# i keep getting hacked Recommend a router ?!?

## n00bster

so as the title states i keep getting hacked my linux box, im currently using just a generic home wifi router that i notice they are able to nock off line and it reboots and resets. so my first line of defense will be to replace it

can anyone reccomend a good commerical or industry wireless router ?

im going to spend up to 400-500$ on it 

i was told sonicwall is a good one

and 3com has good enterprise office routers.

any information would be good thank you.

----------

## Dlareh

What evidence do you have that you are getting hacked?  Maybe you just have a shitty router?

Try something decent but cheap like a WRT54G.

----------

## n00bster

 *Dlareh wrote:*   

> What evidence do you have that you are getting hacked?  Maybe you just have a shitty router?
> 
> Try something decent but cheap like a WRT54G.

 

the first time it happened i noticed a change in my /etc/group file that had a a nolog script added to every single one. happened twice after that both clean installs. that gave it away then after time and new install portage wouldnt emerge anything then i noticed they masked certain packages and were working on changing my portage to use their own packages. and they changed / edited my /tmp directory where they would store a file that if i looked into it or ran it would crash my console. so i setup hardened gentoo with logs then found which site i was on that i use regularily in which they would use buffer overflows to crash my firefox run / upload these scripts. it needs to stop as i cannot run a hardened gentoo box cause im getting into certain development at school which needs me to access memory which makes me using pax and grsec impossible at the same time.

there pretty smart so i need a way to keep them out before they can even attempt to get in. i need a good enterprise wireless router. theres other people on my network which run several different operating sytems and they have been getting hack attacks too. one computer running windows was turned into a residential gateway. these attacks wont stop and its nearly imposible to trace them as the technique they used usually runs in memory which i canot log or view unless i have a fully configured hardened gentoo box. which i cannot run cause of the work im in.

ps i will not go cheap and decent. i need full out protection at no expense even if it may cost 500-1000$

----------

## Dlareh

Well now, that does sound serious.  If people that sophisticated are really coming in through your wireless, the best investment you can make is cat5.

----------

## n00bster

 *Dlareh wrote:*   

> Well now, that does sound serious.  If people that sophisticated are really coming in through your wireless, the best investment you can make is cat5.

 

no there not coming in through the wireless, the wireless connection is secure.

there coming in accross the internet. sorry i should of clarified. however i do need wireless support.

http://en.wikipedia.org/wiki/WRT54G - i checked it out on wikipedia that looks like a worse router then i have. open firmware could leave to devistating hack attacks

----------

## Ast0r

You could always turn an old system into a router ... a la http://www.gentoo.org/doc/en/home-router-howto.xml

I have a gentoo router running here and it works beautifully. If you properly configure iptables and lock SSH down, there's no no reason why you can't have a very secure router for very cheap (in my case it didn't cost me anything but a couple of hours of my time setting it up ... I already had the extra hardware laying around).

As far as the linksys mentioned ... I think you misunderstand "open firmware". It means that you can put open-source firmware on it (which is  going to be more secure than the original linksys firmware).

----------

## n00bster

 *Ast0r wrote:*   

> You could always turn an old system into a router ... a la http://www.gentoo.org/doc/en/home-router-howto.xml
> 
> I have a gentoo router running here and it works beautifully. If you properly configure iptables and lock SSH down, there's no no reason why you can't have a very secure router for very cheap (in my case it didn't cost me anything but a couple of hours of my time setting it up ... I already had the extra hardware laying around).
> 
> As far as the linksys mentioned ... I think you misunderstand "open firmware". It means that you can put open-source firmware on it (which is  going to be more secure than the original linksys firmware).

 

thank you for your suggestion and i have contimplated this idea through but i belive this would be bad for my case the people i am dealing with are dedicated and skilled they already spent months and because i run gentoo they acctually took the time to learn gentoo inorder to gain access into my computers. i belive that if i were to make a box into a router they would easily gain access into it mask their pressence and from there have an even easier open window into my network. i want to stay away also from having additional chores which would come with such a solution for example updates and checking on it. that is why sonicwall interested me because i belived that the manufacture would keep regular updates on the box so little to non interaction would be required. anything is hackable i have known this for a while but these people are extradoranarily hard to trace as they work in memory via machine code using automated pre-built and tested scripts that give them entry points each time with out me knowing that cover their tracks. the last time was enough after i found that my logs were even being changed to mask their connections and attempts.

a strong enterprise commerical grade quality router is needed, but even if i do obtain one i am afraid that one visit to the same website will still allow them to venture in.

----------

## Dlareh

Oooh, you need a firewall.

OpenBSD is the best; install that on any box and google for tutorials on how to set it up (there are many).

----------

## n00bster

 *Dlareh wrote:*   

> Oooh, you need a firewall.
> 
> OpenBSD is the best; install that on any box and google for tutorials on how to set it up (there are many).

 

i need a new router

i run ip tables i had all correct rules setup via firestarter. i need a first line of defense before i even think about redoing my firewall.

----------

## Dlareh

No.  You need a better firewall.  Firewalls are often lumped together with routers into a single general-purpose device, so I can see how you might be confused.

Read what a router is: http://en.wikipedia.org/wiki/Router

Notice the words "secure" or "security" appear nowhere on that page.

