Logging your connectivity

I had a message this morning from a friend who was having intermittent disconnection issues on their internet. The network itself was fine and, when using another provider, that too was working so it came down to evidence gathering to support the case to the ISP to investigate.

As a quick throw together, we came up with the following using wget and a batch file to repeat the command every x minutes.

Continue reading “Logging your connectivity”

“Factory” resetting an OpenWRT router

There are many reasons to re-flash your  home router with a different OS than the one the manufacturer has cobbled together, the Misfortune Cookie attack (US-CERT) is just one of them, Having been involved in the testing of a number of domestic xDSL routers, I have a rather low opinion on the amount of care put into the default security levels of consumer devices (but that is not what this post is about).

Image Credit: commons.wikimedia.org
Image Credit: commons.wikimedia.org

I have chosen to utilise OpenWrt on one of my internal wireless access points, and – during a reconfiguration of the network, I managed to bork the settings by not paying attention. With an out-of-the-box device, there is usually a ‘Reset’ button you can hold in while powering up the device which will clear all settings and return you to the initial un-configured state. This is not quite the case with OpenWrt, but it is still a fairly easy process to return your router to a known state, and begin the configuration process again.

  • Disconnect WAN cable
  • Unplug power to router
  • Set your computers IP address to:
    • IPv4 Address: 192.168.1.2
    • Netmask: 255.255.255.0
    • Gateway: 192.168.1.1
  • Re-power your router, pressing the ‘reset’ button when the status light begin blinking (fast)
  • Using PuTTY (or your favourite *TELNET* client), connect to 192.168.1.1 and you should see the OpenWrt prompt. Type the commands below (in red) to reset the router to it’s initial, preconfigured state:
-----------------------------------------------------
root@(none):/# mount_root
jffs2 is ready
jffs2 is ready
switching to overlay
root@(none):/# firstboot
This will erase all settings and remove any installed packages. Are you sure? [N/y]
y
/dev/mtdblock3 is mounted as /overlay, only erasing files
root@(none):/# reboot –f
  • Unset your static IP and have fun reconfiguring your router.

Reflashing a Rooted Router

I have a couple of Open Mesh Indoor Access Points that I’ve used for various projects, the most recent of which being the provision of WiFi for our Teenage Subnet.

Open Mesh - Indoor Access Point
I have the OM1 version, not the OM2 pictured here – they are similar however.

These devices have a very cool history. Originally created under the banner of Meraki (since sold to Cisco and thenceforth diverging from its open source roots), the Open Mesh has a really strong community behind it both in the development and the after-market support camps.

Long story short, one of the nodes decided to pack a sad and nothing I could do from the control panel would get the dang thing to talk to the network again.. so that’s when I rolled out the big guns.
It was to these guys that I turned my web browser, and true to form was soon rewarded with this very good HOWTO explaining the step by step of reflashing an open mesh device.

While I have archived a copy of the article in case the original gets moved, I would caution the visiting reader to seek their fortunes in the community forums updated documentation should you stumble across this page at any great length time after it is initially published.

FlashThe one edit I would make would be to ensure that, in Windows, you open the command prompt as an Administrator. For me, the flash program would not detect any interfaces until I did this.

Happy flashing!

XBox Live via an OpenWRT router

One of the concerning requests of Xbox Live connectivity, is to enable UPnP or ‘Universal Plug and Play’ on your home router.

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network. In the past, I have advocated for this to be switched off by default in consumer grade routers and I explain the UPnP threat in another post.

Getting back on track, my security conscious view for our home network does nothing for a teenage boy who received an Xbox Live subscription for his birthday and, while some aspects of the Live subscription work, others – such as game sharing will fail. With this in mind, we need to setup port forwarding, rather than implement UPnP, to connect said teenager to his gaming buddies and keep our network free of the risks introduced by enabling UPnP.

Continue reading “XBox Live via an OpenWRT router”

UPnP – Why I don’t allow it on my Home Network

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network.

TLDR; UPnP is a flawed protocol which has been leveraged numerous times to conduct widespread attacks via large numbers of insecure devices. Do not enable UPnP on your network. Or do, but understand the potential consequences of your decision.

