Tag Archives: Router

Apple totally fixes serious flaw in AirPort wireless routers

Apple has released firmware updates for its AirPort wireless base stations in order to fix a vulnerability that could put the devices at risk of hacking.

According to Apple security, the flaw is a memory corruption issue stemming from DNS (Domain Name System) data parsing that could lead to arbitrary code execution.

The AirPort Utility 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS can be used to install the new firmware versions on AirPort devices, the company said in an advisory.

As is typical for Apple security announcements, the company did not release details about possible exploitation scenarios and did not assign a severity rating for the flaw. However “arbitrary code execution,” especially through a remote vector like DNS, is as bad as it can possibly get for a vulnerability.

What is not clear is whether the data parsing issue is in the DNS server or DNS client functionality.

A router like AirPort can serve as a local DNS resolver for devices on a network. This means that it receives DNS queries from computers and passes those queries upstream through the global Internet DNS chain.

The company released firmware updates 7.6.7 and 7.7.7 for AirPort Express, AirPort Extreme and AirPort Time Capsule base stations with 802.11n Wi-Fi, as well as AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Wi-Fi.

 

On the other hand, routers also act like DNS clients, asking other DNS servers on the Internet to resolve host names.

 

Another unknown is the privilege with which attackers would execute malicious code if this flaw is successfully exploited. If the code is executed under the root account, it could lead to a full device compromise.

By controlling an AirPort device, attackers could launch various attacks against local network computers. They could hijack search queries, insert rogue ads into Web pages and even direct users to malicious websites when they try to access legitimate ones.

If the error is in the parsing of queries received from LAN computers, it would limit the attack to the local network. Whereas, if the flaw is in the parsing of DNS responses, it could be exploited remotely.

When a DNS client asks a server to resolve a domain name, the query is eventually passed to one of the Internet’s 13 so-called root DNS servers — in reality clusters of servers. Those servers indicate the authoritative DNS server for the queried domain name and it’s that authoritative server that replies with the requested information.

Attackers could register rogue domain names and configure the authoritative DNS server for them to respond with specifically crafted data that would exploit the flaw. They would then have to trick a computer from behind an AirPort router to send a DNS query for one of their domain names, for example by tricking a user to click on a link.

Giving the potentially serious impact of this vulnerability and the fact that DNS is a critical service that can’t be easily disabled, users are advised to install the updated firmware as soon as possible.

Flaws Shows Cisco small-business routers, firewalls to hacking

Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices.

The vulnerability is located in the Web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router.

While exploiting the buffer overflows requires attackers to have an authenticated session in the device’s Web-based interface, the XSS flaw can be triggered by tricking authenticated users to click on specifically crafted URLs.

“A successful exploit could allow the attacker to execute arbitrary script in the context of the web-based management interface for the device or allow the attacker to access sensitive browser-based information,” Cisco said in an advisory.

Cisco Systems warned about the vulnerability in a security advisory Wednesday, but no patches are yet available. The company plans to release firmware updates that will address this flaw on affected models sometime in the third quarter of 2016.

The XSS flaw makes it difficult for users to find a mitigation strategy in the absence of patches, because it can be combined with the other vulnerabilities. For example, if users disable external management in their devices in order to protect them from the critical vulnerability, the devices will still be exposed through the cross-site scripting flaw.

It can be easily exploited if the affected devices are configured for remote management since attackers only need to send an unauthenticated HTTP request with custom user data. This will result in remote code execution as root, the highest privileged account on the system, and can lead to a complete compromise.

Worse yet, this is not the only unpatched vulnerability that exists in these three Cisco devices. The company also warned of a medium-severity, cross-site scripting (XSS) flaw and two medium-risk buffer overflows that could result in denial-of-service conditions.

 

Free network software will radically change how routing works

Radical new ideas are hitting network technology these days.

On Tuesday, one new startup promised to make switches fully programmable. Another, routing software company 128 Technology, said it would fix the Internet.

What 128 is proposing is a fundamentally different approach to routing, one that the company says will make networking simpler and more secure.

 

INSIDER: 5 tricks to improve poor TCP performance

As the Internet gets fragmented among private networks, it’s getting harder for companies to deliver applications and services to their customers, he said.

The Internet was designed just to send packets from a source to a destination, but it’s evolved into a platform for delivering content and services among large, private networks. These complex tasks call for capabilities beyond basic routing, like security and knowing about the state of a session, said Andy Ory, 128’s CEO. He was the founder of Acme Packet, a session border controller company Oracle acquired swisss replica watchesin 2013. His new company is named after Route 128, the famed Massachusetts tech corridor where its headquarters is located.