Now take a look at http://en.wikipedia.org/wiki/Firewall_%28networking%29

Many more instances of "security".

Seriously, give OpenBSD a shot.  Or even just m0n0wall would be an improvement (easier to set up).

----------

## n00bster

 *Dlareh wrote:*   

> No.  You need a better firewall.  Firewalls are often lumped together with routers into a single general-purpose device, so I can see how you might be confused.
> 
> Read what a router is: http://en.wikipedia.org/wiki/Router
> 
> Notice the words "secure" or "security" appear nowhere on that page.
> ...

 

i need a ROUTER. i know the difference between a firewall and a router. what i am looking for is a router. a commerical grade with built in firewall router. 

first line of defense. my router is terrible. it can be nocked off line very simply causing it to reboot. sometimes even nocking it off line that i cannot connect. you can get ROUTERS with security and firewalls BUILT into them. for example sonicwall. or VPN wireless routers. that is what i need. that is what im asking for. 

thank you

----------

## Headrush

How long have you been using Gentoo?

Do you have any log of incoming Internet traffic that indicates you are being hacked or just the things you see changed in Gentoo?

What ports do you leave open to outside access and do you need them all?

----------

## n00bster

 *Headrush wrote:*   

> How long have you been using Gentoo?
> 
> Do you have any log of incoming Internet traffic that indicates you are being hacked or just the things you see changed in Gentoo?
> 
> What ports do you leave open to outside access and do you need them all?

 

i been using gentoo roughly 3 years. i have logging feature using syslog-ng iptables which just reports it to kernel which i use to view via mutt and delivered by postfix. i only have the following ports open 20-21,80,443,1863(amsn). im used firestarter to setup my iptables it is on restrictive by default and these are for outbound traffic only for firewalled host.

these people what they do is via the website they buffer overflow my firefox which using machine code injects their shell script into my gentoo box which automatically changes my settings around to give them access. the only thing so far that was close to stopping them was running a hardned gentoo box with stack protection pax/grsec which i noticed would prevent memory leaks when they used the webite to inject this code. they from here procced to mask their work and entry into my computer. i have noticed they have before opened up ports and setup applications like sshd in arbitrary folders to gain entry.

----------

## Dlareh

 *Quote:*   

> i need a ROUTER. i know the difference between a firewall and a router. what i am looking for is a router. a commerical grade with built in firewall router. 

 And I'm telling you, only the firewall aspect is the important part wrt security.

*BSDs make an excellent first line of defense and have full firewall and router functionality.  All you need is a decent box with two network cards to install it on, and route all your internet traffic through it.  It can pretty much do what any <$1000 hardware router/firewall can do, and more.

----------

## n00bster

 *Dlareh wrote:*   

> *BSDs make an excellent first line of defense and can function as a router as well as firewall.  All you need is a decent box with two network cards.

 

i know but i want to stay away from using any type of computer for this task. i wish to have a device specifically designed for it. to make this easier lets just assume im going to be using this in an office building which will run virtual networks with in it. i wish to have a device designed specifically for this task but not a computer i need to update and check.

----------

## n00bster

 *Dlareh wrote:*   

>  *Quote:*   i need a ROUTER. i know the difference between a firewall and a router. what i am looking for is a router. a commerical grade with built in firewall router.  And I'm telling you, only the firewall aspect is the important part wrt security.
> 
> *BSDs make an excellent first line of defense and have full firewall and router functionality.  All you need is a decent box with two network cards to install it on, and route all your internet traffic through it.  It can pretty much do what any <$1000 hardware router/firewall can do, and more.

 

i understand and thank you. but i NEED A NEW WIFI ROUTER device. after i get one that cant be NOCKED OFFLINE i will proceed to redo my firewall.

----------

## Dlareh

Your wireless can be behind whatever router/firewall you decide on, fully protected from the internet.

You could get a decent WRT54G, for instance, and have it behind an OpenBSD router/firewall.

I guess you'll only be happy with one of these: http://www.cisco.com/en/US/products/hw/routers/ps380/index.html

Call Cisco on the phone if you need more advice.  I've heard they're good at explaining ways to waste your money.

----------

## n00bster

 *Dlareh wrote:*   

> Your wireless can be behind whatever router/firewall you decide on, fully protected from the internet.
> 
> You could get a decent WRT54G, for instance, and have it behind an OpenBSD router/firewall.
> 
> I guess you'll only be happy with one of these: http://www.cisco.com/en/US/products/hw/routers/ps380/index.html
> ...

 

thank you i was looking for these types of devices i want to make a list of them read reviews and compare before making my choice

but what you are saying is if i did for example obtain a old computer with 2 network cards i could place the router behind it and it should work fine ... either way i will buy a new router mine is garbage 3 years old it was like a almost first generation wireless router. if there any more you or anyone else can recommend by all means please do so. thank you.

with this router i will still most likely get a computer doing port forwarding via a already made firwall wall os *BSD

----------

## jstead1

[quote="n00bster"] *Headrush wrote:*   

> How long have you been using Gentoo?
> 
> these people what they do is via the website they buffer overflow my firefox which using machine code injects their shell script into my gentoo box which automatically changes my settings around to give them access.

