Tomato Firmware on an ADSL+Router Combo device. Possible?

Discussion in 'hardware' started by techy65, Sep 8, 2012.

Thread Status:
Not open for further replies.
  1. techy65

    techy65 Registered Member

    Joined:
    Sep 8, 2012
    Posts:
    4
    Hello everyone.

    Last week I installed an ADSL connection at home with the Technicolor TG582n(ADSL Modem+Router combo) as the modem supplied by the ISP.

    As I don't really trust this device in terms of security(correct me if I'm wrong), can anyone please guide me on what I need to do to get behind a router on which I can install the Tomato firmware?

    In other words, are there any ADSL modem + router combo out there that I can flash with Tomato? This would be nice since space is limited on my desk and it would be great to achieve all this with just one device.

    And if not, can I plug a router to the Technicolor or this is not achievable since the latter is also a router?

    Thanks!
     
    Last edited: Sep 8, 2012
  2. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    657
    Location:
    Southwestern Massachusetts
    techy65,

    First of all, I assume you have looked at the Tomato firmware documentation via this link: http://www.polarcloud.com/tomato. If so, then you also know that this firmware will only run on a fairly small number of Broadcom-based routers.

    With this information in mind, you CAN attach another regular router to your ISP supplied Technicolor TG582n modem/router combo. To do this you will need to disable DHCP on your current router and assign a fixed IP address to your new router. There are a few other minor configuration changes that need to be made to make two routers operate concurrently. I will be glad to send you a link to several websites that describe this whole process in more detail if you decide to go this route.
     
  3. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    I personally think you should reset the device and then leave it alone - other than changing the default SSD and password. Then, limit access to your network by limiting the number of connections to the same number of devices you have, and, if you want, use MAC filtering to allow only those devices you allow. None of those will prevent a determined, experienced hacker determined to get you. But neither will deadbolts and guard-dogs stop a determined, experienced house burglar from breaking into your home. But it will stop that vast majority of wannabes and virtually all your nosy neighbors.

    But if you really want to minimize your security vulnerabilities, disable wireless completely and connect only via Ethernet.

    In any case, you must still ensure all your computers are fully updated, patched, scanned and blocked as necessary. And of course, since you (the user) will always be the weakest link in security, you must avoid risky behavior - like illegal filesharing via torrents or P2P sites, participation in illegal gambling/porn site, etc. I call that "Practicing Safe Computing".

    Yeah, I think that is wrong. You should NEVER trust implicitly. That is, don't assume. "Trust but verify". But the reality is, the router portion of that device adds a HUGE layer of security with NAT for your networked devices.

    The problem is the wireless side. You cannot hide radio waves which means you cannot hide your wireless network. PERIOD! Anybody, and I mean anybody can easily see any wireless network within range of their receiver. Because this is so simple, the often suggested disabling SSID Broadcasting provides no security advantage whatsoever.

    The danger with wireless is not really to your connected computers (assuming good "Safe Computing" practices), but rather the risk is badguys using your Internet connection to send spam/malware or launch DDoS attacks from your account and under your assigned IP address - making you look like the badguy.

    While it is pretty easy to secure the wireless side, it is another layer of administrative responsibility that must NEVER go lax. But at the same time, unless the badguy has a personal grudge against you and is specifically targeting you personally, they typically don't like to linger and seek "crimes of opportunity" - the "easy pickin's". So doing the simple things like changing the default passwords is typically enough to signal to the badguy roaming your streets that that network admin knows something about security and moves on to lower hanging fruit.

    ***

    To to ensure some understandings - remember, there is NO SUCH THING as a wireless router (or wireless modem). Those are marketing terms only.

    Routers have just one input and one output and are used to connect (or isolate) two networks. However, most routers ALSO have INTEGRATED into the same circuit board and box, a 4-port Ethernet switch. Two distinct, discrete, network "appliances" that just happen to be in the same box. Like a graphics card integrated with the motherboard.

    A "wireless router" is really 3 discrete network devices. The router, the switch, and a WAP - wireless access point.

    Finally, a "wireless modem" is 4 discrete devices. The router, the switch, the WAP, and now the modem. Four separate devices, sharing the same circuit board, same power supply, same case, and often the same user interface.

    My point is, because they are separate, with their own security issues, they need to be treated as separate devices, and not just one when you are wandering around their common menu system.

    As I said earlier, if you are concerned about security (and you are wise to be concerned), make it easy on yourself and disable wireless altogether and connect your devices via Ethernet. Then a badguy down the street, or driving around your neighborhood with his $300 notebook and homemade directional "cantenna" (antenna made from a tin-can) will never know you even have a network (and pawn-able computers) in your home. Nosy neighbors will never see your network either. And sadly, neighbors are often the most dangerous because they know your dog's name, for example, and thus can guess your passwords. Or they may start participating in illegal activities on the Internet, attracting unwanted attention on you.

    Wireless is great! Very convenient. But while easy to secure, it will never be as secure as a copper wire. So if you don't need wireless, don't use it. If running Ethernet is not possible or practical, then only use wireless for those devices that cannot connect via Ethernet and in every case, ensure every computer on your network has an able anti-malware solution and firewall, and the OS is kept current.
     
  4. techy65

    techy65 Registered Member

    Joined:
    Sep 8, 2012
    Posts:
    4
    Thank for the reply guys.