“The network itself does not participate in security,” he said. “A session-aware routed network could participate in security.”

Rather than try to replace all the routers on the Internet, 128 will introduce Linux-based routing software that can run on any server. These virtual routers will be able to create deterministic paths between them while coexisting with conventional routers.

It would take a broad ecosystem to roll out a change as big as this across the Internet, so 128 plans to submit its technology to standards bodies. But there are ways to use it that don’t require the whole Internet to play along: For example, a carrier could use the routers within its own network, or an enterprise could implement them within a data center.

Conventional routers aren’t really equipped for those tasks, he said. So network engineers have added load balancers, firewalls, tunnels, MPLS (multiprotocol label switching), deep packet inspection and other components to augment routers. The complexity is starting to catch up with us, Ory said. “It worked for 20 years. But we’ve reached a point where it just doesn’t work anymore.”

The solution, according to 128, is deterministic routing that can select, manage and enforce a path across the Internet. This would ensure traffic moves safely and with the right level of service between, say, a corporate LAN and Microsoft’s Office 365 cloud. That could help solve a lot of the problems network users face, including things like espionage and identity theft, Ory said.

 

The company’s business model will be as unconventional as its approach to routing: It won’t sell hardware and its software will be free. To make money, 128 will sell licenses to use the software based on the amount of data the customer sends through the virtual routers.

The software is commercially available now and in trials with customers. The company expects it to be processing live traffic later this year.

FCC emphasizes that users of authorized wireless gear must obey rules

Just because your wireless equipment is authorized for use by the FCC doesn’t mean you can do whatever the heck you please with it, according to an enforcement advisory issued by the commission just before the long weekend (see the entire warning below).

“Authorized equipment must be used in a manner that complies with federal law and the Commission’s rules,” reads the advisory, in part.

Other examples include using broadcast transmitters to run pirate radio stations and using authorized wireless routers on unauthorized channels at disallowed power levels.

One longtime wireless industry expert, who asked not to be named, says www.gina-shop.com“the examples they give, along with some recent enforcement activities, say it all.  They keep running across people and organizations who are using legitimate functions of wireless devices in ways that are inconsistent with the regs.  Said people and organizations then try to make the claim that if the function works at all, it must be consistent with the regs.”

In other words, the expert says, the Enforcement Bureau is “telling people, in polite terms, ‘Ignorance is no excuse for breaking the law, so understand the regulations and don’t violate them.'”

 

In fining big hospitality outfits like Marriott and others tens or even hundreds of thousands of dollars for wrongdoing, the FCC has shown it isn’t messing around. It encourages those who suspect equipment is being misused to make note of it at the FCC’s new Consumer Complaint Data Center.

While the advisory might appear to be stating the obvious, an FCC spokesman elaborates that “the FCC’s Enforcement Bureau is taking proactive measures to decrease the number of complaints about the use of authorized equipment in a manner that is not compliant with their authorizations.  Reducing complaint volume helps us handle those that do come in in a timely manner. The issue is an ongoing, steady problem.”

One example of such rule-breaking is Wi-Fi hotspot blocking, in which organizations interfere with others’ rights to use shared spectrum, often in the name of security. As we documented in a Network World report earlier this year based on a Freedom of Information Act request for complaints filed about Wi-Fi blocking, the public continues to find fault with hotels, casinos and other organizations on this front.

 

FCC Enforcement Advisory

15 best 802.11ac wireless routers 2016 UK

Best 802.11ac wireless routers 2016 UK: Why an 11ac router is a good idea

One way the latest wireless version been optimised is by using multiple aerials, as we’ve already seen with 11n Wi-Fi. But 11ac raises the speed here through more efficient modulation, to a maximum of 433Mb/s per stream. Compare this with 150Mb/s for 11n on the 5GHz radio band. So in a three-stream setup, as we find with all the 11ac routers reviewed here, the total theoretical peak wireless sync speed is 1300Mb/s.

802.11ac is better than every version of Wi-Fi before it. The principle benefits of 11ac are increased throughput and longer range. In other words, data can be sent much quicker, and you’re more likely to maintain a usefully fast connection when you’re further away – even several rooms or floors removed from your wireless router. See all Wi-Fi and networking reviews.

 

Expanding on a technique actively in use with 11n wireless on the 5GHz band, two wireless channels can be bonded together to increase data capacity. The current draft of 11ac allows channels 80MHz wide (already four times that of 2.4GHz Wi-Fi); but there’s talk of expanding this to 160MHz-wide channels in the future.