 

I'm certainly not a security expert, but if they are causing a buffer overflow by you visiting their website, isn't it a firefox bug, that a buffer over flow gives them what must be escalated privliges?  How is a router going to help that?

If you meant they visit a website you host on your box, and they can cause a buffer overflow and get escalated privliges, isn't it a problem with your website, or webserver?

----------

## projkt4

i'm not sure why you are so insistant that you need a new router. as has been explained, a router does not seem to be what you are looking for. routers, as the name impies are designated for direcint (routing) your ip traffic, whereas you seem to be discussing your discontent with your security eg, your firewall. (though as jstead pointed out if its a problem ith a webpage its either going to be a problem with firefox, or your webserver.) firewalls prevent or dictate what traffic is allowed into your network depending on a set of rules that you (or another person) have created. I am tempted to as though a) what site you have been going to that gets you "hacked" and b) why you are determined to return to said site if you know it poses a threat to you or your systems. back to the original point of this thread though is that i believe you may have been confused in your terminolgy as i believe you plan to place your router in front of your firewall, please correct if i am mistaken. a firewall should be your first line of defense, connected inbetween the WAN and your LAN. I hope this helps clear some things up. Also I would like to comment that a "commercial" grade firewall/routers capabilities can be replicated or even exceeded with the various opensource firewalls out there today, please do not mistake opensource with vulnerable.

----------

## think4urs11

an (enterprise grade or not) router/firewall alone won't help you.

If they use your browser as attack vector and/or the website you're hosting then you definately should check and harden both your workstation and webserver setup.

Whether or not your first line of defense is a Checkpoint FW-1 or a Cisco PIX or a OpenBSD-pf or even a Gentoo-iptables doesn't matter here as long as all of them are setup correct, secure and are hardened and tight down to the minimum (you need to work). Don't rely on WEP, use WPA2 _and_ use an additional authentication server (no preshared keys!), alternatively use a VPN over wireless (e.g. OpenVPN of course only with certificates, no password auth).

What you _do_ need is a multi-layered approach and a firewall (in this case a packetfilter) is only the very frist line of defense which can be circumvented when an attacker uses higher-leveled (in terms of ip stack) attacks like buffer overflows on the clients behind (FF as you mentioned) and alike.

You need to understand that a firewall is not only a machine with a packetfilter (i.e. works on layer 3+4 of the ip stack in most cases) but the firewall beeing a concept which works on all possible layers (including layer 8 - thats the user itself). As long as any of the layers isn't properly secured you're busted - sooner or later ...

Think about snort sensors (in front of and behind the first firewall and in e.g. every DMZ segment, behind your inner firewall and alike), hardening of all workstations and servers you have, harden your webserver (php comes to mind, access rights the webserver user has on the filesystem, etc.), use a properly setup proxy (squid, privoxy, dansguardian, squidguard) for outgoing internet traffic and vice versa a reverse proxy, do not use telnet, plain ftp, ssh with passwords (but use public key with strong passphrases), have something like tripwire/AIDE installed everywhere, use a dedicated (and tightened/hardened to the extreme) loghost, etc.

----------

## nico_calais

 *n00bster wrote:*   

>  *Dlareh wrote:*   Well now, that does sound serious.  If people that sophisticated are really coming in through your wireless, the best investment you can make is cat5. 
> 
> no there not coming in through the wireless, the wireless connection is secure.
> 
> there coming in accross the internet. sorry i should of clarified. however i do need wireless support.
> ...

 

Wireless will always be the wekeast link of a network.

----------

## Ast0r

 *n00bster wrote:*   

> so i setup hardened gentoo with logs then found which site i was on that i use regularily in which they would use buffer overflows to crash my firefox run / upload these scripts. it needs to stop as i cannot run a hardened gentoo box cause im getting into certain development at school which needs me to access memory which makes me using pax and grsec impossible at the same time.

 A firewall is not going to protect you from buffer overflows. That is outside the scope of ANY firewall/router/whatever. That is about client-side security. I, too, wonder why it is that you continue to frequent a site that you KNOW contains malicious code? Are you unable to not go there? At the very least, you could set up your hosts file to redirect requests to that domain to 127.0.0.1 or something. That alone would do more to help you (if I understand your problem correctly) than buying some ridiculous $600 Cisco router.

Just for the record, I hardly spend any time at all updating my Gentoo router. The maintenance is really a non-issue. As long as you do emerge -auvtND world every couple months, you should be fine.

Also, when you say "the wireless connection is secure" ... what do you mean? Are you using WEP, WPA pre-shared key, WPA with a radius server? Just so that you know, WEP is NOT secure - it can be cracked in a matter of seconds.

Lastly, I have serious doubts that there is any real security policy in effect on your local machine if it continues to be compromised. Are you allowing root SSH logins? Are you running any kind of local firewall? What daemons do you have running? It would be far wiser to determine the exact intrusion trajectory, rather than blindly throw money at expensive toys so that you don't have to deal with it. Eventually you are going to have to deal with it anyway.

----------

## Dlareh

If firefox buffer overflows are the problem, try konqueror...

----------

## Ast0r

 *Dlareh wrote:*   

> If firefox buffer overflows are the problem, try konqueror...

 

... or run Firefox in Wine. It has a totally different file system context!

