Re: [PLUG] How to confirm my router is safe

2018-04-25 Thread Russell Senior 
On Wed, Apr 25, 2018 at 7:30 AM, Louis Kowolowski 
wrote:

> MAC filtering is a low bar, for sure. However, its still a bar, and it
> will trip some people.
> 802.1x is much better. Captive portal may be reasonable, depends on what
> the capabilities of the AP are.
>

If you want to keep people from using a wireless network, using WPA2 and a
Pre-Shared Key (PSK) is probably good enough for most people.  MAC
filtering is a useful tool in some cases, but it's primary utility is where
you have an intentionally open network and there is someone in particular
abusing it.  Depending on the problem, you might better filter at the
routing layer instead.

In my experience with Personal Telco Project, back when we used to need to
occasionally intervene with bittorrenters, a very small minority of people
know how to change their MAC address.  I think I encountered 3 people who
were abusing our networks and also able to change their MAC address, and it
turned out in every case there was a solution to that problem also (ask me
in person for details).  I haven't needed to block anyone on any of our
60-odd Personal Telco networks in probably 18-24 months.

I'll just comment here that beyond the public-benefit component of Personal
Telco Project networks, the primary value-add of using us over just buying
a router off the shelf and plugging it in (which works too), is that the
firmware we put on the router hardware includes management tools not
normally available.  If there is someone abusing a network (intentionally
or unintentionally), we can diagnose and create a tailored remedy beyond
the blunt instrument of just turning off the network or changing the PSK
again.

-- 
Russell Senior, President
russ...@personaltelco.net
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-25 Thread Louis Kowolowski 
On Apr 25, 2018, at 8:24 AM, Tomas Kuchta  wrote:
> 
> Every time I hear about MAC address filter - I wonder who are we trying to
> secure the network from.
> 
> It can make things difficult for friends who we not only need to tell your
> password, but also go to the office, turn on the PC, figure out their MAC
> and white list it. Quit a bit of a hassle for every single device.
> 
> It sure has no effect on an intruder from some far away land out of reach
> of the Wlan.
> 
> It has no effect on a neighbor who knows the Wlan password, because they
> can simply listen to your traffic, see some MAC which works and use that to
> connect.
> 
> Random passer by would not know your password.
> 
> Kid's, spouse's friends - that will surely cause constant nagging and
> judgement comments, not worth it, for sure.
> 
> So the only people I can think of it successfully deters are the ones we
> care about.
> 
> Did I forgotten about somebody?
> 
MAC filtering is a low bar, for sure. However, its still a bar, and it will 
trip some people.
802.1x is much better. Captive portal may be reasonable, depends on what the 
capabilities of the AP are.

As a general rule, people that attack your WiFi are not in a far-off land. The 
radio signal isn't that strong.

--
Louis Kowolowskilou...@cryptomonkeys.org 

Cryptomonkeys:   http://www.cryptomonkeys.com/ 


Making life more interesting for people since 1977

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-25 Thread Tomas Kuchta 
Every time I hear about MAC address filter - I wonder who are we trying to
secure the network from.

It can make things difficult for friends who we not only need to tell your
password, but also go to the office, turn on the PC, figure out their MAC
and white list it. Quit a bit of a hassle for every single device.

It sure has no effect on an intruder from some far away land out of reach
of the Wlan.

It has no effect on a neighbor who knows the Wlan password, because they
can simply listen to your traffic, see some MAC which works and use that to
connect.

Random passer by would not know your password.

Kid's, spouse's friends - that will surely cause constant nagging and
judgement comments, not worth it, for sure.

So the only people I can think of it successfully deters are the ones we
care about.

Did I forgotten about somebody?

Tom

On Tue, Apr 24, 2018, 9:12 PM Dick Steffens  wrote:

> On 04/24/2018 02:26 PM, Rich Shepard wrote:
> > Brian Krebs had a blog post on this a while ago. The key thing to do --
> > unless I'm badly mistaken -- is to change the admin's password from the
> > factory default.
>
> That one I knew about when I got the router, and it has a password only
> I know. And it also has a wireless pass phrase that only I and a few
> friends who visited in the past know of. Most of them are
> unsophisticated enough that they probably forgot it, although their WiFi
> enabled devices probably still have it.
>
> > If your LAN is on a different class C subnet, change the
> > router's IP address from the standard 192.168.1.1 to an address on your
> > subnet.
>
> Not on a different subnet.
>
> >   And, while risking the wrath of Russell, limit access to the MAC
> > addresses
> > of your local hosts that will access it via radio.
>
> I hadn't thought of that one. It would be in addition to the pass
> phrase, and that would cover visiting friends who have been here before.
>
> --
> Regards,
>
> Dick Steffens
>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Dick Steffens 

On 04/24/2018 09:32 PM, Russell Senior wrote:

President Obama and a kid are sitting at a school cafeteria lunch table.
Kid says: "My dad says you are spying on all of us"; Obama says: "He's not
your father."


