Networking?

[HotDamn!]

When it comes to computers its usually like a walk in the park for me, but when it comes to knowing stuff about routers and networking and stuff I draw a blank

I was wondering if someone could give me a little rundown on setting up a secure home network and what router brand is the best??? I'd like to keep the price under $50 if someone could suggest a single router. I have the modem and router hooked up by my computer in the basement, I play online games, and I have another computer upstairs that runs off of the router, which is used for web browsing. I notice that I get some game interruption while someone is browsing the upstairs computer and I was wondering if I had a better router would that help with that at all?

PS, I currently use a WRT54G Lynksys router that seems to be crap and someone got a hold of my networks password the other night. The router is from a garage sale and I don't have the original password, I had a wireless card disc set up a password and network for me... I'm confused too

Any help with this would be great, I love to learn new things. Thanks

[yoda313]

I use a netgear wireless G router. i don't know the model number off hand - its a few years old now however.

You can easily get G routers for 50.00 or less. Just look around. I'd stick to either netgear or dlink. Those are the only two brands I've ever used - no problems with any of them. Though I can' say others don't work well, that is just my experience.

The interface menus for the routers are somewhat straightforward for setting passwords and restricting websites and the like. The manuals are your best friend here. And write down your password somewhere you can remember.

[Jim44]

I was wondering if someone could give me a little rundown on setting up a secure home network and what router brand is the best??? I'd like to keep the price under $50 if someone could suggest a single router. I have the modem and router hooked up by my computer in the basement, I play online games, and I have another computer upstairs that runs off of the router, which is used for web browsing. I notice that I get some game interruption while someone is browsing the upstairs computer and I was wondering if I had a better router would that help with that at all?

You'd probably want a router that has some kind of scheduling/QoS feature. I know the Tomato open-source firmware for the Linksys routers has this feature. Not sure if any have it "stock". You'd want to have some way of prioritizing your gaming packets, giving them a minimum amount of bandwidth, regardless of what else is going through the router. Otherwise, everything gets treated equally, on a first-come, first-served basis.

That's about all I know on the subject, maybe check out broadbandreports.com?

PS, I currently use a WRT54G Lynksys router that seems to be crap and someone got a hold of my networks password the other night. The router is from a garage sale and I don't have the original password,

(Shrug) I have a WRT54GL that replaced a v1 Netgear router, and it's working just fine for me. You can reset the password by holding down the reset button for 10 seconds. the default login/password combo is admin/admin. And, BTW, the user manual is available online in a bunch of places, I found it on Amazon:
http://ec1.images-amazon.com/media/i3d/01/A/man-migrate/MANUAL000000300.pdf

[HotDamn!]

How would I go about this?? I want only 2 people to be able to use my router not including me on the modem and the other stuff is a little confusing to me. And thanks for the admin pass and manual, how could I change the password and stuff

[HotDamn!]

actually I think I have it figured out, thanks

[redwudz]

You can use the MAC address filtering on most any wireless router to restrict access to just certain computers. It's easy to set up. If you have frequent visitors use your LAN system, maybe not the best setup. But if the same users are there all the time, that's what I would advise. Each computer's LAN adapter has a unique MAC address.

Also setting up WPA encryption would help a lot to block outside access and keep your system secure. Use of a strong password also helps. Put it on a label on the bottom of your router so you don't forget it. I would also change your router's SSID. If it says 'Linksys', pretty easy for someone to guess information about your router and get into your system, especially if you still use default settings. You should only have to set all this up once.

[HotDamn!]

THANKS!!! Got the MAC address filter on so that only 3 PC's can access my router and it can only be the PC's in my house. Hopefully anyways..

[redwudz]

MAC address filtering is one easy way to block other users. Not completely secure if someone discovers one of your MAC addresses, but that's not too likely.
You do want to make sure your router is secured with a strong password, though, or they can see the MAC addresses there.

[Jim44]

Not completely secure if someone discovers one of your MAC addresses,

Since the MAC address is part of each Ethernet packet sent across the network (wired or wireless), discovering it is fairly trivial.

MAC address filtering is just a way to help keep someone from inadvertently accessing your network, IMO - a determined person can circumvent that rather easily.