Btw, n00bster ... do you run Firefox as root? How else can a buffer overflow in userland cause his whole machine to be compromised?

----------

## Dlareh

local root exploits, I guess... nvidia binary driver for instance

----------

## Zmyrgel

Switch to Opera as it is currently the most secure browser...

Also secure your other services as instructed. Router makes you a bit safer but without a firewall it's useless and build in firewalls aren't great until we get to the 'heavy stuff' marked Cisco...

----------

## Aurisor

For me the biggest two "red flags" when trying to help someone with security issues are:

1) The insistence that a very organized and determined individual / group is consistently penetrating their defenses

2) An insistence on spending a lot of money on the issue

Honestly, n00bster, you need to go through the attack vectors one by one.

Getting exploited by malicious code on the net?  Raise your security settings, change browsers, run the browser in a chroot jail, disable scripting, stay off shady sites, block known bad domains.

Getting unauthorized connections to your machine?  Close unnecessary ports, move services to random ports if possible, stay up on your security patches.

Having unauthorized connections to your wifi?  Use stronger keys, don't broadcast the id, etc

Routers and firewalls are just tools that skilled people can use to exercise more fine-grained control over their setup.

Security is not like processing power.  If you throw enough money at a machine, it will get faster.  Security requires lots of knowledge and diligence.

If you want to give us step by step information and follow our recommendations, I'm sure you'll do fine.  If you'd rather just throw money at it, find someone smart and pay them to fix your setup.  Either way, buying new toys will not help your situation.

----------

## Aurisor

 *Zmyrgel wrote:*   

> Switch to Opera as it is currently the most secure browser...

 

That's a highly subjective statement.

----------

## carpman

Use www.smoothwall.org

----------

## Ast0r

 *Zmyrgel wrote:*   

> Switch to Opera as it is currently the most secure browser...

 

How do you figure? It's not open-source and it has a *very* small share of the total number of browsers. You can't rely on security by obscurity.

----------

## Dlareh

Browser security is not subjective.

You are least likely to encounter security problems when using a relatively obscure browser like Konqueror and Opera.

Less likely doesn't mean you are safe, but it does mean you are safer.

----------

## n00bster

[quote="jstead1"] *n00bster wrote:*   

>  *Headrush wrote:*   How long have you been using Gentoo?
> 
> these people what they do is via the website they buffer overflow my firefox which using machine code injects their shell script into my gentoo box which automatically changes my settings around to give them access. 
> 
> I'm certainly not a security expert, but if they are causing a buffer overflow by you visiting their website, isn't it a firefox bug, that a buffer over flow gives them what must be escalated privliges?  How is a router going to help that?
> ...

 

to be clear it is a website i visit which from there they run the exploit.  a new router will help as mine is old and useless, it is very easy for them to nock it offline as they have been doing if i do not visit the website.

----------

## n00bster

 *projkt4 wrote:*   

> i'm not sure why you are so insistant that you need a new router. as has been explained, a router does not seem to be what you are looking for. routers, as the name impies are designated for direcint (routing) your ip traffic, whereas you seem to be discussing your discontent with your security eg, your firewall. (though as jstead pointed out if its a problem ith a webpage its either going to be a problem with firefox, or your webserver.) firewalls prevent or dictate what traffic is allowed into your network depending on a set of rules that you (or another person) have created. I am tempted to as though a) what site you have been going to that gets you "hacked" and b) why you are determined to return to said site if you know it poses a threat to you or your systems. back to the original point of this thread though is that i believe you may have been confused in your terminolgy as i believe you plan to place your router in front of your firewall, please correct if i am mistaken. a firewall should be your first line of defense, connected inbetween the WAN and your LAN. I hope this helps clear some things up. Also I would like to comment that a "commercial" grade firewall/routers capabilities can be replicated or even exceeded with the various opensource firewalls out there today, please do not mistake opensource with vulnerable.

 

i wont post what website it is but i have to return to it regularly. and i will be getting a router no matter what that is why i am looking for recommendations. it will be commerical grade however i am now considering haveing a linux/or *BSD box infront of it doing routering directly from my internet connection then going into the router.

----------

## n00bster

 *Ast0r wrote:*   

>  *n00bster wrote:*   so i setup hardened gentoo with logs then found which site i was on that i use regularily in which they would use buffer overflows to crash my firefox run / upload these scripts. it needs to stop as i cannot run a hardened gentoo box cause im getting into certain development at school which needs me to access memory which makes me using pax and grsec impossible at the same time. A firewall is not going to protect you from buffer overflows. That is outside the scope of ANY firewall/router/whatever. That is about client-side security. I, too, wonder why it is that you continue to frequent a site that you KNOW contains malicious code? Are you unable to not go there? At the very least, you could set up your hosts file to redirect requests to that domain to 127.0.0.1 or something. That alone would do more to help you (if I understand your problem correctly) than buying some ridiculous $600 Cisco router.
> 
> Just for the record, I hardly spend any time at all updating my Gentoo router. The maintenance is really a non-issue. As long as you do emerge -auvtND world every couple months, you should be fine.
> 
> Also, when you say "the wireless connection is secure" ... what do you mean? Are you using WEP, WPA pre-shared key, WPA with a radius server? Just so that you know, WEP is NOT secure - it can be cracked in a matter of seconds.
> ...