They got me the day I forgot to put on my tin foil hat.

--
Regards,

Dick Steffens

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Russell Senior 
President Obama and a kid are sitting at a school cafeteria lunch table.
Kid says: "My dad says you are spying on all of us"; Obama says: "He's not
your father."

On Tue, Apr 24, 2018 at 9:28 PM, Dick Steffens 
wrote:

> On 04/24/2018 05:07 PM, Ben Koenig wrote:
>
>> https://www.opb.org/news/article/npr-sounding-the-alarm-
>>> about-a-new-russian-cyber-threat/
>>> <...>
>>>
>>
>> Dear God. You just linked to an HTTPS website that contains insecure
>> content. I examined the source code for that web page, and nearly drowned
>> in the tsunami of Javascript that filled my screen.
>>
>
> I'm guessing the web team at OPB is schooled in doing what looks good, and
> isn't so aware of best security practices.
>
>
> --
> Regards,
>
> Dick Steffens
>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Dick Steffens 

On 04/24/2018 08:14 PM, Larry Brigman wrote:

The second piece that I saw was to turn off upnp protocol.
Akamai(sp?) has a white paper about it and a list affected routers.


I'll check that out.

Thanks to all folks who responded to my question. I learned a few 
things, but am grateful earlier advice was good and I'm not likely to be 
a botnet host.


--
Regards,

Dick Steffens

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Dick Steffens 

On 04/24/2018 05:07 PM, Ben Koenig wrote:

https://www.opb.org/news/article/npr-sounding-the-alarm-
about-a-new-russian-cyber-threat/
<...>


Dear God. You just linked to an HTTPS website that contains insecure
content. I examined the source code for that web page, and nearly drowned
in the tsunami of Javascript that filled my screen.


I'm guessing the web team at OPB is schooled in doing what looks good, 
and isn't so aware of best security practices.



--
Regards,

Dick Steffens

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Dick Steffens 

On 04/24/2018 03:21 PM, Louis Kowolowski wrote:


I'd also run by https://www.grc.com/x/ne.dll?bh0bkyd2 
 and make sure it doesn't find anything.


It passed the File Sharing test.
On the Common Ports test all are either labeled as Stealth or Closed.


Also, as somebody else suggested, keep your firmware updated. What ever is the most 
recent "stable" train is what you want. I'd suggest making it a quarterly check 
to ensure things stay up to date.


Right. As Russell mentioned, a new version is due out next month. I'll 
install that then.



--
Regards,

Dick Steffens

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Dick Steffens 

On 04/24/2018 03:16 PM, Russell Senior wrote:

https://www.us-cert.gov/ncas/alerts/TA18-106A

There is some discussion of SOHO routers but none of the vulnerabilities
mentioned apply to you.  They mention:

   Telnet (typically Transmission Control Protocol (TCP) port 23, but
traffic can be directed to a wide range of TCP ports such as 80, 8080,
etc.),
   Hypertext Transport Protocol (HTTP, port 80),
   Simple Network Management Protocol (SNMP, ports 161/162), and
   Cisco Smart Install (SMI port 4786).

None of those are accessible remotely on a stock OpenWrt firmware.


I chalk it up to good advice from this list several years ago to get the 
Buffalo router and run OpenWRT on it. IIRC, that advice actually came 
from you. :-)


--
Regards,

Dick Steffens

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Dick Steffens 

On 04/24/2018 02:38 PM, Russell Senior wrote:

The NPR story is mostly regurgitated press release from scare mongers.


Not surprising.


The
network infrastructure it looks like they are talking about is in the core
of the internet, big cisco and juniper routers and the like.  If anything,
the NSA noticed because their surveillance tools are already embedded in
those same routers, doing all the things they accuse others of doing.  Most
of the concern about home routers is about botnets, exploiting them for
distributed denial of service attacks in particular.  Good passwords,
limiting inbound access are sensible steps.  The threat from local
attackers is much smaller, because it requires physical presence and
doesn't scale nearly as well (too slow and uses too much gasoline).