    1. Yes kdcdq, I was in fact very-close-to-100% certain that Tomato can only be installed on certain devices. I incidentally also own a Cable connection hooked to a WRT54GL that yes, has Tomato on it. But as for the TG582n, considering points 2 and 3 below, do you guys believe I should buy a different ADSL+Router combo to get rid of the ISP-locked TG582n? I understand that I should ideally go for an ADSL Modem + a router but as I said in my original post, space is limited on my desk :oops:

    2. Bill_Bright, I completely disabled WI-FI on the TG582n as I will not use it. As to your first point, unfortunately the ISP removed the Administrator user from the device so in poor words, I can do nada in terms of MAC filtering, etc.

    3. In fact, I was told that the device was altered so as the ISP can remotely check my connection or do any maintenance, if required. This is, to be honest, what concerns me the most. I mean, if my ISP can do it, anyone can, no?

    4. Of course, my PCs are indeed secure with an Internet Security software and I avoid all the no-no stuff you mentioned :)

    5. Speaking of the "wireless side", I do have it enabled on my Cable connection with a hard-to-guess password, MAC filtering, etc. but I would appreciate if you could expand a little on what you said, that is, that a nasty neighbour could use it to "send spam/malware or launch DDoS attacks". Am I right in assuming that here you mean that the nasty neighbour can do all this just by using the network rather than doing so by using one of my machines, connected to the network? I mean, the risk of wi-fi, if I understood right, is that someone could either:

    a. Get access to the network and do nasty stuff like spamming, etc. and this can be done even if my machines are all switched off.
    b. Get access to the network and having done so try to reach one of my machines connected to it.

    Right?

    6. And finally, on what you concluded with, and always about my Cable connection(WRT54GL + Tomato with Wi-FI installed), I only use wi-fi for what I call my "guinea pig" machine, hence the one where no personal information is stored, all the important machines are connected via Ethernet. Do you still recommend disabling WI-FI all together? Because I could connect the "guinea pig" via Ethernet as well but it needs to be a long, long cable :p

    Again, thanks a lot for your feedback, very kind.
     
    Last edited: Sep 9, 2012
  5. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    That is common. My ISP, Cox Communications, can access my cable modem too. But that IN NO WAY means they can access my network, or my computers. And typically, all they can really do is send a ping to it and see if they get a bounce, or they can send a reset to it, forcing it to release any IP and get another. I doubt they can even generate a firmware update from their end.

    That said, I do not see how they removed the admin user. They might be able to change its name and password, but you still need access to your router menus.

    If not, do you really need to use their modem? And I don't really see a need for both ADSL and cable, unless you absolutely, positively must have redundancy, 24/7/365.

    The most common use is to use your ISP connection to launch their various attacks - making you out to be the badguy.

    You can never be totally risk free, but you have taken the necessary steps to minimize problems - assuming you use WPA2, or at lest WPA.
     
  6. techy65

    techy65 Registered Member

    Joined:
    Sep 8, 2012
    Posts:
    4
    Yes mate, because of work I cannot afford to be offline in the morning and since Cable gave me some issues recently, I decided to install a backup connection.

    I know that the Administrator user was removed because I went inside the router via the IP, changed the URL with one I found online and a page with a list of users came up. There was only one, "User".

    To conclude, I will take your wi-fi advice seriously. Funnily enough, two weeks ago I found out that Tomato has a nifty feature allowing me to turn off wi-fi by pushing the Cisco logo on my router for 2+ seconds, I'll make sure to use it and to turn it back on ONLY when I need wi-fi :)
     
  7. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    Do you have to use their modem? I bought my own to use with my cable connection. It took a simple 3 minute call to my ISP to give them the new MAC address and for them to push out a new IP and I was good to go. And they could still "see" my modem, ping my modem, and flush and assign a new IP for my modem from their end - without being able to see past my router.
     
  8. techy65

    techy65 Registered Member

    Joined:
    Sep 8, 2012
    Posts:
    4
    That's a good question, I indeed have to check that.

    If they say I can use my own, what is the best ADSL Modem+Router combo there is on the market, preferrably without wi-fi? :)
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I use PFSense on a spare box. I do have a wireless adapter in it. It easily allows me to offer a segregated "zone" for the wifi. There are also many ways to "manage" the connections. Much more than a typical router. It might be overkill, but it does expand your options without having to flash firmware on the router.

    Just some food for thought.

    Sul.
     
  10. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    I don't use DSL so I don't know which is best. And remember, you don't need a "combo" modem+router. You just need a modem.
     
  11. Brian K

    Brian K Imaging Specialist

    Joined:
    Jan 28, 2005
    Posts:
    8,647
    Location:
    NSW, Australia
    techy65,

    I've no idea which is the best. I have a Billion 7800N. Two years old and hasn't missed a beat. Turning wireless OFF or ON is a single click on the computer. We have wireless turned ON most of the time and I'm not concerned. We use WPA2 security with a 63 character passphrase.
     
  12. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    I should point out that network hardware, and Ethernet and wireless protocols have been around for several years. Every device must support those protocols or they will not communicate. So really, the brand and model does not matter in terms of security, or functionality. So for most home and small office networks, that leaves quality of parts and construction as the differentiating factors and sticking with a major brand pretty much takes care of that.
     
  13. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    657
    Location:
    Southwestern Massachusetts
    I have used Netgear modem/router combos exclusively for years and have had nothing but good luck with them. :thumb:

    My $.02 worth... :)
     
  14. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    Yeah, my modem is a Motorola, but I have a Netgear Wireless-N router, and Linksys switches. No problems either.
     
Loading...
Thread Status:
Not open for further replies.