 

Im not too worried about the wireless because where i am located nobody will be accessing it. no i do not allow SSH logins or even root account to be used on any tty terminal unless it is sudo'd via wheel group. my damon are minimal i will lost them now 

acpid,alsasound,atieventsd,bootmisc,checkfs,checkroot,chpax,clamd,clock,hostname,iptables,kermaps,local,localmount,modules, netmount,nscd,rmnologin,rsyncd,urandom,vixie-cron.

what the problem is once they run the exploit they have specific code written to already to gain root access and change settings and give them an entry in. my view of point now is that i cant protect against that. thats given. so atleast a seperate device cant help me keep them out.

----------

## n00bster

 *Ast0r wrote:*   

>  *Dlareh wrote:*   If firefox buffer overflows are the problem, try konqueror... 
> 
> ... or run Firefox in Wine. It has a totally different file system context!
> 
> Btw, n00bster ... do you run Firefox as root? How else can a buffer overflow in userland cause his whole machine to be compromised?

 

no i run firefox via userspace via user account. i once found a file on my computer they uploaded which when if i tried to open it or run it would crash my console turn all the leters in to weird symbols. i assume this is what gives them enough control before they procceed to test various pacakges already on teh system to gain root.

----------

## n00bster

 *ishan wrote:*   

> For me the biggest two "red flags" when trying to help someone with security issues are:
> 
> 1) The insistence that a very organized and determined individual / group is consistently penetrating their defenses
> 
> 2) An insistence on spending a lot of money on the issue
> ...

 

i will look into running firefox within a chrootjail. 

but my idea and concept of thinking is that even if i do a clean install and i notice my router is being nocked off line during it i know they are already trying to find a way in. i will buy a new router it will be commerical grade. that way atleast when im starting from scratch again i know it is not as lucky to be compromised during the install. 

i wish to get a new router no matter what that incase the box is compromised i can hope it will atleast keep them from using specific ports as they wont have access into changing the settings.

----------

## rokstar83

If you are getting nailed by buffer overruns switch to hardened toolchain and get PIE and SSP on your machine.  I don't care how fancy a router you get, if someone can make it go crazy they almost always die in an open state.  If you plan on spending the money on an commercial grade router you could have built a really simple nix box that would protect you much better.  I'm talking like really simple, old mobo $50, old chip $50, some ram $50, 2 NICs $50.  Then hardended toolchain, PIE, SSP, Iptables, tripwire, and ... I can't remember the name of that honey pot program.

----------

## projkt4

ok, you got me. I'm dying to know what could be so important that you are willing to spend $600 < on a piece of equipment that will be more or less use less unless you also purchase the service contract for (so someone else can administer your "router" *cough* firewall * cough*)  what is so imprtant on this site that you  cannot get on another site, one that isnt administered by evil haxxor lords. all i can imagine is that it's not legal but to what realm of illegal i cannot fathom. please enlighten us to what could drive you to repeatedly expose yourself to known hackers.

----------

## Ast0r

 *projkt4 wrote:*   

> ok, you got me. I'm dying to know what could be so important that you are willing to spend $600 < on a piece of equipment that will be more or less use less unless you also purchase the service contract for (so someone else can administer your "router" *cough* firewall * cough*)  what is so imprtant on this site that you  cannot get on another site, one that isnt administered by evil haxxor lords. all i can imagine is that it's not legal but to what realm of illegal i cannot fathom. please enlighten us to what could drive you to repeatedly expose yourself to known hackers.

 

Seriously. I am so curious that I will go to the trouble of setting up a virtual machine to see what these exploits are that you are talking about. If the virtual machine is compromised, it's no big deal, I can just delete it.

Also, how do you know that "hackers" are knocking your router offline? If the router sucks as much as you are indicating (and old Belkin POS) then it's possible that it's going offline of its own volition (I've seen tons of cheap "toy" routers with this symptom). *n00bster wrote:*   

> but my idea and concept of thinking is that even if i do a clean install and i notice my router is being nocked off line during it i know they are already trying to find a way in. i will buy a new router it will be commerical grade. that way atleast when im starting from scratch again i know it is not as lucky to be compromised during the install.

 I'm not sure that I understand how it is that your box would be compromised durnig install. If you don't start any daemons during the install, how are they going to compromise it? Furthermore, if it's behind a router doing NAT, then there's no reason traffic (other than the rsync and http traffic to sync portage and download tgz's) would even be able to go to the machine. And even if they "hack" your router or "knock it offline" during the install if there are no daemons running, then all the port forwarding in the world isn't going to do them any good; there has to be a workable attack vector.Last edited by Ast0r on Wed Oct 25, 2006 7:56 am; edited 3 times in total

----------

## rokstar83

 *Ast0r wrote:*   

> 
> 
> Also, how do you know that "hackers" are knocking your router offline? If the router sucks as much as you are indicating (and old Belkin POS) then it's possible that it's going offline of its own volition (I've seen tons of cheap "toy" routers with this symptom).

 

Agreed.  My linksys router will go down if someone looks at it crosseyed.

----------

## tomatopi

This reminds me of that old doctor's joke.

Patient: "Doctor, it hurts when I bend by elbow this way."