The rest of what follows is a rant/opinion/soapbox based on a number of years of experience in the real world of IT Security and Risk Analysis, and the cumulative research on the subject that goes with such. Continue reading “UPnP – Why I don’t allow it on my Home Network”

Tweaking the Home Network – pfSense Firewall [Part 2: Initial Configuration]

Initial Configuration (via Web Browser)

In the previous article, we set up (at least) two network interfaces. The first, facing the Internet (the WAN) and the second facing the internal network (the LAN).

In our instance, our WAN interface will simply pass traffic onto our existing internal network, where it is subject to existing rules and management, while the LAN interface will become the first node of our new ‘Teenage Subnet’ through which our older boys (and possibly their friends) will access the network resources (including access to the Internet).

The new network: Users are seperated into subnets

So, anyway, we have a machine happily whirring away running pfSense and two interfaces configured, the WAN and the LAN. Now we need to connect up and get things configured.

Continue reading “Tweaking the Home Network – pfSense Firewall [Part 2: Initial Configuration]”

Tweaking the Home Network – pfSense Firewall [Part 1: Installation]

So, now we have teenagers, I’ve realised a need to create a little more separation with our home network. The intent of this is to give them a segment of the network where they can connect their wireless devices, use the internet and allow their friends to also connect their devices when they visit. With freedom comes responsibility, so we also want to be able to enforce limits on the hours of use, conserve bandwidth, and attempt to protect them from malware and viruses.

Future enhancements may include traffic reporting, content filtering – but for now we want to get them off the core network, and onto their own segment.

070523-F-9059M-226So, now we have teenagers, I’ve realised a need to create a little more separation within our home network. The intent of this is to give them a segment of the network where they can connect their wireless devices, use the internet and allow their friends to also connect their devices when they visit.

With freedom comes responsibility, so we also want to be able to enforce limits on the hours of use, conserve bandwidth, and attempt to protect them from malware and viruses.

Future enhancements may include traffic reporting, content filtering – but for now we want to get them off the core network, and onto their own segment.

Continue reading “Tweaking the Home Network – pfSense Firewall [Part 1: Installation]”

Notes from Barcamp Auckland 2010

Barcamp Auckland is an annual gathering of developers, designers, start-ups and social-media types. It’s a full day event held in an ‘unconference’ like style, where the attendee (see my attendee & interested folks list on Twitter) set the schedule – and people turn up to discuss topics which interest them.

The following are the session notes I took during this years Auckland Barcamp

Continue reading “Notes from Barcamp Auckland 2010”

Profiling my Power

To celebrate the introduction of the Emission Trading Scheme (ETS*) in New Zealand today (1 July 2010), I thought I’d publish the following article on what I’m doing in terms of residential Power Monitoring.

Read on for:

The Back Story

A few years ago, I was working on what devices would sit in an ‘average’ connected home and, given the sheer volume of ‘things’ – it be came clear that not only would a homeowner need to justify the existence of each device, but also their unseen costs in terms of installation, maintenance and ongoing power usage.

To answer the last of these, I bought a device called a Centameter which, aside from the benefit of being designed in NZ, measured the current power usage via an induction clamp and transmitter which sits in the power meter box and sends the data through to a LCD display.

After a couple of attempts to elicit a response from the manufacturer, I asked an electrical engineering friend of mine to see what information they could pull from the display unit as we wanted to capture and graph this data over time. The short story is, while we could get some information out of the device, the time required to make this meaningful far exceeded what he was able to donate to the project so things were shelved – until now.

Continue reading “Profiling my Power”

The Big Move: Weather Station is GO!

Okay – after a bit of fnarkling, we’re back with Temperature, Humidity as well as that ever useful Wind and Rain data.

Not only are we transmitting in elegant Flash interactivity, we’re also on Twitter – should that be your thing (note, this is currently set to tweet every 15 minutes).

So – there we go, weather data is being captured, next steps (after house wiring) is to get a live weather cam up and running so you too can enjoy our lovely view.