Router Security Site Change Log Website by     
Michael Horowitz 
Home | Site Index | Router Bugs | Security Checklist | Tests | Resources | Stats | About | Search |
I spoke about Router Security at the O'Reilly Security Conference in New York City on Nov. 1, 2017. See a PDF of the slides
 

Changes made to this website

January 2018

Jan 14: Added a new section to the Resources page for Add-on Security via Router Firmware

Jan 13: Added article about defaced MikroTik and Ubiquiti Routers to the bugs page.

Jan 4: Updated the Other Router Security Advice page with links to two good articles written yesterday. Updated the VLAN page with a paragraph on Sonos speaker isolation and a Total Reverse topic.

Jan 2: Added an explanation of Access vs. Trunk Ethernet ports to the VLAN page.

Jan 1: Created a new Other Router Security Advice page. This used to be a section on the Resources page.

December 2017

Dec 31: Added note to the About page that the site just had its 2 millionth page view. Go figure.

Dec 30: Yet another update to the introductory section of the VLAN page.

Dec 26: Added bug in the GoAhead web server to the Bugs page.

Dec 23: Big update to the introductory section on the new VLAN page.

Dec 19: Assorted minor updates to the new VLAN page.

Dec 15: New page devoted to VLANs. Moved VLAN discussion from the Surf SOHO page and expanded it.

Dec 14: Updated the WPS page with more bad news about WPS and the AmpliFi mesh router. Added Fingbox to the list of Add-on Security Devices in the Resources page.

Dec 12: Updated the WPS page with a Netgear KB item on defending against WPS.

Dec 6: Added this to the bugs page: A botnet spreads by attacking un-named flaws in Huawei Home Gateways. Also updated the Test Your Router with tests for the TCP ports (37215 and 52869) used by Satori botnet that abuses Huawei routers.

Dec 3: Added a non security section to the mesh routers page.

Dec 2: Added a full list of recent Netgear patches to the bugs page.

November 2017

Nov 29: Added to the bugs page, reports of a new botnet attacking ZyXEL routers

Nov 25: Completely redid the Firewall topic (item 10) on the Security Checklist page.

Nov 24: Revised the Port Scanning section of the Setup a New Router page and added a new Open Wi-Fi Network Testing section to it.

Nov 21: Added a few brief notes about the TP-LINK Deco M5 to the Mesh Routers page.

Nov 20: Added a summary of a blog about TP-Link firmware rollouts in Europe to the bugs page.

Nov 17: Added a gripe about AmpliFi to the mesh router page and the firmware self updating page. Also added F-Secure Sense and Fingbox to the firmware self-updating page.

Nov 16: More gripes about the Google Wifi app added to the Google Wifi page. The more I use the app, the less I like it.

Nov 15: Added a new section to the Pepwave Surf SOHO page with details on the three hardware editions of the router.

Nov 13: Added some notes about Asus Lyra to the Mesh Routers page and the WPS page

Nov 8: Site search now uses DuckDuckGo. Previously used Google.

Nov 7: Added a bug from June 2017 with EnGenius routers sharing files on USB attached storage.

Nov 6: Great quote about why routers are not secure was added to the Other Gripers page. "... the real goal is that the dumbest person who opens the box be able to connect to the internet without them paying a tech support person for an hour to help you on the phone"

Nov 4: Added more proof to my argument about avoiding ISP hardware. A presentation at DEF CON 25 (summer 2017) where researchers found 26 bugs in assorted ISP provided devices. Updated the firmware self-updating page with the latest audit of eero and some minor editing changes.

Nov 3: Netgear Orbi does not self-update. My bad. Its been corrected on the Resources page. Also, minor changes to the "Secure Router Configuration in Detail" section on the home page. And new colors for the home page stripes. The orange was just too much.

Nov 1: I spoke about Router Security at the O'Reilly Security Conference today and added a link to a PDF of the slides to the home page.

October 2017

Oct 28: Added that ESET thinks ISPs are helping install malware to the ISP Routers page.

Oct 27: More Netgear bugs added to the bugs page along with Dnsmasq. Added another griper complaining about the bad state of consumer router security.

Oct 26: Minor revision to the Setup a New Router page and some hard stats on brute forcing passwords added to the WiFi Encryption page

Oct 25: Minor revisions to the SSID page.

Oct 24: Another bug and an eero warning on the Mesh Router page.

Oct 23: Added KRACK flaw in WPA2 to bugs page.

Oct 18: Added wired bandwidth testing of the Pepwave Surf SOHO.

Oct 14: Added a section on Guest Networks to the Setup a New Router page.

Oct 13: Added info on warranty and InControl2 to Pepwave Surf SOHO page. Lots of changes to the New Router page.

Oct 12: Updated the nmap commands on the Setup a New Router page.

Oct 9: Added topic of blocking internal-use-only IP address to the And... section of the Pepwave Surf SOHO page. Also, other minor tweaks to the page. Added to the WPS page that AmpliFi only supports push button WPS.