Doctor: "Then don't bend your elbow that way."

I'm no security expert, but I can't understand how a client-initiated web session which contains an exploit would be blocked by a hardware router/firewall.

----------

## Lloeki

 *Quote:*   

> more or less use less unless you also

 

I'm tired, and it took me 3 minutes to just read that  :Wink: 

 *Quote:*   

> I'm no security expert, but I can't understand how a client-initiated web session which contains an exploit would be blocked by a hardware router/firewall

 

well, you can: it won't.

 *Quote:*   

> This reminds me of that old doctor's joke. 

 

Well, the situation and this joke reminds me of that other joke:

 *Quote:*   

> - doctor, my whole body aches:
> 
> if I press my finger on my foot, it hurts
> 
> if I press my finger on my knee, it hurts 
> ...

 

The morale being that you may just not be looking in the right direction at all.

To the author of the thread, there are a couple of things I don't understand:

- why do you insist on not analyzing the problem in a rationalized way? you just go all out yelling some unbacked facts...

- why do you insist on surfing the supposedly compromised website?

- why do you insist on wasting money on a piece of equipment which will be 90% useless to you?

- why do you insist on saying that your router is being knocked off? isn't it the computer which is attacked?

- why do you insist on not formatting your posts correctly, or at least punctuate it decently?

 *Quote:*   

> i once found a file on my computer they uploaded which when if i tried to open it or run it would crash my console turn all the leters in to weird symbols

 

That one is good. First, why would you run some suspected file? Second, I never heard of 'less foo' crashing a console... though if you cat some binary file, it may haphazardly contain some escape sequence screwing up the display. But hey, that's no virus or whatever.

 *Quote:*   

> it is very easy for them to nock it offline as they have been doing if i do not visit the website.

 

That one is particularly laugha^D^D^D^D^D^D arguable. What kind of terrorism is that? "you don't come to our website, we will cut the line, muahahaha". That's insane. How could you possibly believe that?

All that discussion makes me think that you basically don't know how things work, let alone how to fix them...

----------

## Aurisor

 *Dlareh wrote:*   

> Browser security is not subjective.
> 
> You are least likely to encounter security problems when using a relatively obscure browser like Konqueror and Opera.
> 
> Less likely doesn't mean you are safe, but it does mean you are safer.

 

I never said browser security is subjective.  I said declaring Opera as the most secure browser is subjective.

Any quantifiable measure becomes subjective when you stop saying "X is the best given metric Y and circumstances Z" and start saying "X is the best Y".

----------

## Dlareh

 *ishan wrote:*   

> I said declaring Opera as the most secure browser is subjective.

 

It's not.  It's an objective statement.  It may not be correct, but that doesn't make it subjective.

----------

## Aurisor

 *Dlareh wrote:*   

>  *ishan wrote:*   I said declaring Opera as the most secure browser is subjective. 
> 
> It's not.  It's an objective statement.  It may not be correct, but that doesn't make it subjective.

 

 *m-w.com wrote:*   

> 
> 
> a (1) peculiar to a particular individual : PERSONAL <subjective judgments>  (2) : modified or affected by personal views, experience, or background <a subjective account of the incident> b : arising from conditions within the brain or sense organs and not directly caused by external stimuli <subjective sensations> c : arising out of or identified by means of one's perception of one's own states and processes <a subjective symptom of disease> -- compare OBJECTIVE 1c
> 
> 

 

The original exchange was this:

a) Switch to Opera as it is currently the most secure browser...

b) That's a highly subjective statement.

i.e.

That statement is peculiar to a particular individual. (Meaning Opera is only the most secure browser in your opinion.)

That statement is modified by your personal views, experience or background. (Meaning your personal views, instead of some kind of objective, thorough methodology, are leading you to that conclusion.)

That statement is arising out of your own perception. (Meaning your own biases and experience are leading you to say something is universally true when it only appears so to you.)

If you're going to derail the thread into an argument about semantics, at least be right.

----------

## Dlareh

I was wrong to say "It's not".  It may be.  What I was trying to say is that you have no way of knowing for certain that it in fact was.

Being mistaken about something does not mean you are being subjective.

----------

## Ast0r

 *tomatopi wrote:*   

> I'm no security expert, but I can't understand how a client-initiated web session which contains an exploit would be blocked by a hardware router/firewall.

 DING DING DING. WE HAVE A WINNER!

Yes, that's what a number of us have basically been saying for a whole page now, but n00bster doesn't want to listen to us.

----------

## Dlareh

I think n00bster may understand that -- sort of -- but he's also tired of his router being "reset" and thinks he needs a commercial hardware to replace it.

----------

## n00bster

im sorry as i do not have time to answer the questions and replies right now but i would like to thank everyone for their inputs and comments. however can we simply stop with the already too late derailed thread and just have a simple list made of good enterprise wireless routers. i will return and reply to everyones comments, and i understand what you are trying to tell me, but i am replacing my router, and at this point all i simply ask and have been asking for are reccomendations for a new router. i havnt even started to trace my problem and i wont untill i get a new router. i am and have been thinking over it. i will obtain a new router. get an old computer run some sort of firewall pre-built OS on it... then take preventative measures against what is happeend. starting with simple chroot jail for my browser.

i now know a router will not help solve my problem. but it WILL make me feel more secure then the one i have. and i am replacing it.

