Router Security Site Change Log Website by     
Michael Horowitz 
Home | Site Index | Router Bugs | Security Checklist | Tests | Resources | Stats | About | Search |
I will be speaking about Router Security at the O'Reilly Security Conference in New York City at the midtown Hilton Hotel (Sixth Ave and 53rd Street). The conference runs from Oct. 30 to Nov. 1, 2017. I am slated for Nov 1st at 3:50pm in the Sutton South room on the second floor.

 

Changes made to this website

October 2017

Oct 18: Added wired bandwidth testing of the Pepwave Surf SOHO.

Oct 14: Added a section on Guest Networks to the Setup a New Router page.

Oct 13: Added info on warranty and InControl2 to Pepwave Surf SOHO page. Lots of changes to the New Router page.

Oct 12: Updated the nmap commands on the Setup a New Router page.

Oct 9: Added topic of blocking internal-use-only IP address to the And... section of the Pepwave Surf SOHO page. Also, other minor tweaks to the page. Added to the WPS page that AmpliFi only supports push button WPS.

Oct 7: Minor updates to the Surf SOHO page

Oct 6: Updated the Firmware Update history section of the Firmware Updates page to include Synology, Eero and Peplink. Also updated the Security Checklist to add locking out IP addresses after too many failed logon attempts.

Oct 4: Updated the More Horsepower section of the Pepwave Surf SOHO router page and added link to test drive the Peplink web UI.

Oct 3: Lots of minor updates to the Pepwave Surf SOHO page, including screenshots of scheduling SSIDs and DSL/cable optimization.

Oct 1: Minor updates to the Pepwave Surf SOHO page, including purchasing info.

September 2017

Sept 24: Added link to the Network Port Checker and Scanner Tool from ipfingerprints.com to Test Your Router page

Sept 18: Updated information on the F-Secure Sense router on the Resources page.

Sept 16: Added ArmorVPN to the Coming Soon Maybe section of the Resources page.

Sept 15: Added a clump of 3 D-Link router bugs and a group of 3 Netgear router bugs to the router bugs page. Then too, Netgear routers are being abused via an old bug for credential stuffing. Updated the Test Router page to note that web based DNS server tests may not be reliable after a router has been hacked. The Resource page now links to a router security article by Trend Micro. Minor updates to the What can go wrong page and IP address page.

Sept 14: Updated the intro to the bugs page and added the ability to display ALL bugs on one page

Sept 13: Added a Closest Competition section to the Pepwave Surf SOHO page.

Sept 12: Added some observations (all bad) about the Google Wifi app to the Google Wifi page.

Sept 9: Added three security flaws in ARRIS TG852G gateways from July 2012 to the bugs page. Also added a 2013 router bug. Updated the modem tests on the Test Your Router page. New current bug in D-Link routers added.

Sept 6: Lots of changes to the home page. The short checklist is shorter, the long checklist is longer.

Sept 3: Updated the new router page

Sept 2: Updated the bugs page April 2017 section on the bug in Intel Puma chipsets in some modems that generated a lawsuit against Arris and Netgear. The flaw affects more Intel puma chipsets than first suspected. Also added new flaws in AT&T Arris gateways that were discovered by security firm Nomotion. Updated the router test page to include TCP ports 22 and 49152 which may be open on AT&T provided devices.

August 2017

Aug 20: Added a Juniper router flaw to the bugs page

Aug 19: New flaw in Cisco routers using SNMP added to bugs page.

Aug 17: Minor update to the firmware self-updating page to add bricked smart locks.

Aug 15: Minor updates to Eero and Google Wifi on the Firmware self-updating page.

Aug 12: Updated the WPS page to note that Ubiquiti AmpliFi now supports WPS and you can not disable it. Bad.

Aug 9: Many minor changes to multiple pages, including the Security Checklist and Pepwave Surf SOHO pages.

Aug 2: Updated Gryphon and Betterspot info on the Resources page. Also added Karma Black to the page as a Coming Soon, Maybe router. Minor updates to home page security cheat sheet.

July 2017

July 31: Updated eBlocker description in the Resources page.

July 29: The website was made secure. All HTTPS all the time. So long HTTP.

July 22: Added info on Netgear spying on their routers to the bugs page and page arguing not buy a consumer router.

July 15: Updated the Mesh Routers page to add that the Eero app shows a list of recently connected devices.

July 14: Two changes to the Resources page. Added DNSthingy as a consumer router alternative. Added more space between bullet list items.

June 2017

June 23: Lots of updates to the explanation of how to update the firmware on the Surf SOHO at the bottom of the Firmware Updates page.

June 19: A small revision to the Guest Network section of the Pepwave Surf SOHO router page. Also, updated the Firmware Updates page with screen shots of updating the Surf SOHO firmare.

June 17: A large revision to the Guest Network section of the Pepwave Surf SOHO router page

June 16: Updated the bugs page and the What can go wrong page with information about the WikiLeaks reports of the CIA hacking routers for many years.

June 10: Updated the bugs page with flaws in multiple old WiMAX routers.

June 7: Updated Turris Omnia info on the Resources page.

June 6: Updated the bugs page with details of flaws in Peplink Balance routers running firmware 7.0.0.

June 6: Updated the home page to add that I will be speaking about Router Security at the O'Reilly Security Conference.

June 5: Updated the DNS server section of the Test Your Router page with revised comments and added the ExpressVPN tester.