Makes sense. We're out far enough that it would have to be someone with 
too much time on their hands.


--
Regards,

Dick Steffens

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Dick Steffens 

On 04/24/2018 02:27 PM, Russell Senior wrote:

Attitude Adjustment is pretty old.  OpenWrt has a pretty good firewall by
default, so remote access should be difficult.  You should take note of
which packages you have installed,


Nothing beyond the default.


backup your settings, and then you could
try installing this, the most recent release version:


http://downloads.openwrt.org/releases/17.01.4/targets/ar71xx/generic/lede-17.01.4-ar71xx-generic-wzr-600dhp-squashfs-sysupgrade.bin

Development is currently converging on a new release (hopefully in the next
month or so, but I'd wait on that).


I'll make a note to check on that next month.

--
Regards,

Dick Steffens

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Dick Steffens 

On 04/24/2018 02:26 PM, Rich Shepard wrote:

Brian Krebs had a blog post on this a while ago. The key thing to do --
unless I'm badly mistaken -- is to change the admin's password from the
factory default. 


That one I knew about when I got the router, and it has a password only 
I know. And it also has a wireless pass phrase that only I and a few 
friends who visited in the past know of. Most of them are 
unsophisticated enough that they probably forgot it, although their WiFi 
enabled devices probably still have it.



If your LAN is on a different class C subnet, change the
router's IP address from the standard 192.168.1.1 to an address on your
subnet.


Not on a different subnet.

  And, while risking the wrath of Russell, limit access to the MAC 
addresses

of your local hosts that will access it via radio.


I hadn't thought of that one. It would be in addition to the pass 
phrase, and that would cover visiting friends who have been here before.


--
Regards,

Dick Steffens


___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Larry Brigman 
The second piece that I saw was to turn off upnp protocol.
Akamai(sp?) has a white paper about it and a list affected routers.

On Tue, Apr 24, 2018, 5:07 PM Ben Koenig  wrote:

> > https://www.opb.org/news/article/npr-sounding-the-alarm-
> > about-a-new-russian-cyber-threat/
> >
> > It recommends following your router manufacturer's guidance on making
> sure
> > the router is secure. It doesn't say specifically what to search for. I
> > have a Buffalo WZR-600DHP running OpenWrt LuCI, Attitude Adjustment
> 12.09.
> > What foo should I use to determine what version of firmware I should be
> > running to be reasonably secure?
> >
>
>
> Dear God. You just linked to an HTTPS website that contains insecure
> content. I examined the source code for that web page, and nearly drowned
> in the tsunami of Javascript that filled my screen.
>
>
> Supposedly, the authenticity of opb.org was verified by a certificate,
> however there are some jpg images being displayed that were retrieved via
> the HTTP protocol.
>
> Looks fishy, does anybody here know who
> opb-imgserve-production.s3-website-us-west-2.amazonaws.com is? There are a
> number of images on that article page that are linked from that domain over
> HTTP. It's not a mistake, since they appear to be inaccessible when making
> the request over https://.
>
>
> http://opb-imgserve-production.s3-website-us-west-2.amazonaws.com/c_limit,g_center,h_480,q_90,w_620/583fb000afffed62434e727397972932.jpg
>
> I'm not exactly sure how "bad" this is, but just to be safe I'm going to
> update my firmware AND stop visiting www.opb.org   :-(
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Ben Koenig 
> https://www.opb.org/news/article/npr-sounding-the-alarm-
> about-a-new-russian-cyber-threat/
>
> It recommends following your router manufacturer's guidance on making sure
> the router is secure. It doesn't say specifically what to search for. I
> have a Buffalo WZR-600DHP running OpenWrt LuCI, Attitude Adjustment 12.09.
> What foo should I use to determine what version of firmware I should be
> running to be reasonably secure?
>


Dear God. You just linked to an HTTPS website that contains insecure
content. I examined the source code for that web page, and nearly drowned
in the tsunami of Javascript that filled my screen.


Supposedly, the authenticity of opb.org was verified by a certificate,
however there are some jpg images being displayed that were retrieved via
the HTTP protocol.

