Need Advice on Routers

Lisa Kachold lisakachold at obnosis.com
Mon Apr 27 12:45:58 MST 2009 

Hi Mark,

As a technical professional, I have weighed the benefits and costs of SOHO
"routers" against what can be expected in production equipment.

I find that the stability, functions and maintenance of most of these
LinkSys and Netgear devices are not worth the cost; generally they must be
tinkered with extensively, rebuilt and upgraded to even partially work.

I have had a couple of Netgear and LinkSys firewalls, including VPN so
called "Small Business" firewalls.  I have built my own firmware, added
second party firmware, WRT and studied extensively the image and
configuration when the devices fail.  I find there are extensive security
issues inherent in most of these devices that allow them to fail over under
distributed packet assault and allow one of three things to happen:  remote
access, firmware upgrade or management via http on wan side.  NOTE: I have
not evaluated dlink or other manufactures offerings.

Here's an at a glance comparison of home broadband "routers":
http://compnetworking.about.com/od/broadband/tp/dslcablerouters.htm

While I strongly liked OpenWRT, because I essentially had a sweet little
linux system, I did not find that the security features were robust enough;
no IDS function was available for real time packet inspection (like in a
ProSafe LinkSys Business Router); no VLAN or IPS features.  Configuring the
firewall, while easy for me might not have been so easy for another since
extensive inbound and outbound rules needed to be set via IPTABLES.  And
when I was done, the OpenWRT ssh and distributed networking STILL was not
able to withstand a distributed DoS with low level fuzzing attack - again
falling over and allowing escalated privs.

With that said, I strongly suggest that you completely sidestep "home"
versions and look at small business products.

Cisco has some new offerings that should perform better and include some
suite functions:
http://www.infoworld.com/d/storage/cisco-delivers-security-storage-uc-small-business-624

Also, you do realize you can just get yourself a used Cisco 877 ADSL or ASA
5500 (do you already have an ADSL modem too) and have a VPN via Cisco VPN
client that works with Linux well:

http://www.pcmall.com/pcmall/shop/detail.asp?dpno=562971&Redir=1&description=Cisco-877%20ADSL%20Security%20Router%20Wireless%20802.11g%20FCC%20compliant%20+%204-port%20Switch-WAN%20Routers,%20Gateways,%20etc
.



On Mon, Apr 27, 2009 at 11:09 AM, Mark Phillips
<mark at phillipsmarketing.biz>wrote:

> I have a Linksys BFSX41 10/100 Cable Firewall Router with 4 Port Switch and
> VPN Endpoint that seems to be going through a slow death. I have a cable
> modem (Cox) on one side and a 100 MB LAN on the other side. If I plug the
> cable from the cable modem directly into my computer, I get the advertised
> "blazing fast speed." If I go through the router, my blazing fast speed
> drops to very slow - i.e. pages that load in a blink of an eye now take 10s
> of seconds to load. It seems to have something to do with heat - if I leave
> the router off for an hour, and then reconnect it, I get blazing speed for
> awhile, then it slows down.
>
> I am looking for suggestions for a replacement router. I never could get
> the VPN part of this router to work with Linux, and I would like to be able
> to get to my network from outside through a VPN. So that is important. Other
> than that, I just need 100 BaseT network speed and at least 4 ports - more
> would be better. I have a separate Linksys wireless access point/hub that I
> turn on when I need to be mobile, so I don't need more wireless gear. I have
> to admit, I leave the router on all the time, so it needs to be sturdy! The
> exact same router on Newegg costs $69, so my price point is under $100.
>
> Thanks!
>
> Mark
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
www.obnosis.com (503)754-4452
"Contradictions do not exist." A. Rand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090427/41031b71/attachment.htm

More information about the PLUG-discuss mailing list