I’ve been working on a lot of virused computers lately. Typically I haven’t had much concern for other devices on my network but then I ran into a recent rash of viruses that are much more sophisticated than usual. One of them was silently doing “click fraud” in the background at the rate of 1000 clicks per minute or so. This got me a little spooked about the rest of my network. Even though my main computers are macs, I do think that cross platform or mac viruses will become a more regular occurrence. This is why I decided to rebuild my network.
I have been hitting a lot of thrift stores lately. It’s unbelievable what people are throwing out in my area. Some stuff I can understand like the network hub for instance but other stuff like the wrt54g’s are a bit of a surprise. The routers I have found range from WRT54Gv1′s to WRT54G-TM’s and routers as new as WRT54Gv6′s. The prices have been as low as $7 up to about $13. Sometimes I get the power supply with them, other times I pick up extras somewhere else.
In the matter of 2-3 months or so, I’ve managed to snag about 10 of them at bargain basement prices. Personally, I don’t see the need for 802.11N for everything. If I want to go REALLY fast, I’ll just plug in a wire, that’s always going to be faster than wireless anyways. Whatever the case, their loss is my gain. I’ve flashed these routers with DD-WRT for now since I don’t have a good grasp on OpenWrt quite yet and don’t need the extra functionality for the moment but I plan to start experimenting with OpenWrt a bit more at a later date.
Here’s how my network is laid out now:
OUTSIDE ROUTER(WIFI DISABLED)
HUB <–> Network sniffer
SWITCH <–> Guest access point(802.11B, WEP devices) & virused systems
INSIDE ROUTER(WPA enabled) <–> Most protected systems
I had a couple of goals with this layout. First, I wanted to provide a single point where I could sniff ALL traffic going in or out of my network. The hub provides me this because all of the traffic is spewed across all of the ports. When I only have 2 devices plugged into the hub, there should not be a performance hit from this. One caveat however is a switch labeled as a hub. I was unfortunate to purchase such a device but at least it was only a few bucks. Another challenge is actually finding a 10/100 hub. Most of them on the used market seem to be 10mbit.
My next goal was having a place to isolate guests and hook up older, insecure devices that only work with WEP and/or 802.11B. One of my next steps will be adding another dedicated guest router for 802.11G devices but that’s not a huge priority. Most importantly, I wanted to segment virused PC’s off of my network.
Hopefully this new setup will allow me to research odd malware behavior and keep my good systems a bit safer in the process.
I’ve been messing around with my stack of WRT54G routers this weekend. So far I have serial modded two out of the five that I have sitting here. The neat thing about the serial mod is that it’s so easy to grab a console off of it without worrying about network parameters. The bad thing is that your router may or may not be connected to the internet when you are on that console. It’s pretty easy to hook up to another wireless router in client mode from the console. I couldn’t find the following information all in one place so I’m going to hash out the quick version here:
iwconfig wlan0 essid router_name
iwconfig wlan0 key 0123456789 (I have a wep router handy for connecting older devices)
ifconfig wlan0 10.10.10.40 netmask 255.255.255.0 (no dhcp client on my router by default)
ifconfig wlan0 up
route add default gw 10.10.10.1
ifconfig wlan0 up
and finally add a known dns server (like 188.8.131.52) to your /etc/resolv.conf with vi
For advanced Unix users, none of this is anything new but hopefully this will help someone else out there who is struggling through an OpenWrt or Gentoo install or can’t figure out how to configure wireless on your Zipit after you’ve put an aftermarket root fs on it. All of these settings will disappear when you reboot your device aside from editing the resolv.conf although if you are using a WRT54G series router, your edits to the resolv.conf will also disappear.
It seems that all of the Linksys WRT54G’s that I’ve come across for a good price lately are the WRT54G-TM variant. The TM stands for T-Mobile. In all honesty I’m not sure how the T-Mobile hot spot functionality works. I don’t really care either. What I know is that this router is actually an excellent candidate for a DD-WRT installation. In fact, I’d argue that it’s even better than the WRT54GL because this one has 32MB of ram opposed to the 16MB on the GL version. The only small downside on the WRT54G-TM is that you’ll have to jump through a couple more obstacles to make it run DD-WRT. Don’t let this put you off at all! There are excellent instructions out there and I’m going to give you a short overview as well. First off, here are the official instructions for putting DD-WRT on the WRT54G-TM.
If you plan to load this firmware on your WRT54G-TM, I highly recommend using Internet Explorer on Windows. Everything seems to go the smoothest using this configuration. When I’ve tried Firefox on my Mac I’ve had trouble and the same goes for Safari. Just save some pain and use IE if you have access to it. Now for the fun stuff:
- Download the latest version of DD-WRT for the WRT54G-TM. Run a quick search on this page to find it. http://www.dd-wrt.com/site/support/router-database. While you are there, grab the tftp program and the CFE updater binary.
- Set your Windows machine to the static ip 192.168.0.2. While you are in there, click advanced and add a second ip 192.168.1.2.
- Pick a port 1-4 and plug it into your computer’s ethernet port.
- Do a hard reset on your WRT54G-TM to put it back to factory settings by unplugging the router, holding the reset switch on the back of the router, plugging it in and keeping holding the switch for 30 seconds.
- Log into your router at 192.168.0.1. No username, password is admin.
- Click administration, then update firmware. Update the firmware with the CFE binary file. That should go pretty quick and say something like “Upgrade succeeded”.
- Wait…. While you are waiting, bring up a command prompt and ping -t 192.168.1.1. When you get a response to your pings, you can quit waiting and move to the next step.
- Fire up the TFTP client and type in 192.168.1.1 for the server IP and for the file put in the location of the ddwrt.v???? firmware file. Hit upgrade and wait.
- Now go to 192.168.1.1 in your web browser. You should see a screen prompting a user password change. Now is a great time to set your root password.
That’s it! It sounds a lot harder than it actually is. Post some comments on your own experiences with the WRT54G-TM.