----------

## xtlosx

this guy sounds like a real dummy.. he didn't seem to understand that using an openbsd box as a firewall and having a wrt behind it is viable.... yeesh

and him being hacked just sounds like he doesn't know what he's doing, which is evident in the way he explains things...

----------

## n00bster

i really do not have any substantial evidence they are the ones nocking my router offline, however one time following a noticeble sequence of events with backing of logging system and network activity i came to the conclusion they are the ones nocking my router offline. which ever the case maybe if the router is it self disfunctioning or if they are nocking it offline. i do however need a new router. preferably a nice commerical grade one. which one user recommend with cisco. its hard to belive that out of 3 pages of posts it was only 1 user 1 time who recommened 1 router. 

of course good ideas and concepts are being thrown around but the entire concept of the thread has been missed.

----------

## Lloeki

well, if you want a good router, my wrt54g v5 loaded with ddwrt does a really nice job. beats the crap out of some 5-10x priced routers.

----------

## Noven

For a good 'enterprise grade' router for a small network (with ADSL?) the Cisco 857W is pretty nice. It has 4 LAN ports and wireless. Apart from performing basic router functions you also get access to a Cisco IOS to play with. If you have never used CIOS before you should be able to get it up and running in no time at all... maybe 3-4 hours to figure out. They do have some windows setup software, never tried it though. I got one for my CCNA practice lab, you can pick them up for ~$300. 

From a security point of view it does almost as good a job as my old P3 with OpenBSD. If that box ever dies I would probably put it into active service until I get a replacement OBSD box.

----------

## Headrush

 *n00bster wrote:*   

> its hard to belive that out of 3 pages of posts it was only 1 user 1 time who recommened 1 router.

 

If you had just asked for recommendations of routers I think you would have got more answers strictly on that.

I believe a lot of people read your original problem and weren't convinced the problem wasn't partly self induced or that is was indeed a problem with being hacked. Whether right or wrong, I think that this and you asking about good routers for problems handled by firewalls caused some confusion and misunderstanding.

Plus, Lloeki asked some very important questions, IMHO, and your response was: "I'm too busy to answer. Can we move on and just give me a list of routers".

Everyone here is trying to help you and trying to point out some problems in your diagnosing skills and questioning what you have already accepted as the correct answer, a new router.

----------

## Shazer

I use IPCop for a Router/firewall.  It has all of the capabilities of an enterprise grade appliance and you don't have to update/administer much.  I also added the Guardian addon found here and installed the Advanced Web Proxy, URL filter, and update Accelerator from here.  The guardian addon will enforce oink rules from snort.  it's very powerfull.  Web proxy will protect your internal clients as well.  the URL filter will enforce squid rules and block unwanted websites.

I installed the OpenVPN addon for IPCop and that can be downloaded here.  I tell you, those h4x0rz will not be able to f00k with you after you have the tools setup properly.  My setup is the following

My IPCop has four NICs.

NIC 1 Red       = Internet

NIC 2 Green    = Wired internal network

NIC 3 Blue       = Wireless

NIC 4 Orange  = DMZ

Each NIC has a subnet.

Green   = 192.168.0.0

Blue      = 192.168.1.0

Orange = 192.168.100.0

Red      = Clowd

So it's segmented and the only way to access green from blue is through VPN.  It works great.

Good luck with your venture and hope this helps.

----------

## n00bster

 *Shazer wrote:*   

> 
> 
> My IPCop has four NICs.
> 
> NIC 1 Red       = Internet
> ...

 

what do u mean by wireless, do you have it going to a wireless router. or do u use a wireless card. or another device.

----------

## Dlareh

 *n00bster wrote:*   

> what do u mean by wireless, do you have it going to a wireless router. or do u use a wireless card. or another device.

 

Probably goes to a wireless access point, which may also be a router, but doesn't have to be.

----------

## Shazer

I use a wrt54g that connects to the blue ethernet card that is in my IPCop box.  I have configured the Linksys WRT54g as a router not a gateway and I disabled the DHCP so that it uses IPCop for Wireless DHCP addressing.

----------

## nobspangle

Is this guy for real?

Let's sort the facts.

1. You are having problems with the stability of your wireless router

2. You found a file on your machine that when read in a text program it messes up the display in your console.

Now let's look at your paranoia

1. You believe you are being hacked as a result of visting a website running some kind of exploit which gives them root access to your computer.

2. You believe that the scale of the attack is so great that the attackers are replacing your portage with one of their own design for that your will unwittingly install packages to compromise your security

3. You believe that in order to the above the attackers studied the gentoo OS until the understood it to such a degree they could launch attacks on your system using exploits previously undiscovered.

If you want to buy a new wireless router that will serve your purpose, try a netgear, linksys or something else similar. If your current router is very old, chances are something costing around $100.

If you don't want to be hacked by a website, don't go to the website.

Alternativley you could waste $500-$1000 on a cisco, 3com, or nortel router with out having the first understanding of the difference between a firewall, a router and a wireless access point.

