XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Thu Jan 18, 2018 9:49 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 58 posts ]  Go to page Previous  1, 2, 3
Author Message
PostPosted: Sun Jan 07, 2018 3:42 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9699
Location: Caught between the moon and NYC
That picture is https://lede-project.org/_media/media/e ... outer1.png - a generic router graphic.


Top
 Profile  
 
PostPosted: Sun Jan 07, 2018 7:36 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:07 pm
Posts: 2454
Location: Inside Flatus Maximus
db5owat wrote:
I've decided to send back the Archer C7 and purchase the C2600 if for no other reason than the C2600 is actually cheaper in the weekend sale. The C7 is still within the return period. Perhaps I will see no difference...I guess I really won't know until I try it out. My children are the ones complaining about the C7 saying that it performed worse than the linksyswrt160n that it replaced. I do think it is entirely likely that the lack in performance that they subjectively experienced was related to the fact that it was the Holidays with guests in the house, and we often had many more devices vying for signal than what was the norm. Probably between 10 and 15 TV's, pads, pods,phones and tablets.


It probably performed worse because of the huge influx in wireless clients. As I said, slower CPU = fewer packets per second, and when spreading those packets amongst that many connections, you get issues like that. Also, unless you're actually saturating your connection to the ISP, turn off QoS. It slows things down dramatically under non-saturation circumstances. It's only useful when you saturate the connection, thus leaving no room for new packets to get through cleanly. And if your speed tier is >75 Mbit/sec, QoS must remain off otherwise you'll drop to about 60 Mbit/sec. Software QoS eats a ton of CPU (and the C7 had a shit CPU to begin with). For high speed internet ≥75 Mbit/sec, if you actually need QoS, you need an enterprise router with hardware QoS.

_________________
Official Mac Tech Support Forum Cookie™ (Mint Chocolate Chip)
Guaranteed tasty; Potentially volatile when dipped in WWIII Forum Syrup®
Caution: This cookie bites back.


Top
 Profile  
 
PostPosted: Tue Jan 09, 2018 12:21 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1105
Location: Burblandia
Just to kick this can down the road a bit further...

Assuming at this point that I don't care much about additional tweaks and features LEDE firmware might add relative to the stock factory firmware of the Archer C2600; how likely is it that LEDE firmware will improve any of the following...?

Speed
Security
Range
Connectivity
Reliability

I might experiment with LEDE on my old Lynksys160WRTn if using LEDE in my new router improves any of the above.


Top
 Profile  
 
PostPosted: Tue Jan 09, 2018 2:42 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9699
Location: Caught between the moon and NYC
For the most part you run third party firmware because you don't like something about the OEM firmware. Lets say you have to reboot the router every week because otherwise it slows down or has connection issues. That can (sometimes) be fixed by running a third party firmware. Other times you want a feature that the OEM doesn't support, and the only way to get it is to run a third party firmware. I've installed a DNS-based blocking feature on my router (https://www.ab-solution.info/) that I use to not just block content the feature supports "out of the box" but custom entries as well. Because the blocking is occurring in the router itself, all connected devices are protected.


Top
 Profile  
 
PostPosted: Thu Jan 11, 2018 8:47 am 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1105
Location: Burblandia
MonkeyBoy wrote:
For the most part you run third party firmware because you don't like something about the OEM firmware. Lets say you have to reboot the router every week because otherwise it slows down or has connection issues. That can (sometimes) be fixed by running a third party firmware. Other times you want a feature that the OEM doesn't support, and the only way to get it is to run a third party firmware. I've installed a DNS-based blocking feature on my router (https://www.ab-solution.info/) that I use to not just block content the feature supports "out of the box" but custom entries as well. Because the blocking is occurring in the router itself, all connected devices are protected.

