Is upgrading router firmware hard to do?

Discussion in 'Wireless Internet' started by Irwell, Jun 15, 2013.

  1. Irwell

    Irwell Guest

    I have a cisco RE1000, I see there is a Firmware upgrade,
    it seems to be a tedious procedure, any thoughts on this
    appreciated.
     
    Irwell, Jun 15, 2013
    #1
    1. Advertisements

  2. Irwell

    Warren Oates Guest

    Usually you just push the "upgrade" button, and point the thing at the
    file you've downloaded. Make a backup of your settings first, then load
    them back in after the upgrade (if necessary).

    DON'T DO IT OVER WIRELESS. I repeat: DON'T DO IT OVER WIFI.
     
    Warren Oates, Jun 15, 2013
    #2
    1. Advertisements

  3. Irwell

    Bob L Guest


    If it ain't broke...........don't fixit !
     
    Bob L, Jun 16, 2013
    #3
  4. Irwell

    Warren Oates Guest

    Can't argue with that, in general. Unless there's some security fix or
    some added feature that you want, you might as well stay with the
    firmware that's been chugging away on your router.

    On the other hand, I use Arch Linux, where updated software is a tenet
    of the cult ...
     
    Warren Oates, Jun 16, 2013
    #4
  5. Irwell

    Irwell Guest

    Most Firmware Updates for digital cameras are useful, hence my
    question re the router, anyway the Cisco router update seems to have
    installed the latest firmware along with it, does not seemed to
    have made any difference.
     
    Irwell, Jun 17, 2013
    #5
  6. Irwell

    miso Guest

    There was a UPNP bug in a lot of firmware. Some even kept it enables
    when the software was set to disable it. This could possibly be the
    source of the firmware update.

    https://www.grc.com
    has an explanation and a test.
     
    miso, Jun 18, 2013
    #6
  7. Yeah, there was the UPnP problem. However, I think your description
    more correctly fits the WPS problem.
    <http://www.ciscopress.com/articles/article.asp?p=1847302>

    Incidentally, the Cisco/Linksys/Belkin RE1000 is a range extender,
    repeater, or jammer depending on your point of view. I subscribe to
    the latter description, and find such repeaters to be an abomination
    and plague upon the LANscape. Rather than upgrading the firmware, I
    suggest that it be placed on the barbeque for a ritual immolation, so
    that other wireless devices can operate without disturbance or
    jamming.
     
    Jeff Liebermann, Jun 18, 2013
    #7
  8. Irwell

    Irwell Guest

    I mis-typed the Model Number = it is E1000, a router, not the RE1000
    extender.
     
    Irwell, Jun 18, 2013
    #8
  9. Irwell

    miso Guest

    No, the problem I described is the UPNP. Basically the warning went out
    twice. Once to just turn it off, then after Steve Gibson wrote his
    verification webpage, it was found that the firmware in some routers was
    so defective that UPNP was on even if turned off!

    A lot of routers didn't even fix the WPS problem. You didn't have to set
    the password that way, so there were other alternatives without a
    firmware change.

    One of those IP poking websites has the stats on how many routers are in
    the wild with the UPNP problem. It is the kind of problem you measure
    with a 'bot.

    After going dd-wrt, I don't look back. These damn router companies have
    no incentive to fix their old routers when it is much more profitable to
    sell you a new one. I published my story about the damn GPL violation
    that left an expensive Linksys router with buggy firmware. Hell with
    getting updated firmware, the lawsuit left me with a router where I
    could even get the original firmware if I wanted it.

    I understand that businesses need all the fancy management that Cisco
    can provide, but hell if I buy another Cisco router after they screwed me.

    You have to wrap the link to use it. cisco-settles-fsf-gpl-lawsuit-appoints-compliance-officer/

    I totally get Cisco paying money blah blah blah, what I don't get is
    Cisco never updating the code on those routers after they lost the
    lawsuit. That just screws the customers, not Cisco.

    Water under the bridge. The Bufallo kick arse and never needs a boot.
     
    miso, Jun 18, 2013
    #9
  10. Irwell

    Char Jackson Guest

    I don't know much about the UPNP bug, but your description fits the WPS bug
    to a T. First, people were warned to turn it off, but later it was revealed
    that in some cases turning it off actually left it turned on (and vulnerable
    to attack).
    On some routers, being unable to turn off WPS means that the vulnerability
    is there regardless of its apparent on-off status. It's not about having
    other ways to connect, it's about having a big gaping security hole and no
    easy way to close it.
    My choice, as well.
     
    Char Jackson, Jun 19, 2013
    #10
  11. Irwell

    miso Guest

    The WPS bug had to do with the poor implementation to create
    passphrases. How exactly is this the same as the UPNP problem? Again, I
    repeat, one element of the UPNP problem is when you turned off UPNP, it
    wasn't turned off.
     
    miso, Jun 20, 2013
    #11
  12. Irwell

    Char Jackson Guest

    The WPS bug that got widespread attention was related to a weakness that
    allowed an attacker to coax the router to cough up its passphrase. Before
    that, the advice had always been to use a long passphrase, but if the router
    is going to willingly cough it up upon request, then it doesn't matter how
    long and hairy it is. The worst part was that, with some routers, turning
    WPS off resulted in WPS actually remaining on (and therefore still
    vulnerable).
    Likewise with the widely reported WPS bug.
     
    Char Jackson, Jun 21, 2013
    #12
  13. Irwell

    miso Guest

    OK, I see that similarity (turning something off when but it is still
    on), but the basic problems are different.

    I know someone who used to work in software QA. When I first met the
    guy, my response was "Oh, they QA software?? You mean letting the
    customer find the bugs then QA writes them down?" Expense EDA software
    ships with bug lists so you don't bother them with bugs they know about.

    Coming from a hardware background, hardware could never get away with
    the bug level that is perfectly acceptable in software. While I'm not
    so sure I'd want analog flight controls in the 21st century, I don't get
    the warm and fuzzy feeling when these aircraft manufacturers boast about
    how many line of code are in their flight control system. I've seen
    stories on the net about Airbus having to boot computers while in
    flight. Here is a recent fubar report:
     
    miso, Jun 21, 2013
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.