The important thing to relaise about 'enterprise' routers is that you are paying a premium for features like remote manageablity, backup dialup, common interface across all the routers in your 'enterprise' etc. You are not paying for stability and in the case of an ADSL router you are not paying for speed.

If you want a decent router I recommend this one

----------

## Shazer

Wow,

That is quite the tool.   :Laughing: 

----------

## Aurisor

 *n00bster wrote:*   

> 
> 
> ....
> 
> 

 

-1, Troll

----------

## carpman

 *Shazer wrote:*   

> I use IPCop for a Router/firewall.  It has all of the capabilities of an enterprise grade appliance and you don't have to update/administer much.  I also added the Guardian addon found here and installed the Advanced Web Proxy, URL filter, and update Accelerator from here.  The guardian addon will enforce oink rules from snort.  it's very powerfull.  Web proxy will protect your internal clients as well.  the URL filter will enforce squid rules and block unwanted websites.
> 
> I installed the OpenVPN addon for IPCop and that can be downloaded here.  I tell you, those h4x0rz will not be able to f00k with you after you have the tools setup properly.  My setup is the following
> 
> My IPCop has four NICs.
> ...

 

Hello, how do you find IPCop?

I have been using smoothwall since its inception but it does not seem to be moving forward?

Even had a run in with the infamous Richard Morrel  :Smile: 

----------

## AA

Skipped page 2 and only skimmed over page 3, but...

The biggest security risk any organisation or network faces is uneducated users. 

Have you ever thought that maybe you should STOP VISITING THAT SITE?

Oh, and cat-ing any binary file will mess up your display.

----------

## Shazer

you can get IPCop from http://ipcop.org.  Have fun   :Very Happy: 

----------

## Shazer

This thread has gone above and beyond the scope of the original question.  I agree with nobspangle, stop going to the site and get yourself a new router/switch/gateway.  Problem solved.   :Laughing: 

----------

## gestah

noobster

 *Quote:*   

> 
> 
> these people what they do is via the website they buffer overflow my firefox which using machine code injects their shell script into my gentoo box which automatically changes my settings around to give them access. the only thing so far that was close to stopping them was running a hardned gentoo box with stack protection pax/grsec which i noticed would prevent memory leaks when they used the webite to inject this code. they from here procced to mask their work and entry into my computer. i have noticed they have before opened up ports and setup applications like sshd in arbitrary folders to gain entry.

 

Hi, so i think u are a bit confused...

first of all, if someone uses buffer overflow on firefox, the executing shell code on the stack will have firefox privileges, so if u are running it as user, it cannot make much damage.

second, why do you want to see compromised websites?

third, how do you know it's really firefox buffer overflow exploit....to me it seems a bit strange.

 -the best thing it's to have iptables correctly configured, all POLICIES set to DROP, and open only selectively the ports.

 - change your passwords ( root and user)

 - run SSHD deamon only if you need a remote connection

 - install SNORT (intrusion detection system)

a ROUTER WILL NOT PROTECT you to BUFFER-OVERFLOW EXPLOITS, since if you are running a program (in internet) that is subject to buffer overflow exploiting, you will have to tell the router to let the program access the internet....so the router is not the correct countermeasure you have to take.

ROUTER = routing box(PC or the common router you buy at stores), FIREWALL = IPTABLES.

----------

## madisonicus

I'm curious what router you got, noobster.  And whether it helped out any.

----------

## LennyNero

 *n00bster wrote:*   

> http://en.wikipedia.org/wiki/WRT54G - i checked it out on wikipedia that looks like a worse router then i have. open firmware could leave to devistating hack attacks

 

No. A bad admin leaves to devistating hack attacks. OpenWRT on a Buffalo router is a powerful little device.

----------

## Boohbah

 *Aurisor wrote:*   

>  *n00bster wrote:*   
> 
> ....
> 
>  
> ...

 

----------

## relrobber

If he thought they were crashing his router, why didn't he just put a hardware firewall (bought or a 'nix box) in front of the router?  That would either stop the router attacks (w/ good rules) or prove that the router really is crappy and dying on its own.  Then he wouldn't "have to" visit their site any longer.

----------

## bunder

this kinda reminds me of the guy who though he was getting hacked when it was only his wireless keyboard picking up the neighbourhood's keypresses.   :Laughing: 

----------

## jhallward

Honestly, if it's just some dudes that are dedicated to hacking you, rather than spend 500-1000 on a new router, why don't you just pay your local college hacker that money to hack them back, get you their names and addresses as well as evidence of their intrusion, and then turn it over to the police.  The benefit of this solution is that you can wait outside their houses with a digital camera when they get arrested and post the pictures here.

----------

## Erulabs

 *Quote:*   

> http://en.wikipedia.org/wiki/WRT54G - i checked it out on wikipedia that looks like a worse router then i have. open firmware could leave to devistating hack attacks

 

Firstly, the WRT54G(L) is a terrific home router. I work for a ISP, Voip being a major money-maker, and the WRT (with DD-WRT) series is our hands-down recommendation for home setups. If you want to buy a 'enterprise' class router, look at the newest Adtran NetVanta 1335 (although this is NOT what you need).

Secondly, open firmware leads to "hack attacks"? My network involves a Gentoo box with Iptables, and a Cisco (catalyst 1900) switch. Obviously, Iptables is open software.

----------