Looks fishy, does anybody here know who
opb-imgserve-production.s3-website-us-west-2.amazonaws.com is? There are a
number of images on that article page that are linked from that domain over
HTTP. It's not a mistake, since they appear to be inaccessible when making
the request over https://.

http://opb-imgserve-production.s3-website-us-west-2.amazonaws.com/c_limit,g_center,h_480,q_90,w_620/583fb000afffed62434e727397972932.jpg

I'm not exactly sure how "bad" this is, but just to be safe I'm going to
update my firmware AND stop visiting www.opb.org   :-(
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Louis Kowolowski 
On Apr 24, 2018, at 4:26 PM, Rich Shepard  wrote:
> 
> On Tue, 24 Apr 2018, Dick Steffens wrote:
> 
>> OPB has an article about router vulnerability.
>> https://www.opb.org/news/article/npr-sounding-the-alarm-about-a-new-russian-cyber-threat/
>> 
>> It recommends following your router manufacturer's guidance on making sure
>> the router is secure. It doesn't say specifically what to search for. I
>> have a Buffalo WZR-600DHP running OpenWrt LuCI, Attitude Adjustment 12.09.
>> What foo should I use to determine what version of firmware I should be
>> running to be reasonably secure?
> 
> Dick,
> 
>  Brian Krebs had a blog post on this a while ago. The key thing to do --
> unless I'm badly mistaken -- is to change the admin's password from the
> factory default. If your LAN is on a different class C subnet, change the
> router's IP address from the standard 192.168.1.1 to an address on your
> subnet.
> 
>  And, while risking the wrath of Russell, limit access to the MAC addresses
> of your local hosts that will access it via radio.
> 
I'd also run by https://www.grc.com/x/ne.dll?bh0bkyd2 
 and make sure it doesn't find anything.

Also, as somebody else suggested, keep your firmware updated. What ever is the 
most recent "stable" train is what you want. I'd suggest making it a quarterly 
check to ensure things stay up to date.

--
Louis Kowolowskilou...@cryptomonkeys.org 

Cryptomonkeys:   http://www.cryptomonkeys.com/ 


Making life more interesting for people since 1977

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Russell Senior 
https://www.us-cert.gov/ncas/alerts/TA18-106A

There is some discussion of SOHO routers but none of the vulnerabilities
mentioned apply to you.  They mention:

  Telnet (typically Transmission Control Protocol (TCP) port 23, but
traffic can be directed to a wide range of TCP ports such as 80, 8080,
etc.),
  Hypertext Transport Protocol (HTTP, port 80),
  Simple Network Management Protocol (SNMP, ports 161/162), and
  Cisco Smart Install (SMI port 4786).

None of those are accessible remotely on a stock OpenWrt firmware.

On Tue, Apr 24, 2018 at 2:38 PM, Russell Senior 
wrote:

> The NPR story is mostly regurgitated press release from scare mongers.
> The network infrastructure it looks like they are talking about is in the
> core of the internet, big cisco and juniper routers and the like.  If
> anything, the NSA noticed because their surveillance tools are already
> embedded in those same routers, doing all the things they accuse others of
> doing.  Most of the concern about home routers is about botnets, exploiting
> them for distributed denial of service attacks in particular.  Good
> passwords, limiting inbound access are sensible steps.  The threat from
> local attackers is much smaller, because it requires physical presence and
> doesn't scale nearly as well (too slow and uses too much gasoline).
>
> On Tue, Apr 24, 2018 at 2:27 PM, Russell Senior  > wrote:
>
>> Attitude Adjustment is pretty old.  OpenWrt has a pretty good firewall by
>> default, so remote access should be difficult.  You should take note of
>> which packages you have installed, backup your settings, and then you could
>> try installing this, the most recent release version:
>>
>>   http://downloads.openwrt.org/releases/17.01.4/targets/ar71xx
>> /generic/lede-17.01.4-ar71xx-generic-wzr-600dhp-squashfs-sysupgrade.bin
>>
>> Development is currently converging on a new release (hopefully in the
>> next month or so, but I'd wait on that).
>>
>> On Tue, Apr 24, 2018 at 2:12 PM, Dick Steffens 
>> wrote:
>>
>>> OPB has an article about router vulnerability.
>>>
>>> https://www.opb.org/news/article/npr-sounding-the-alarm-abou
>>> t-a-new-russian-cyber-threat/
>>>
>>> It recommends following your router manufacturer's guidance on making
>>> sure the router is secure. It doesn't say specifically what to search for.
>>> I have a Buffalo WZR-600DHP running OpenWrt LuCI, Attitude Adjustment
>>> 12.09. What foo should I use to determine what version of firmware I should
>>> be running to be reasonably secure?
>>>
>>> --
>>> Regards,
>>>
>>> Dick Steffens
>>>
>>> ___
>>> PLUG mailing list
>>> PLUG@pdxlinux.org
>>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>>
>>
>>
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Russell Senior 
The NPR story is mostly regurgitated press release from scare mongers.  The
network infrastructure it looks like they are talking about is in the core
of the internet, big cisco and juniper routers and the like.  If anything,
the NSA noticed because their surveillance tools are already embedded in
those same routers, doing all the things they accuse others of doing.  Most
of the concern about home routers is about botnets, exploiting them for
distributed denial of service attacks in particular.  Good passwords,
limiting inbound access are sensible steps.  The threat from local
attackers is much smaller, because it requires physical presence and
doesn't scale nearly as well (too slow and uses too much gasoline).