Oct 7: Minor updates to the Surf SOHO page

Oct 6: Updated the Firmware Update history section of the Firmware Updates page to include Synology, Eero and Peplink. Also updated the Security Checklist to add locking out IP addresses after too many failed logon attempts.

Oct 4: Updated the More Horsepower section of the Pepwave Surf SOHO router page and added link to test drive the Peplink web UI.

Oct 3: Lots of minor updates to the Pepwave Surf SOHO page, including screenshots of scheduling SSIDs and DSL/cable optimization.

Oct 1: Minor updates to the Pepwave Surf SOHO page, including purchasing info.

September 2017

Sept 24: Added link to the Network Port Checker and Scanner Tool from ipfingerprints.com to Test Your Router page

Sept 18: Updated information on the F-Secure Sense router on the Resources page.

Sept 16: Added ArmorVPN to the Coming Soon Maybe section of the Resources page.

Sept 15: Added a clump of 3 D-Link router bugs and a group of 3 Netgear router bugs to the router bugs page. Then too, Netgear routers are being abused via an old bug for credential stuffing. Updated the Test Router page to note that web based DNS server tests may not be reliable after a router has been hacked. The Resource page now links to a router security article by Trend Micro. Minor updates to the What can go wrong page and IP address page.

Sept 14: Updated the intro to the bugs page and added the ability to display ALL bugs on one page

Sept 13: Added a Closest Competition section to the Pepwave Surf SOHO page.

Sept 12: Added some observations (all bad) about the Google Wifi app to the Google Wifi page.

Sept 9: Added three security flaws in ARRIS TG852G gateways from July 2012 to the bugs page. Also added a 2013 router bug. Updated the modem tests on the Test Your Router page. New current bug in D-Link routers added.

Sept 6: Lots of changes to the home page. The short checklist is shorter, the long checklist is longer.

Sept 3: Updated the new router page

Sept 2: Updated the bugs page April 2017 section on the bug in Intel Puma chipsets in some modems that generated a lawsuit against Arris and Netgear. The flaw affects more Intel puma chipsets than first suspected. Also added new flaws in AT&T Arris gateways that were discovered by security firm Nomotion. Updated the router test page to include TCP ports 22 and 49152 which may be open on AT&T provided devices.

August 2017

Aug 20: Added a Juniper router flaw to the bugs page

Aug 19: New flaw in Cisco routers using SNMP added to bugs page.

Aug 17: Minor update to the firmware self-updating page to add bricked smart locks.

Aug 15: Minor updates to Eero and Google Wifi on the Firmware self-updating page.

Aug 12: Updated the WPS page to note that Ubiquiti AmpliFi now supports WPS and you can not disable it. Bad.

Aug 9: Many minor changes to multiple pages, including the Security Checklist and Pepwave Surf SOHO pages.

Aug 2: Updated Gryphon and Betterspot info on the Resources page. Also added Karma Black to the page as a Coming Soon, Maybe router. Minor updates to home page security cheat sheet.

July 2017

July 31: Updated eBlocker description in the Resources page.

July 29: The website was made secure. All HTTPS all the time. So long HTTP.

July 22: Added info on Netgear spying on their routers to the bugs page and page arguing not buy a consumer router.

July 15: Updated the Mesh Routers page to add that the Eero app shows a list of recently connected devices.

July 14: Two changes to the Resources page. Added DNSthingy as a consumer router alternative. Added more space between bullet list items.

June 2017

June 23: Lots of updates to the explanation of how to update the firmware on the Surf SOHO at the bottom of the Firmware Updates page.

June 19: A small revision to the Guest Network section of the Pepwave Surf SOHO router page. Also, updated the Firmware Updates page with screen shots of updating the Surf SOHO firmare.

June 17: A large revision to the Guest Network section of the Pepwave Surf SOHO router page

June 16: Updated the bugs page and the What can go wrong page with information about the WikiLeaks reports of the CIA hacking routers for many years.

June 10: Updated the bugs page with flaws in multiple old WiMAX routers.

June 7: Updated Turris Omnia info on the Resources page.

June 6: Updated the bugs page with details of flaws in Peplink Balance routers running firmware 7.0.0.

June 6: Updated the home page to add that I will be speaking about Router Security at the O'Reilly Security Conference.

June 5: Updated the DNS server section of the Test Your Router page with revised comments and added the ExpressVPN tester.

June 2: Dojo was finally released. Updated the Resources page with the latest info.

May 2017

May 31: Updated Resources page to note that myopenrouter.com is a great match for open source firmware on Netgear routers.

May 23: Big revision to the Guest Network section of the Pepwave Surf SOHO router page

May 14: Minor improvement to the Pepwave Surf SOHO router page explanation of current bandwidth reports.

May 8: Minor changes to the Tester page. Added my blog about my Google Wifi router updating its firmware to the Google Wifi page and the Resources page. Added info on current bandwidth display to Pepwave Surf SOHO page.

