DD-WRT Open Source Firmware

Stacks Image 17746
When I was coming up in the 90’s as a computer geek there was a mythical beast referred to as a “Power User”. All the magazines talked about it. All geeks thought they were one and dedicated thousands of waking hours of messing with their computers while summarily ignoring their routers. No more.

You’re still not a “Power User” unless your router is hacked.

Why would you want to hack your router you ask? Well, quite frankly most consumers have one goal when purchasing a home router. To get it connected to the internet.

That is the only goal. The casual home computer user has no idea what DNS, IPv4, IPv6, WINS, DHCP, Proxies WPA, WPA2, PPPoE, etc. Could you imagine a router manufacturer selling a product that requires the user to configure that stuff? Their $100 router would have to cost $400 to cover the cost of all the tech support calls.

So manufacturers CRIPPLE the security, speed, and features of the router so that you, Joe Computer Illiterate, can connect to the internet. Cool huh?

Also most consumer routers have so many bugs as to be completely un-secure. Hacking into one is almost a joke. Most people don’t change the default passwords on them.

I used to take control of the router at the hotel I was staying in.
Power User
Quick router story. I used to go to this hotel on an island in Japan where they had very limited and very poor internet. Basically they finally got satellite internet with a router and a repeater and when the hotel would start filling up the bandwidth would choke and become unusable.

So…..I used to take control of the router at the hotel I was staying in.

They had a default password set and I would log in. First thing I would do was take note of the fact they had a 5GHZ wifi channel that was turned off. I would turn it on and hide the SSID (broadcast name). Then I would set a quality of service (QoS) to my IP Address to ensure I always had available bandwidth.

Then I’d put it all back to normal when I left.

Okay, that’s harmless. What could I have done? I could have changed the DNS server addresses to a DNS server that I made that would redirect you from your bank site to my fake bank site which would of course fail but would snag your password. Would I ever do that? Not in a million years. I’m not a thief. But think about what I just said.

ANYONE could hack a router and redirect you to fake websites. Ok most crooks aren’t that sophisticated. Got any naked pictures of your wife on your computer? Hey, you’re hooked to a compromised router with file sharing enabled.

Ever go to the Airport and hook on the network called “FREE AIRPORT WIFI”? Not smart. Not smart at all. Please tell me you didn’t hook to that network then checked your bank account or stocks. You may have been the victim of a Man In The Middle attack.

My greater point here is ROUTER SECURITY SUCKS. There are literally dozens of published attacks and exploits for today’s off the shelf routers. Do you have a really cool long password? That’s good. Your router probably ignores all but a few characters of it meaning a brute force attack is a snap for a dedicated hacker.

I’m a firm believer that if someone wants in, they’ll get in but why leave the door open?

This page is largely about DD-WRT but there are many different Open Source firmwares for commercial routers such as OpenWRT, Tomato, ASUSWRT, Gargoyle, etc. Not all routers work with DD-WRT.

Is DD-WRT more secure than your manufacturers firmware? Maybe but not necessarily so. It’s all in the configuration. What it is though, is more up to date, poured over by code junkies, tested by a whole community looking for bugs, and those bugs generally being fixed in a timely manner. Also DD-WRT gives you the freedom to do Quality of Service bandwidth control. Run Network Attached Storage (NAS)….here’s mine (a 1TB USB Drive hooked to my router):
Stacks Image 17754
Just look at the Services tab on DD-WRT. Look at all the stuff you can do. And that’s just that tab.

Remember I barked at you for connecting to FREE AIRPORT WIFI? No problem if you connect to your VPN server. You can create a VPN server on your router. Yeah it’s a little geeky but there are about a thousand web pages that show you how to do it easily enough.

Want to hook a hard drive or printer up? USB service. Then configure it as Network Attached Storage? NAS tab. Have a business and want your customers to log into your wifi and get their email addresses? Set up a hotspot. Just like when you go somewhere and get free wifi and have their log in page. Same, same.

Want to block Ads at the source for all your computers? Adblocking tab contains something called Privoxy. Yeah it’s really geeky but yours truly made it simple here.

Want to run a small web server? Yep you can do that on your router as well.
Stacks Image 17758
Let’s be clear. Today’s modern router is a LINUX COMPUTER. And you thought you’d never run Linux.

Note that above there is a tab that says “Access Restrictions” Want to block Minecraft because little Johnny won’t stop? How about blocking certain web sites? It’s as easy as typing it in and hitting “Apply”.

Want to make sure you have enough bandwidth to binge watch StarTrek while every one else in the house is binge watching something? Go to the NAT QoS page and give your computer (via IP address) a steady stream of bandwidth. Hey, you pay the bills, not the kids, right?

Anyway, I’ve barely touched on what DD-WRT can do. It is NOT a magic bullet. Router security is only as good as the setup and the maintenance on your router. I’ll say it again. Your router is a COMPUTER. A full blown COMPUTER. You keep your computer updated with all kinds of fancy drivers and virus definitions yet ignore your router, the device that provided access to EVERY DEVICE YOU HAVE! Think about that.

If someone gets your router……they own you.