On Tue, Apr 24, 2018 at 2:27 PM, Russell Senior 
wrote:

> Attitude Adjustment is pretty old.  OpenWrt has a pretty good firewall by
> default, so remote access should be difficult.  You should take note of
> which packages you have installed, backup your settings, and then you could
> try installing this, the most recent release version:
>
>   http://downloads.openwrt.org/releases/17.01.4/targets/
> ar71xx/generic/lede-17.01.4-ar71xx-generic-wzr-600dhp-
> squashfs-sysupgrade.bin
>
> Development is currently converging on a new release (hopefully in the
> next month or so, but I'd wait on that).
>
> On Tue, Apr 24, 2018 at 2:12 PM, Dick Steffens 
> wrote:
>
>> OPB has an article about router vulnerability.
>>
>> https://www.opb.org/news/article/npr-sounding-the-alarm-abou
>> t-a-new-russian-cyber-threat/
>>
>> It recommends following your router manufacturer's guidance on making
>> sure the router is secure. It doesn't say specifically what to search for.
>> I have a Buffalo WZR-600DHP running OpenWrt LuCI, Attitude Adjustment
>> 12.09. What foo should I use to determine what version of firmware I should
>> be running to be reasonably secure?
>>
>> --
>> Regards,
>>
>> Dick Steffens
>>
>> ___
>> PLUG mailing list
>> PLUG@pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>
>
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Russell Senior 
Attitude Adjustment is pretty old.  OpenWrt has a pretty good firewall by
default, so remote access should be difficult.  You should take note of
which packages you have installed, backup your settings, and then you could
try installing this, the most recent release version:


http://downloads.openwrt.org/releases/17.01.4/targets/ar71xx/generic/lede-17.01.4-ar71xx-generic-wzr-600dhp-squashfs-sysupgrade.bin

Development is currently converging on a new release (hopefully in the next
month or so, but I'd wait on that).

On Tue, Apr 24, 2018 at 2:12 PM, Dick Steffens 
wrote:

> OPB has an article about router vulnerability.
>
> https://www.opb.org/news/article/npr-sounding-the-alarm-
> about-a-new-russian-cyber-threat/
>
> It recommends following your router manufacturer's guidance on making sure
> the router is secure. It doesn't say specifically what to search for. I
> have a Buffalo WZR-600DHP running OpenWrt LuCI, Attitude Adjustment 12.09.
> What foo should I use to determine what version of firmware I should be
> running to be reasonably secure?
>
> --
> Regards,
>
> Dick Steffens
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to confirm my router is safe

2018-04-24 Thread Rich Shepard 

On Tue, 24 Apr 2018, Dick Steffens wrote:


OPB has an article about router vulnerability.
https://www.opb.org/news/article/npr-sounding-the-alarm-about-a-new-russian-cyber-threat/

It recommends following your router manufacturer's guidance on making sure
the router is secure. It doesn't say specifically what to search for. I
have a Buffalo WZR-600DHP running OpenWrt LuCI, Attitude Adjustment 12.09.
What foo should I use to determine what version of firmware I should be
running to be reasonably secure?


Dick,

  Brian Krebs had a blog post on this a while ago. The key thing to do --
unless I'm badly mistaken -- is to change the admin's password from the
factory default. If your LAN is on a different class C subnet, change the
router's IP address from the standard 192.168.1.1 to an address on your
subnet.

  And, while risking the wrath of Russell, limit access to the MAC addresses
of your local hosts that will access it via radio.

HTH,

Rich
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug