Netgear N300 unique SSID and password

For discussing Linux compatible (or not) devices

Moderators: ChrisThornett, LXF moderators

Netgear N300 unique SSID and password

Postby Marrea » Tue Aug 13, 2013 4:46 pm

I’ve just bought and set up a new Netgear N300 (WNR2200) Wireless Router to replace a six-year-old malfunctioning Linksys BEFSR41. On the set-up sheet Netgear say:

"This product has a unique Wi-Fi network name (SSID) and network key (password). The default SSID and network key (password) are uniquely generated for every device (like a serial number), to protect and maximize your wireless security. This information is located on the label on the bottom of the product.

NETGEAR recommends that you do not change the preset Wi-Fi network name (SSID) and network key (password). If you do change the settings, the information on the bottom of the product does not apply."


What do you think about this? Bearing in mind they are stated to be unique, is it OK to leave the SSID and password as they are or would you change them?
User avatar
Marrea
LXF regular
 
Posts: 1877
Joined: Fri Apr 08, 2005 9:32 pm
Location: Chilterns, West Hertfordshire

Postby Rhakios » Tue Aug 13, 2013 5:30 pm

Sounds like round objects to me. The SSID can be found out by scanning for it even, I am given to understand, if you keep your network hidden. The password might well be unique, but I'm sure you could think up a unique password as well, however it might well be more secure than one dreamt up by those who prefer their dog's name or their children's birthdays.

Actually, you might say their idea is less secure, as anyone who has access to your house can, if they know where to look, find out your SSID and password.
Bye, Rhakios
User avatar
Rhakios
Moderator
 
Posts: 7634
Joined: Wed Apr 06, 2005 11:18 pm
Location: Midlands, UK

Postby Marrea » Tue Aug 13, 2013 7:39 pm

I have never bothered to hide my SSID for the precise reason you mention - that anyone who knows how can easily discover it by scanning - so there's not much point doing so. :roll:

However, I must say I find it slightly bizarre that a password for a device should be displayed on the bottom of that device. In actual fact, in the Netgear's case, once you have attached it to the supplied stand it is then in a vertical position and the password is no longer on the bottom any more but on the side and thus even more visible! :?
User avatar
Marrea
LXF regular
 
Posts: 1877
Joined: Fri Apr 08, 2005 9:32 pm
Location: Chilterns, West Hertfordshire

Postby wyliecoyoteuk » Tue Aug 13, 2013 8:24 pm

I think this has been done because of the vast numbers of routers out there with the default username, SSID and password.
Many people can't be bothered to change them.

At least this way, each unit has a unique SSID and password.
(I have seen some of these, and the SSID or password is often the serial number, one in France had an 18 digit password).
If you do change them, they can probably be reset.
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
User avatar
wyliecoyoteuk
LXF regular
 
Posts: 3461
Joined: Sun Apr 10, 2005 10:41 pm
Location: Birmingham, UK

Postby GregS » Tue Aug 13, 2013 11:07 pm

wyliecoyoteuk wrote:I think this has been done because of the vast numbers of routers out there with the default username, SSID and password.
Many people can't be bothered to change them.

At least this way, each unit has a unique SSID and password.
(I have seen some of these, and the SSID or password is often the serial number, one in France had an 18 digit password).
If you do change them, they can probably be reset.

Indeed. Had recent experience with this, using any browser (you need to find the address of your router, this may be default or unique to your ISP, as in our case) it is a reasonably simple matter to access and change these details.

One possible reason to change SSID is that, at least in our part of Oz, there are a number of other users with a "Bigpond" ISP-assigned SSID which can be somewhat confusing, particularly when the kids are wanting to use their school laptops on the home network.

Similarly, I would want to reassign the password to something that is NOT displayed on the router for any casual visitor to see...
User avatar
GregS
 
Posts: 98
Joined: Thu Aug 03, 2006 3:54 am
Location: Oz

Postby guy » Wed Aug 14, 2013 9:41 am

"If you change the SSID and/or password then we will not be able to monitor your device under our support guarantee and fix any problems we detect (e.g. firewall configuration), to ensure that it remains functional and secure."