June 2: Dojo was finally released. Updated the Resources page with the latest info.

May 2017

May 31: Updated Resources page to note that myopenrouter.com is a great match for open source firmware on Netgear routers.

May 23: Big revision to the Guest Network section of the Pepwave Surf SOHO router page

May 14: Minor improvement to the Pepwave Surf SOHO router page explanation of current bandwidth reports.

May 8: Minor changes to the Tester page. Added my blog about my Google Wifi router updating its firmware to the Google Wifi page and the Resources page. Added info on current bandwidth display to Pepwave Surf SOHO page.

May 5: Added info on the Pepwave Surf SOHO sending emails to notify about errors.

May 4: Added lots of bugs to the bugs page. Also added item 30 the security checklist page, that it may be best to avoid Asus routers with Trend Micro software included as part of the firmware.

April 2017

April 27: Big update to the WPS page with details on which mesh routers support WPS and which do not. Also, added a bug in cable modems using the Intel Puma 6 chipset to the bugs page. And, the bugs page was getting pretty big, so bugs from 2015 no longer display by default.

April 26: Removed the Routers 4 Dummies page and replaced it with a new Mesh Routers page. Roughly the same topic, but greatly revised content.

April 26: Two updates to the Firmware self-updating page. A note from Eero about how quickly they roll out firmware updates and a claim by Google to have a single web page with their full firmware release history.

April 24: Added a new Site Index page

April 21: More bugs, ten to be exact, in 25 different Linksys routers added to the bugs page

April 11: Added bugs in four different travel routers to the bugs page.

March 2017

March 30: Lots of updates to the WPS page.

March 29: New page on WPS, Wi-Fi Protected Setup.

March 26: Added point that each VLAN can use different DNS servers to the Surf SOHO page.

March 19: Added two bugs in GLi routers to the bugs page. They have been fixed.

March 18: Three new bugs in D-Link routers added to the bugs page

March 16: Added a Ubiquiti Networks flaw to the bugs page.

March 10: Another griper added to the Other Gripers page. Added a test for TCP port 10554 to the Test Your Router page in response to flaws in video cameras.

March 8: Added a section on UPD Port testers to the Test Your Router page.

February 2017

Feb 28: Added an article about dealing with a hacked router to the bugs page and the Consumer Routers page. Also updated the Test Your Router page to note that if you see ads on this website, then the router you are connected to has been hacked.

Feb 25: Added a bug in two TP-Link routers to the bugs page.

Feb 24: Added some observations after living with eero to the Firmware Self-Updating page. Nothing good.

Feb 22: Added link to an article about Spectrum/Time Warner Cable/Charter cheating their customers and being sued in New York State to the ISP Routers page.

Feb 21: Added a link to Security Router from Halon Security to the Resources page

Feb 20: Added Flter secure router to the Resources page. When released, it will offer both Tor and a VPN client.

Feb 18: Added two things to the Firmware Self-Updating page: details provided by Google on how their Google Wifi routers self-update and tracking of the eero automatic firmware installation. So far, 11 days and no automatic update to an eero system.

Feb 15: Revised the Security Checklist for automatically updating router firmware. Called out three companies for being cowards for not explaining the details of their firmware auto-update system.

Feb 13: Updated the Security Checklist page with info on vouchers offered on UniFi Guest Wi-Fi networks. Added more funny Wi-Fi network names to the SSID page.

Feb 9: Added two more stats pages. The main menu goes to a new page that offers two types of stats: long term only or both long term and short term. The latter page is new.

Feb 8: Added two more printer related ports (515, 631) to the Test Your Router page.

Feb 7: Added a new page with home grown site stats. Linked to it in the main menu replacing the little populated Reviews page. Approaching one million page views (961,500) since the site went live.

Feb 6: Added a test for TCP port 9100 (used by printers) to the Test Your Router page.

Feb 5: Added a new page on Routers with Self Updating Firmware that details how Linksys compares to my security checklist.

Feb 2: On the resources page, modified the list of Linksys self-updating routers to note that all of their "Smart-Wifi" branded routers can self-update.

January 2017

Jan 30: Added yet another Netgear router bug to the bugs page

Jan 29: Added another IPv6 tester site to the Test Your Router page: test-ipv6.com from Jason Fesler. Also improved the explanation of UPnP on that page and added a menu to it.

Jan 28: Added two tester sites to the Test Your Router page: ipv6leak.com tests for IP version 6 and dnsleak.com tests for leaking DNS servers

Jan 22: Added two new sections to the New Router page: Port Scanning and Extra Credit.

Jan 19: Added Android malware that attacks TP-Link routers in China to the bugs page.

Jan 18: More router bugs, this time with ZyXel and Billion routers in Thailand. Also added quote from Bruce Schneir on how government regulation is the only solution to router and IoT security to the Other Gripers page.

Jan 14: Added info about FTC lawsuit against D-Link for insecure routers and cameras to the bugs page

Jan 13: Updated the WiFi Encryption page

Jan 6: Assorted updates to the Pepwave Surf SOHO page.

Jan 3: Updated page on Google Wifi/OnHub routers. Added Google custom search of this site. My first crack at this, we'll see how it holds up...




Top 
This page was last updated: October 18, 2017 10PM CT     
Created: November 21, 2015
Viewed 8,152 times since November 21, 2015
(12/day over 702 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Changelog
Copyright 2015 - 2017