Another trick used to good effect is beamforming, a way to aim radio energy more directionally from router to laptop. This is achieved through a phased-array technique, where signals from one aerial are fractionally delayed compared to another, to create areas of constructive interference in the direction required.

Best 802.11ac wireless routers 2016 UK: What to look for

For best results, look for an 11ac wireless router with at least three aerials – although, in some cases, these will be mounted discreetly inside, so check the specs or our expert reviews to be sure what you’re getting.

You can safely ignore claims of 600Mb/s speed for 11n Wi-Fi on the 2.4GHz band – even though all the brands represented here except Apple are doing just that. It’s the bogus ‘600’ number that’s currently inspiring router brands to print AC1900 on the boxes, the sum of 600 and 1300 from two independent radio systems.

The top theoretical Wi-Fi speed in the 2.4GHz spectrum is 450Mb/s; but with encouragement from chipset impresario Broadcom, router makers are marketing a speed breakthrough based on a proprietary and non-standard technique.

Unique to Broadcom, and outside of the IEEE 802.11 standard, they have cooked the books to use 256-QAM technology from 11ac on the older 11n connections, promoted by Broadcom as ‘TurboQAM’. Without going into the unavailability of the necessary 40MHz channels, suffice to say there are no laptops or mobile devices which can join this particular wireless network. It’s worth noting that in the real world, the best theoretical wireless sync speed on the 2.4GHz band using three streams is 217Mb/s. This can give a best-case real-world throughput closer to 170Mb/s.

For the router’s hardware design, you may prefer something that looks less like GCHQ’s Bude listening station, and more like something you’d want in your lounge. Our extensive lab testing suggests that internally mounted antennas can be just as effective as routers that rock the stealth bomber look.

With many homes still finding a need for wired ethernet connections, it makes sense to have a good number of ethernet LAN ports. These are all, thankfully, at least gigabit spec nowadays, and four ports seems to be standard issue, with the exception of the Apple AirPort range which settles for just three. Even a limited array can be easily and cheaply extended though with a gigabit switch at any time, although that creates more wires and boxes and wallwarts to hide. Some brands are now touting ‘smart routers’, which can allow access to the router’s setup admin interface by people outside of your home network. Given the number of security vulnerabilities already included in most domestic routers (see tinyurl.com/qzsn4st), we would not encourage additional ways to compromise your home than is necessary. In our experience with Linksys, for example, this ‘smart’ technology actually blocked our initial setup of the router until we’d created an online account with the maker just to access the router.

Above all, a home router needs stability and security, as it’s the gateway to every wired and Wi-Fi-connected device you use at home. These are harder to gauge before you install and use the product, but it’s worth checking online forums for reported issues, and looking at the history of the manufacturer for timely patches and security updates.

Bear in mind that none of these routers here have built-in ADSL modems, so they are best suited to those with cable broadband. Otherwise, you’ll need to buy a separate ADSL modem that plugs into the router’s WAN port.

Best 802.11ac wireless routers 2016 UK

15. Netgear D6400 AC1600

Netgear D6400 AC1600

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 8 September 15
  • RRP: £124.99 inc VAT

With both reasonable performance and pricing, the D6400 certainly isn’t a router for speed freaks who expect to be transferring hundreds of gigabytes of files across to a NAS wirelessly on a regular basis, but it works well as a relatively affordable entry-level 802.11ac DSL router.

14. TrendNet TEW-818DRU

TrendNet TEW-818DRU

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 23 June 14
  • RRP: £120 inc VAT

The Trendnet TEW-818DRU looks better on paper than we experienced in practice. Thanks to its 3×3 MIMO configuration, its short-range performance is up there with some of the fastest 802.11ac routers, but it was less impressive at long range. The software has all the necessary functions buried within it, but it’s simply not as good as the interface found on more familiar models from Linksys, Asus and others. Its USB function didn’t work well, the software is rather basic. While some of the premium models cost over £150, the price of the TEW-818DRU is not that far behind. We’d suggest spending a little more for a router that manages consistently good results, such as the Asus RT-AC68U.

13. BT Home Hub 5

BT Home Hub 5

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 18 September 15
  • RRP: £45 inc VAT

The Home Hub 5 may look almost identical to the previous model (it’s still compact and stylish) but a number of features make this a good upgrade for BT Broadband customers. It’s one of the cheapest 11ac routers we’ve seen and it comes with performance to match its value and good features.

12. TalkTalk Super Router (2015)

TalkTalk Super Router (2015)

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 21 September 15
  • RRP: £79.99 inc VAT

TalkTalk claim its router is an improvement over BT’s Home Hub 5, and that much is true: we did see a slight improvement from our results. However, the bottom line regardless of who supplies your broadband, is that you’re better off upgrading to a router such as the AVM Fritz!box than paying to upgrade to the latest Super Router or Home Hub. But, if you’re given the Super Router for free with your broadband package, it’s not so bad that you need to ditch it and spend £130 on a Fritz!Box.

11. Linksys XAC1900

Linksys XAC1900

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 4 September 15
  • RRP: £175 inc VAT

Think carefully before buying the Linksys XAC1900. It’s a great performer, and the software is really good, but it lacks VDSL support yet still costs more than other routers.

10. Linksys EA6900

Linksys EA6900

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 15 August 14
  • RRP: £190 inc. VAT

The Linksys EA6900 is a relatively competent draft-11ac router performance as good or better than its much dearer sister product, the Linksys WRT1900AC. It offers cloud access if you don’t object to Belkin’s current terms of use, and an attractive modern interface with which to configure the unit even if you use it without the Smart Wi-Fi cloud service.

9. AVM FRITZ!Box 7490

AVM FRITZ!Box 7490

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 1 April 14
  • RRP: £245 inc VAT

The FRITZ!Box 7490 is a hugely flexible and fast router. It provides a host of features that are easy to use. It’s expensive but in value-for-moeny terms this device could be a bargain at £245 for a business or power users that needs all its telephony functions too. If you only require good 802.11ac coverage without the bells and whistles there are cheaper options.

8. TP-Link Archer C7

TP-Link Archer C7

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 21 October 13
  • RRP: £101

Respectable wireless performance and full list of features makes the Archer C7 a truly worthy purchase, especially if you don’t want to spend too much to try 802.11ac for yourself.

7. D-Link DIR-880L

D-Link DIR-880L

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 18 August 14
  • RRP: £173 inc. VAT

The D-Link DIR-880L is an easy-to-configure wireless router with enough advanced features to also keep some power users happy. Its nearby wireless performance with 11ac was the best on test, and it also worked well at range, approaching one-third of 11ac’s rated three-stream speed in the 10 m test. The DIR-880L’s official price is £173 but at the £130 some shops are selling it, it earns a recommendation.

6. Asus RT-AC68U

Asus RT-AC68U

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 18 October 13
  • RRP: £189.99 inc VAT

With record-breaking 802.11ac results, along with the all-round quality of the RT-AC68U and advanced setup options, Asus deserves recommendation for power users. Although we wouldn’t buy an Asus router just for the AiCloud feature, it’s far from useless, and another string to the bow of the RT-AC68U, which is an all-round excellent networking product.

5. Asus DSL-AC68U

Asus DSL-AC68U

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 3 September 15
  • RRP: £129.99 inc VAT

The Asus DSL-AC68U is a great 802.11ac modem router, with excellent software and decent performance at a reasonable price.

4. TP-Link Archer VR900

TP-Link Archer VR900

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 21 September 15
  • RRP: £139.99 inc VAT

Since the software is good and the performance is truly excellent, we wouldn’t hesitate to recommend the Archer VR900. TP-Link has come a long way in a short time.

3. AVM Fritz!Box 3490

AVM Fritz!Box 3490

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 23 September 15
  • RRP: £135 inc VAT

Put it all together and the AVM Fritz!Box 3490 is a very strong offering. Great performance, great software, a good range of features and plenty of room for expansion with external storage. A winning combination.

2. Netgear Nighthawk R7000

Netgear Nighthawk R7000

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 12 August 14
  • RRP: £165 inc. VAT

Netgear was one of the first companies to launch a draft 802.11ac wireless router in 2012, with the well-regarded R6300. Almost two years later, the fledgling Wi-Fi technology has only inched along but Netgear’s statement in noir seems to make good use of available components from its Broadcom supplier. Faster routers are available for 802.11n, but from every 802.11ac wireless router we’ve tested to date, the Netgear sets the benchmark of what is currently possible with the draft technology.

1. Apple AirPort Extreme 802.11ac

Apple AirPort Extreme 802.11ac

  • Rating: ratingsratingsratingsratingsratings
  • Reviewed on: 13 August 14
  • RRP: £169 inc. VAT

The AirPort Extreme is superbly built from the outside and meticulously engineered on the inside, a solid-feeling piece of wireless router hardware that has the least router-like appearance of any such appliance. It lacks some of the more arcane setup options found in other flagship designs, trading these for simpler and more accessible options for the wider audience of non-network specialists. Its performance on 11n in particular is outstanding even if its 11ac speed was behind the current leaders of the pack. If you have a Mac or even just iPhone or iPad, it’s a doddle to set up and use, and is well supported with essential firmware and software updates.