As redwudz mentioned, you need to set up WPA encryption. This is the main piece of wireless security. Plus changing the default password of the router (which you've already done, I think) and change the default SSID. Those three things you absolutely want to do. MAC address filtering and not broadcasting SSID are of arguable effectiveness (just do a Google search ), and can be used or not.

[creamyhorror]

Random question - if I turn my router's firewall off, is it possible for someone on the WAN (Internet) to access my router's configuration, or mess with it somehow? When is it possible for an external attacker to do something like that?

[HotDamn!]

Random question - if I turn my router's firewall off, is it possible for someone on the WAN (Internet) to access my router's configuration, or mess with it somehow? When is it possible for an external attacker to do something like that?

They will mess with it any how, any way, any time. If they know how.

[HotDamn!]

I have it set to WPA2 Personal with TKIP+AES. I did change all passwords possible and wrote them all down. I haven't had any problems since so I hope the local hacker or whatever will leave me alone. I turned off the discovery mode also hoping that would help a bit.

Thanks all

[HotDamn!]

I was wondering if I set the gaming part up right or not? I'm hooked up through the first port with Ethernet and was wanting minimal game interruption but still want the people on wireless to be able to browse smoothly.



Some help with this would be great. This has been giving me trouble for a while now.

[aedipuss]

with just a little protection you should be ok. drive by wifi thieves look for open unprotected access points first. hacking wep takes lots of time and there are other easier targets out there so they should just move on. but if it's you they want and not just easy free net access.......... any wifi isn't a good idea.

[redwudz]

Correct me if I'm wrong, but the only MAC address that I'm aware of that gets to the IP's site is the one from the router. And, AFAIK, the internet provider blocks that from the internet. The PCs MAC addresses may circulate around the LAN but not the internet. I believe that's part of the NAT (Network Address Translation) that's part of the reason you use a router. If your MAC was out there, it would be a lot easier for Hollywood to find out exactly who's PC is downloading things they shouldn't. The IP only records your IP address and the access times.

And a router doesn't really have a firewall. It has settings you can configure, such as NAT, that shows each computer on the LAN as the address of the router or one of your computers. And if you set MAC filtering, that's also part of the firewall settings. To be really secure, you should still use a encryption like WPA. Adding MAC address filtering, fixed computer addresses, turning off SSID, helps also.

What you need to do depends on where you are. If you have a inner city location, you might want to take all measures. In the country, not so much. I would still advise WPA as most any computer can handle it easy enough. Most routers have a address of 192.168. (0 or 1).1 Not that hard to figure that out and access the router and control it. Where I live, there are open routers and I could easily log on to one and re-configure it. But I don't do that.

If you use the default router settings, it's pretty easy to discover your router on the net. Most routers use ' admin' for the user name and ' password or admin ' for the default password. Once they have control of your router, they can re-program it as easy as you can. But your router manual should tell you all that. Worth studying. As mentioned, you only need to do all this once most times.

[HotDamn!]

This was disabled by default and I was wondering why since it boosts speed??

Packet Bursting???

Frame Burst

Allows packet bursting which will increase overall network speed.

[TJohns]

This was disabled by default and I was wondering why since it boosts speed??

Packet Bursting???

Frame Burst

Allows packet bursting which will increase overall network speed.

As this send multiple packets one-after-the-other with reduced gaps and/or ACK requirements, it needs to be a supported feature at BOTH ends - if you send them to someone who isn't expecting it it may actually REDUCE the speed due to collisions, etc.

Trev

[Nelson37]

A note on the paranoia. The original "hack" was not some super-genius who somehow breached your airtight security, it was almost certainly some schmuck who ALREADY KNEW the router's password. He almost certainly did not "get hold of it".

The wireless card setup disk and password referred to only covers the wireless broadcast, it does not secure the router from penetration. That's what the admin password is for, and you write this down and tape it underneath the router.

You are dealing with a threat zone of about 3 or four lots around your house, or a car parked out front. The danger is just not that great. Also, you can review attached devices to determine if there is any unauthorized usage.

The odds that someone in your immediate area knows what a packet sniffer is are fairly minimal.

Now if you do any credit card transactions, online banking, or have valuable info on the PC, then by all means crank up the security but the biggest threat to those items is not in your immediate neighborhood.

[EddyH]

A small point of note ... if it's a PROPER WRT54, then it's probably quite a good router and you just need to change some things (as per everything above)

If it's a GC or other cut-down version, ditch it and upgrade. They're a few years old by now anyway. I'm only keeping mine because my home internet use is quite low-level at the moment - but when my brother was here and both our network and internet got hammered a lot, we often suffered from an infamous "bug" (or more accurately, weakness - a lack of memory and programming that wasn't changed to account for it) which would end up slowing it right down and eventually locking the thing near-solid until it was cold-reset. Plus they don't have the massive customisability of the full fat ones.

Don't much bother with WEP security on my own because the signal is already so borderline INSIDE the house - any of our neighbours who are savvy enough to use the net already have it (from the proliferation of local routers) - and given the nature of our street, anyone parking up with their laptop would stick out like a sore thumb, especially if something happened that bore investigation. All our computers are well protected themselves and the router has hardware firewalling (and mac filtering, moreover! Can't get access without being a registered machine). Far easier targets about.

edit: *reads rest of thread* ... oh. OK then. Guess what I'll be doing tonight, then.

[HotDamn!]

It seems pretty air tight now that I figured out how to set everything up thanks to the help from here. I was pretty concerned because I do a lot of online buying and it happened just a couple of days ago and I recently made a purchase at Newegg.com

[Jim44]

Correct me if I'm wrong, but the only MAC address that I'm aware of that gets to the IP's site is the one from the router. And, AFAIK, the internet provider blocks that from the internet. The PCs MAC addresses may circulate around the LAN but not the internet.

I was thinking particularly of wifi - the laptop's MAC address is in every packet between it and the router. There are tools that make detecting and spoofing a MAC address very easy. Makes for a classic "man in the middle" attack.

This is one reason why encryption is important - without it everything sent wirelessly is in the clear for anyone with the right tools and proximity to see.

I agree with everything else you said.

Jim

[HotDamn!]

This should be my last question, I'm a little confused by this even though I read up on it.. "Filter Internet NAT Redirection" is it best to have it check marked?

It's under Security, and then Firewall

[Jim44]

I've got it unchecked on my router. I have no idea what it's for.

However, this may help:
http://www.google.com/search?btnG=1&pws=0&q=Filter+Internet+NAT+Redirection

[isogonic]

if I turn my router's firewall off, is it possible for someone on the WAN (Internet) to access my router's configuration, or mess with it somehow? When is it possible for an external attacker to do something like that?

Routers do have rudimentary firewalls built-in. you should definitely leave it on. Anybody that knows the routers log in credentials and can pick up its broadcast can access its web page, WAN or LAN. It makes no difference if the 'firewall' is off or on.

[creamyhorror]

if I turn my router's firewall off, is it possible for someone on the WAN (Internet) to access my router's configuration, or mess with it somehow? When is it possible for an external attacker to do something like that?

Routers do have rudimentary firewalls built-in. you should definitely leave it on. Anybody that knows the routers log in credentials and can pick up its broadcast can access its web page, WAN or LAN. It makes no difference if the 'firewall' is off or on.

I was referring to people on the WAN, not people accessing my router via Wi-fi. My router's on WPA2 encryption and my area doesn't have Wi-fi thieves anyway. So, to rephrase: can a person on the Internet, without access to my Wi-fi, access my router's login page? I assume not but I want to be sure.

[isogonic]

can a person on the Internet, without access to my Wi-fi, access my router's login page?

no.

[creamyhorror]

Cool, thanks.

[SingSing]

Netgear G/B wireless router at $39 ( bestbuy or staples ).

Arlink PCI wifi card at $17.00 ( a must ) for desk top.

[Jim44]

can a person on the Internet, without access to my Wi-fi, access my router's login page?

no.

Qualified "no" - as long as you have the router's "Remote Management" disabled.

(That's what Linksys calls it - other mfgr may have a different name - a way to access/manage the router from a remote location via the Internet.)

[creamyhorror]

That makes sense. I'll have to check my router. Thanks for the reply.