One 'feature' that seems to be a critical one is a patch to the KRACK exploit you pointed out. I can NOT get any real assurance that my router has a firmware patch. Maybe it will be patched in the future but who knows what other issues will arise in the future. I like the philosophical position the open source firmware initiative (specifically LEDE in my case) takes on keeping firmware patched to meet current vulnerabilities. That is the main reason I am considering LEDE on my ac2600 when I get it. I guess any other performance improvements that it may provide would be icing on the cake. From everything I've read in the past several days, updating the firmware for the ac2600 using factory.bin image from LEDE is a fairly straight forward process and only opens you up to the same kind of potential issues that any firmware update process does. The LUci interface is very bland but I don't care a bit about that. The package availability is also something that intrigues me and may become something of interest as I learn more. Adblocking at the router level as you suggest is a good example. I can only guess that something similar to the ab-solution you linked to might exist for LEDE users. Just another reason to consider.
The only thing I have not gotten any good info on is going back to the stock TP Link firmware in case of some catastrophic failure. I always like to consider those possibilities before taking a leap of faith.


Top
 Profile  
 
PostPosted: Thu Jan 11, 2018 2:07 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9699
Location: Caught between the moon and NYC
KRACK is almost entirely a client-based vulnerability. Clients need to be updated. Unless you're dealing with enterprise equipment you likely don't have the components that can be exploited router-side. If the router is running in client mode, meaning the router itself connects to a WiFi network (e.g. stealing neighbor's WiFi), then it likely doesn't need to be patched (some routers don't support client mode).


Top
 Profile  
 
PostPosted: Thu Jan 11, 2018 2:59 pm 
Offline

Joined: Thu May 15, 2008 8:21 pm
Posts: 1105
Location: Burblandia
MonkeyBoy wrote:
KRACK is almost entirely a client-based vulnerability. Clients need to be updated. Unless you're dealing with enterprise equipment you likely don't have the components that can be exploited router-side. If the router is running in client mode, meaning the router itself connects to a WiFi network (e.g. stealing neighbor's WiFi), then it likely doesn't need to be patched (some routers don't support client mode).

That is very informative! I would characterize my network as very basic. Cable from Comcast comes into house - plugged into Motorolla MB8600 modem - Router hard wired between desktop and Modem....Other devices on my network connect wirelessly with WPA2 and strong password. I do unfortunately have 2 iphone 4s model (wife and myself) that are apparently vulnerable and will never be patched. The cost of a new iphone is out of the question. Maybe a cheap Android replacement will be in the works at some point over the next year.

Thanks for the continued conversation MonkeyBoy!


Top
 Profile  
 
PostPosted: Thu Jan 11, 2018 6:30 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9699
Location: Caught between the moon and NYC
Be careful with the (really) cheap Android replacements, they typically run an old Android that isn't patched. I see a lot of "new" phones running KitKat (Android 4.4). Oreo (Android 8.0) is current, but most "new" phones are running Nougat because Oreo is really, really new at this point.

Now Android 4.4 or any older OS theoretically isn't bad if they're pushing security patches out to it. However most cellular vendors stop pushing patches out to phone roughly a year after they release a phone, so those KitKat phones stopped getting updates years ago - yet they're still selling them. Bad. Very bad. Class action lawsuit bad.

At this point I honestly can't see myself doing anything except buying unlocked phones on my own from here on out because I simply don't trust cellular companies to do the responsible thing. Unfortunately that kind of limits me to not-so-cheap phones in the $200 range, and I have to dig a little to verify compatibility with whatever cellular company I want to get service with.

Quote:
If As long as the router is isn't running in client mode, meaning the router itself connects to a WiFi network (e.g. stealing neighbor's WiFi), then it likely doesn't need to be patched (some routers don't support client mode).

Gah.

One of the "enterprise" features I mentioned is WPA2/GCMP, which is a "turbocharged" version of WPA2/CCMP (AKA WPA2/AES). So long as your router is simply using WPA2/AES you're fine. GCMP was introduced sometime around 802.11ac because zomg CCMP isn't fast enough for 802.11ac and, of course, GCMP is just a big security flaw. Impatience with security leads to mistakes in security, who would have thunkit.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 58 posts ]  Go to page Previous  1, 2, 3

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group