[dba-Tech] Most Brand Name Routers Are Lemons, Claims New Study

Gary Kjos garykjos at gmail.com
Thu Aug 17 10:16:36 CDT 2017


I've got a weird router related thing going on at home. We use the
Comcast provided combination Modem/Router.  It's a Cisco Model
DPC3941T DOCSIS 3.0 24x4 Wireless Residential Voice Gateway - wireless
router - cable mdm - 802.11b/g/n/ac - desktop  But I am pretty sure
it's not a router problem.

Everything works perfectly most of the time.  BUT when the outside
temp is over 78 degrees we have no internet connection.  The WIFI
Still works and I can get from one machine to another inside the
house.  But no Internet available UNTIL the outside temp goes back
down below 78 or so.  So this has meant that on warmer days we have no
internet from about 10:30 am until about 7:30 pm. TV still works
perfectly during that time and it comes in on the same cable.  PHONE
does NOT work during that time.  Comcast wants to come and look at the
wiring and I guess I probably need to have them do that.  When it's
working I get upwards of 180 MB download and 12 MB uploads so it's
very fast.  On days when it's cooler - like today it's only going to
be a high of 69, it will work perfectly all day.  I have gotten a new
router and it hasn't changed anything.  I think the problem is outside
of our house someplace.  Maybe a network switch in a cabinet someplace
in my neighborhood that sits in the sun and is overheating.    I just
don't like having the Comcast guys poking around in my house so I've
resisted having them out to do that when I know it will be working
again as soon as it cools off outside.  And it should be noted that we
run our A/C most of the time when it's warm out.  but it won't
normally kick on until about 4 or 5 pm in the afternoon when the sun
starts to bake us from the west.  The wiring enters the house on the
northeast corner of the house. It's in a shady location protected by
shrubbery.  The local cable box that we plug into is also shaded by
shrubbery.  It's just goofy.

Oh and while the internet and phone is not working we still get the
caller ID notifications on our televisions that tell us who is calling
but the phone doesn't ring.

On Wed, Aug 16, 2017 at 10:37 PM, John Bartow <jbartow at winhaven.net> wrote:
> Your trusted home office/small business router is quite likely to be a lemon, according to findings from a new http://resources.sei.cmu.edu/asset_files/SpecialReport/2017_003_001_502618.pdf done by Carnegie Mellon researchers. The study, released this month, found security flaws in all of its test models, all from leading brands.
> The flaws included cross-site request forgery vulnerabilities, default login credentials, vulnerability to DNS spoofing and outdated versions of the embedded Linux utility, BusyBox.
> The researchers analyzed 13 routers from such manufacturers as Apple, Belkin, Huawei, Motorola and Netgear, between 2014 and 2016.
> The researchers said they hoped their study would provide clear metrics about the https://en.wikipedia.org/wiki/The_Market_for_Lemons effect, which refers to the term for how quality products disappear from a market, driving down prices and value.
> When vulnerabilities were found in products, Carnegie Mellon contacted the manufacturers, giving them 45 days to work on the issues before publicly releasing the details. In general, the vendors were slow to respond, with some not responding at all.
> For example, the study found several issues with Securifi's Almond router, notably that it was vulnerable to clickjacking, cross-site request forgery and, in one older model, didn't deliver firmware updates over HTTPS.
> Securifi said it would release an update within 45 days. Although the company provided an update to the researchers, it failed to announce the update on its website. The vendor did not list the update on its support website or on the router's update interface.
> The sheer volume of vulnerabilities in routers demands a new approach, one that could more tightly monitor router manufacturers and "help form a clearer picture of how different vendors and products measure up," claimed the study, which was funded by the U.S. Department of Defense.
> One solution to router problems is a public database of vulnerabilities that could help clean up the industry, noted the study. Bug reports could be left for open comments, allowing for further validation and providing a clearer picture on how vendors deal with issues.
> "Following widely accepted disclosure practices, a vendor would be given 45 days to respond to vulnerability reports," the study observed. "After the 45 days, the report would be added to a public database."
> Unfortunately, the study did not recommend any router. So, if you're in the market for a new router or simply want to ditch your present lemon, there's not much left to say, other than to read https://www.pcmag.com/article2/0,2817,2398080,00.asp for possible inspiration.
>
> https://www.vipre.com/blog/brand-name-routers-lemons-claims-new-study/?utm_source=email_VSN_Main_List&utm_medium=email%25(internal)&utm_campaign=Newsletter_08162017&utm_content=Brand_Routers
>
>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com



-- 
Gary Kjos
garykjos at gmail.com



More information about the dba-Tech mailing list