Extending wireless networks; some gotchas

Visiting the family over Christmas and of course there are the tech-support duties. One of which was making a wireless network extend further through an old house with very thick walls. In the small amount of time I had there wasn't the option of running network cables to some strategic points where additional WiFi access points could be installed so I invested in a couple of Netgear wireless extenders. 

I've used these before and been impressed; fast throughput and lots of features. They are proper NAT routers and you can use them as firewalls between ethernet network segments or extend an existing wireless network. In that mode (and it's a small switch that sets that mode) the ethernet ports become wired outlets for the WiFi network; intended for set-top boxes that can't be connected via a cable. They can turn a USB drive into a NAS drive and all this for less than twenty quid!

The only downside is that they have a single radio and so can only repeat a network on the channel that it arrives as. In a relatively WiFi-free environment you'd think this wouldn't be a problem, but I didn't figure on how rubbish the provided BT HomeHub 3 is! 

Since they have a flip-out antenna I figured I'd place one downstairs and one upstairs as close as possible to the room with the aDSL router and see how I got on. 

• It is a cheap, plastic, single-board gadget
• It has no external antenna or even socket for one
• You have to use it as the BT mothership monitors for their own secret sauce

What I discovered after two days of frustration is that it is entirely intolerant of other devices sharing it's channel. The Netgears can only repeat on the channel they receive on and so I was off to a non-starter. I would work for a few hours an then both of the Netgears would drop off the network and a round of re-booting (and half an hour for them to all settle down again) told me that this was not a reliable configuration for non-technical users.

So - after a bit of chin-scratching I came to this configuration;

• Netgear no.1 is wired to the BT hub and set for Access Point mode; it's re-serving the connection with a new IP range and (crucially) a new WiFi channel some distance from the BT hub.
• Netgear no.2 is set for wireless extender mode and is located at a mid-point in the house repeating the signal from no.1

This has been stable for more than a day now (I've insisted that my boys use the furthest repeated network) with only minimal speed loss (typ. 8 mbits^-1 against 10mbits^-1 at the BT) so I'm going to run away and hope!

Friends don't let friends use stock firmware in their routers, part 2

Just a month since I wrote the first piece on this and there are more domestic router breaches.

1. "The Moon" worm on Linksys routers - The worm works by injecting vulnerable devices with a URL-encoded shell script that carries out the same seek-and-hijack behavior. The exploit may also change some routers' domain name system server to 8.8.8.8 or 8.8.4.4, which are IP addresses used by Google's DNS service. Compromised routers remain infected until they are rebooted. Once the devices are restarted, they appear to return to their normal state. People who are wondering if their device is infected should check for heavy outbound scanning on port 80 and 8080, and inbound connection attempts to miscellaneous ports below 1024. It seems that most E-series Linsys routers are vulnerable. 
2. ASUS routers expose shared USB drives over the public internet - The exploits against Asus routers has been known about by Asus for a year and they have yet to correct it in old and current models. 

 Ars Technica's stories are here and here. 

Do I really need to remind you NOT to use manufacturer firmware in your router when DD-WRT, Tomato and others are available?