May 5: Added info on the Pepwave Surf SOHO sending emails to notify about errors.

May 4: Added lots of bugs to the bugs page. Also added item 30 the security checklist page, that it may be best to avoid Asus routers with Trend Micro software included as part of the firmware.

April 2017

April 27: Big update to the WPS page with details on which mesh routers support WPS and which do not. Also, added a bug in cable modems using the Intel Puma 6 chipset to the bugs page. And, the bugs page was getting pretty big, so bugs from 2015 no longer display by default.

April 26: Removed the Routers 4 Dummies page and replaced it with a new Mesh Routers page. Roughly the same topic, but greatly revised content.

April 26: Two updates to the Firmware self-updating page. A note from Eero about how quickly they roll out firmware updates and a claim by Google to have a single web page with their full firmware release history.

April 24: Added a new Site Index page

April 21: More bugs, ten to be exact, in 25 different Linksys routers added to the bugs page

April 11: Added bugs in four different travel routers to the bugs page.

March 2017

March 30: Lots of updates to the WPS page.

March 29: New page on WPS, Wi-Fi Protected Setup.

March 26: Added point that each VLAN can use different DNS servers to the Surf SOHO page.

March 19: Added two bugs in GLi routers to the bugs page. They have been fixed.

March 18: Three new bugs in D-Link routers added to the bugs page

March 16: Added a Ubiquiti Networks flaw to the bugs page.

March 10: Another griper added to the Other Gripers page. Added a test for TCP port 10554 to the Test Your Router page in response to flaws in video cameras.

March 8: Added a section on UPD Port testers to the Test Your Router page.

February 2017

Feb 28: Added an article about dealing with a hacked router to the bugs page and the Consumer Routers page. Also updated the Test Your Router page to note that if you see ads on this website, then the router you are connected to has been hacked.

Feb 25: Added a bug in two TP-Link routers to the bugs page.

Feb 24: Added some observations after living with eero to the Firmware Self-Updating page. Nothing good.

Feb 22: Added link to an article about Spectrum/Time Warner Cable/Charter cheating their customers and being sued in New York State to the ISP Routers page.

Feb 21: Added a link to Security Router from Halon Security to the Resources page

Feb 20: Added Flter secure router to the Resources page. When released, it will offer both Tor and a VPN client.

Feb 18: Added two things to the Firmware Self-Updating page: details provided by Google on how their Google Wifi routers self-update and tracking of the eero automatic firmware installation. So far, 11 days and no automatic update to an eero system.

Feb 15: Revised the Security Checklist for automatically updating router firmware. Called out three companies for being cowards for not explaining the details of their firmware auto-update system.

Feb 13: Updated the Security Checklist page with info on vouchers offered on UniFi Guest Wi-Fi networks. Added more funny Wi-Fi network names to the SSID page.

Feb 9: Added two more stats pages. The main menu goes to a new page that offers two types of stats: long term only or both long term and short term. The latter page is new.

Feb 8: Added two more printer related ports (515, 631) to the Test Your Router page.

Feb 7: Added a new page with home grown site stats. Linked to it in the main menu replacing the little populated Reviews page. Approaching one million page views (961,500) since the site went live.

Feb 6: Added a test for TCP port 9100 (used by printers) to the Test Your Router page.

Feb 5: Added a new page on Routers with Self Updating Firmware that details how Linksys compares to my security checklist.

Feb 2: On the resources page, modified the list of Linksys self-updating routers to note that all of their "Smart-Wifi" branded routers can self-update.

January 2017

Jan 30: Added yet another Netgear router bug to the bugs page

Jan 29: Added another IPv6 tester site to the Test Your Router page: test-ipv6.com from Jason Fesler. Also improved the explanation of UPnP on that page and added a menu to it.

Jan 28: Added two tester sites to the Test Your Router page: ipv6leak.com tests for IP version 6 and dnsleak.com tests for leaking DNS servers

Jan 22: Added two new sections to the New Router page: Port Scanning and Extra Credit.

Jan 19: Added Android malware that attacks TP-Link routers in China to the bugs page.

Jan 18: More router bugs, this time with ZyXel and Billion routers in Thailand. Also added quote from Bruce Schneir on how government regulation is the only solution to router and IoT security to the Other Gripers page.

Jan 14: Added info about FTC lawsuit against D-Link for insecure routers and cameras to the bugs page

Jan 13: Updated the WiFi Encryption page

Jan 6: Assorted updates to the Pepwave Surf SOHO page.

Jan 3: Updated page on Google Wifi/OnHub routers. Added Google custom search of this site. My first crack at this, we'll see how it holds up...




Top 
This page was last updated: January 14, 2018 1PM CT     
Created: November 21, 2015
Viewed 9,426 times since November 21, 2015
(12/day over 790 days)     
Website by Michael Horowitz      
Feedback: routers __at__ michaelhorowitz dot com  
Changelog
Copyright 2015 - 2018