Re: Wireless router safety and vulnerabilities

On Sun, 30 Jul 2006 10:48:57 -0700 Jeff Liebermann <jeffl@xxxxxxxxxxxxxxxxxxxxxx> wrote:

| Try holding down the reset button for a continuous 60 seconds. I'm
| not sure of the official length of time that it has to be held but 60
| seconds should do the trick. Anything less just does a reboot.

My guess, from a design perspective, is that the button would have to
be held down for at least as long as the reboot sequence. 60 seconds
should be a workable value as I believe reboots should not take so long.

OTOH, some devices do not necessarily go through exactly the same steps
upon reset alone as they would during power up. So if the reset button
held for 60 seconds does not do the job, I would suggest powering off,
holding the reset button, and powering on with it held for at least the
same duration. So if this device does happen to have power on code that
would not be run otherwise, it gets a chance to see the button in the
held down state, and it might do a more complete reset of everything.
On some devices, however, this might also cause other less desirable
things to happen, such as total flash erasure and expecting a new flash
to be loaded from some special port or special network protocol. The
number of ways to engineer these things is larger than the number of
engineers doing the designs. But if all else has failed and you would
otherwise have a brick anyway, power on plus held reset can't make it
get much worse.


| It may actually be fried but you can usually tell by watching the
| lights on the front panel.
|
| India will ALWAYS say that it's fried so Linksys can sell you a new
| router. Nicely done.

More likely, they don't really care. Unless somehow they get a kickback
on more devices sold, it matters not to them. A friend of mine works in
one of these support centers in India. The company she works for gets
paid per call. The objective is then to get the call over with as soon
as possible during periods the call volume exceeds the scheduled staffing
so they can take all the calls they can get. Telling someone it's fried
is more likely to get the caller to conclude so they can move on to the
next call. In many of these operations, the staff will be paid per call
as well. In some others, staff are given a call quota and may be let go
if they repeatedly fall below quota.


| Last Thursday, I also shoved pins into a Linksys router. I probably
| caused your router to fail via voodoo.

Doesn't that require using a stuffed "pillow-like" imitation of a router?


|>How dangerous is a wireless router to one's health; in truth?
|
| There are no truths. Only research, tests, specifications, FAQ's, and
| political agendas. There are web sites that claim everything from
| grevious harm at any power level. The problem is that it's very
| difficult to prove a negative, in that RF does *NOT* create any
| problems. Need a list of likely candidate sites?
|
|>Is there a "safe" distance to place a wirless router from one's body so
|>as to not roast one's "gonads"?
|
| Yes. See:
| http://n5xu.ae.utexas.edu/rfsafety/
| Plug in:
| 0.050 watts
| 2.2dBi gain for the typical rubber antenna
| 10ft for distance of interest
| 2400 MHz for frequency
| which results in you being safe to a distance of 0.11ft or 1.3 inches.
| Try to avoid sitting on the antenna or swallowing the radio.

Time of exposure is also a factor. But it's not reciprocal. That is,
at half power, twice the time does not cause the same effect. The
primary mode of effect is heating. At lower power, the temperature
rise at the molecular level is so small that it just doesn't do much
as compared to the normal operating temperature.


| Please note that the RF from a wireless access point is not
| continuously in transmit like a cell phone. The duty cycle when idle
| is about 0.001 and when furiously downloading, perhaps 0.25. Your RF
| exposure is multiplied by these numbers to get average exposure, which
| is much less than the above calculations would indicate.

Local point to point file transfer (e.g. not involving the internet)
could conceivably get very close to 1.0 TX time factor. Not that I'm
worried about such a thing.


|>I heard you can "lock down" a wirelss router by using the specific MAC
|>address of the "only" computer I want sharing the network (my wife's
|>upstairs) Will my computer be safe?
|
| No. See the Security section in the FAQ at:
| http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security
| MAC addresses are very easily spoofed. Your only real protection is
| WPA encryption.

Without encryption, the traffic is in the clear, including the MAC
addresses. Someone wanting to get in can see what to spoof, so by
using MAC restrictions, you won't even have simple obscurity level
protection (unless you never use the MAC addresses that are allowed).

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2006-07-30-1350@xxxxxxxx |
|------------------------------------/-------------------------------------|
.