Media Bandwidth Management with the wrong settings.

PS: i don't think my ISP would give me router's password because when the tech came to my home he said i couldn't change the Wifi network password or something like that.

Can I ask who your ISP is, (also, have you tried your ISP's name as the password) ?

This is why I really hate having to use 'their' equipment, (which I'm not, but I had a choice), however if you know the username/password and basic settings for the ADSL then you can do a factory reset by, (IIRC), pushing in the button on the back while powering on the router, hold the reset button for 10 seconds then release.  The router should go through it's diagnostics and start up with no internet connection, you should be able to enter the config then using '1234'.

Then enter Wizard Setup, you'll need the following info:

Mode:               Routing
Encapsulation:    PPPoE    (usually)
Multiplex:           LLC
Virtual Circuit ID:
                 VPI: 8
                 VCI: 35

The bottom 3 values, (Multiplex, VCI, VPI), you need to get from your provider - the ones I've given are a general default.

On the next page:

Service Name: Telefonica  (just guessing )
User Name:
Password:
Obtain an IP automatically
Connect on Demand  Max timeout 7200
NAT:              SUA

You need the 'User Name' and 'Password' from your ISP, the other options can be changed once a connection is established.  Once you click Next it should connect, (IIRC).

As I mentioned above, I'm off for 7 weeks shortly so any questions later than about 1800 AEDST today will incur a delayed response

[4wd]

More and more I realize that the internet now is both the biggest convenience and the biggest curse on the planet.

This thread is another painful reminder of the prodigious amounts of money and time wasted on trying to make our machines safe.
[/gof]

-cranioscopical (January 10, 2009, 10:47 AM)

Watch out Ehtyar!

He's gunning for 'El Presidente de la lámina de estaño sombrero brigada'¹, just like kartal.

1 - Blame Google Translate if I screwed up.

[40hz]

I have just set up a machine that is to be used for a limited set of business purposes only.
It has no need to be connect to another machine in any way.
It just sits there, isolated, doing its job.
None of its capacity is wasted on trying to protect itself.
What a relief it is to deal with something so simple.

-cranioscopical (January 10, 2009, 08:54 AM)

I am so happy to hear somebody else is doing that.

About three years ago I put all my business's financial, planning and related apps on a separate machine named LucaPacioli, and I never looked back. It doesn't connect to anything other than a printer via a parallel cable.

All it does is "mind the store" for me. Like your machine, it just sits in its own little universe - keeping track of billable time and materials, generating invoices, doing accounting, assisting  with business and marketing plans, etc.

There is absolutely no security software on this machine other than TrueCrypt. And nothing on it ever gets updated unless absolutely necessary.

And it runs like a champ.

Quite a relief indeed.

[gexecuter]

I hope you are having fun in your vacation 4WD!

I dunno what electrical problem in my house is actually, all i know is something when we start some devices (like microwaves, electrical water heaters,etc.) the power goes out. It reallly hasn't caused much trouble since no stuff has been burned so it's just very annoying.

I did what you told me and put 4 matchboxes below the router, low tech but it works.

My ISP is indeed telefonica chile, i did try their name as the password with no luck. I dunno what username and password are you talking about. The only password that the tech guy gave was for connecting to the wifi in the notebook. If you mean the user/password that i had to use before i had the router then yes i do have that.

I don't plan resetting the router anytime soon but one thing is tempting me, the Media Bandwidth Management is for splitting the bandwith right? i could use that to give my PC and the notebook a 50/50 % of bandwith each right? that could be really useful.

Anyway 4WD i hope that when you read this you will have had an awesome vacation. I could have wrote this when you had came back but i would probably forgotten it by then.