About a month ago (April 2013) I ran into an article suggesting my home wifi network is unsecured (HERE). A security firm tested 13 routers from various manufacturers (HERE), and found several vulnerabilities. I was happy to see that my home router was not on the list (D-Link DIR-615), but that doesn’t mean it’s secure. Since the the bottom line for protecting your home network is “update your firmware”, I went to D-Link’s website (HERE). Unfortunately, 2 out of the 3 firmwares were the shipping firmwares (unchanged since the product shipped), and the single firmware upgrade was for hardware version E1 only (I have E4!). No latest firmware for me 😦
So I started looking. On the internet. Thankfully, Open Source is a thing.
Some sites suggested running Linux on a home computer instead of using a router (HERE). This seemed overkill at first. A desktop would take too much electricity, space, and would be loud (fans). A laptop would be a good idea, and I have an ASUS EEE lying around. It runs a Celeron 800Mhz processor, which is pretty weak (for today’s standards), so I was skeptical. I tested it out, installing several Linux distributions, before deciding this was not the solution for me (also, I didn’t have another laptop to spare). Perhaps more on this in a later post. Suffice it to say that I had other plans for this little machine.
Back to the internet.
Why run Linux on a laptop, when you can just upgrade your router to an Open Source firmware? Once I found this, this, and this, it was clear what I needed to do. One of the recommendations for better security was to “consider replacing your router’s doubtless buggy internal software with an open-source alternative such as DD-WRT, Tomato or OpenWRT”. So I did.
Starting with the DD-WRT wiki (HERE), it was pretty straightforward. Basically it shows you how to load this custom firmware (in BIN file format) using the built-in “update firmware” option in the DIR-615 web interface.
This tutorial was for revision E3, but it was compatible with my revision (E4). The difference between E3 and E4 is the signature at the end of the BIN file: AP99-AR7240-RT-091105-01 for E3, and AP99-AR7240-RT-091105-05 for E4.
If you try to upload with the wrong signature, the router will inform you that the firmware BIN is incompatible and won’t continue.
In order to get the E4 version, I traversed the router database (HERE), looking for DIR-615 and E4.
The E4 page included a link to the E3 BIN, with the wrong “Magic number” ending with 01 instead of 05. You can either change the number using a hex editor (Visual Slick, emacs, etc), or look for the bin through the DD-WRT site (HERE).
After uploading the BIN, the router takes 120 seconds to load. What’s left is to access it through 192.168.1.1, change the default username and password, and setup the WiFi (with WPA2+AES).
Precautionary tweaks I’d recommend would be disabling UPnP, telnet, ftp, and any other feature that theoretically allows access to the router/network.
Also, I found that setting up static IPs for each computer/phone is useful. For example, Port Forwarding, QoS (Preferring my Xbox session over a file download). If you don’t usually allow guests to connect to your WiFi, you can even restrict access to a list of predefined MAC addresses.
Besides security, what more does DD-WRT provide? Graphs! The GUI includes graphs for current Bandwidth Monitoring. That’s ok, but what’s MORE interesting, is the Traffic by Month graph, which shows the internet usage in the current month. As I just started using DD-WRT today, it’s pretty empty:
There are many more features to be explored, some are useful and some are purely anecdotal.
What’s certain is that now my router will be updated regularly, enjoying the power that is the Open Source community. Who knows, perhaps after enough time I’ll even delve into the source code myself!
Related articles
- readwrite.com (readwrite.com)
- I’m Dong Ngo, and these are my personal Wi-Fi routers (reviews.cnet.com)