Not happened yet AFAIK but I see that one coming.
Cheers,
Guy
The eternal help vampire
User avatar
guy
LXF regular
 
Posts: 1078
Joined: Thu Apr 07, 2005 12:07 pm
Location: Worcestershire

Postby roseway » Wed Aug 14, 2013 11:45 am

That sounds like an excellent reason to change the SSID and password. I certainly wouldn't want Netgear (or anyone else) being able to monitor my setup.
Eric
roseway
LXF regular
 
Posts: 450
Joined: Thu Jan 18, 2007 2:27 pm

Postby Marrea » Wed Aug 14, 2013 11:52 am

GregS wrote:Similarly, I would want to reassign the password to something that is NOT displayed on the router for any casual visitor to see...


Couldn't agree more!

My previous router, the Linksys, was not wireless enabled but about four years ago I decided to add a wireless access point. Knowing virtually nothing about wireless I read up on it and discovered that it was best to have a fairly long password, not using any dictionary words but a mixture of numbers and letters, upper and lower case. So I followed that advice and created a 15 character password, which (again I had read this was a good idea) I changed from time to time.

On my new Netgear router, I am not convinced myself that their “uniquely generated” password is particularly well chosen and I do really wonder whether it is in fact “unique” or whether, say, it might be found on another Netgear router or, if not the exact same password, something very similar. I am undecided at the moment whether to change it or not.

I am now trying to find out about WPS which I do not want to use but have not so far found any way to disable. From what little I have read I believe there may be security risks with WPS? The user guide says you can turn it off by pressing the WPS button on the front of the router but all that happens when I do that is the light flashes for a bit and then stays on. It seems to be linked to the wireless on or off button next to it. If I turn the wireless button off, the WPS light goes out and stays out. If I turn the wireless button on, the WPS light also turns on. The WPS button does not appear to work independently of the wireless button as far as I can see.

Paranoia or what. :(
User avatar
Marrea
LXF regular
 
Posts: 1877
Joined: Fri Apr 08, 2005 9:32 pm
Location: Chilterns, West Hertfordshire

Postby Marrea » Wed Aug 14, 2013 11:54 am

roseway wrote:That sounds like an excellent reason to change the SSID and password. I certainly wouldn't want Netgear (or anyone else) being able to monitor my setup.


Yes, I must say I find that somewhat disturbing.
User avatar
Marrea
LXF regular
 
Posts: 1877
Joined: Fri Apr 08, 2005 9:32 pm
Location: Chilterns, West Hertfordshire

Postby towy71 » Wed Aug 14, 2013 1:02 pm

all BT home homehub3s have the router id and the ssid on an easily removable little tab so that you don't have to worry about such things and they also supply two stickers with the same info in case you want to pass that around too :roll:
still looking for that door into summer
User avatar
towy71
Moderator
 
Posts: 4264
Joined: Wed Apr 06, 2005 2:11 pm
Location: wild West Wales

Postby paulm » Wed Aug 14, 2013 6:01 pm

Marrea wrote:I am now trying to find out about WPS which I do not want to use but have not so far found any way to disable. From what little I have read I believe there may be security risks with WPS? The user guide says you can turn it off by pressing the WPS button on the front of the router but all that happens when I do that is the light flashes for a bit and then stays on. It seems to be linked to the wireless on or off button next to it. If I turn the wireless button off, the WPS light goes out and stays out. If I turn the wireless button on, the WPS light also turns on. The WPS button does not appear to work independently of the wireless button as far as I can see.

Paranoia or what. :(


So far as I can see, justified paranoia. There have been a number of reports of serious security problems with WPS. For instance, see the below:

http://www.netstumbler.com/2013/01/18/w ... ll-of-wps/

http://www.it-sp.eu/index.php?option=co ... &Itemid=74

Those are only a few of the reports. Enough to make me disable WPS on my current (horrible, awful) Technicolor 582n router. And enough for the author of the replacement firmware for my soon to be deployed Ausus RT-N56U router to remove WPS completely.

I'd be looking hard for ways to disable it in the Netgear....

Paul.
paulm
LXF regular
 
Posts: 242
Joined: Mon Apr 03, 2006 4:53 am
Location: Oxfordshire, UK

Postby Marrea » Wed Aug 14, 2013 8:22 pm

paulm wrote:I'd be looking hard for ways to disable it in the Netgear....


Thanks for the links. I have now found this on the Netgear site

http://kb.netgear.com/app/answers/detai ... rute-force

and have accordingly disabled the PIN in the router's GUI as described in that article. However, the WPS button on the front of the router will still not turn off (ie the green light refuses to disappear) so I shall just have to keep my fingers crossed that what Netgear say about only the router PIN method being vulnerable to brute force attack is correct.
User avatar
Marrea
LXF regular
 
Posts: 1877
Joined: Fri Apr 08, 2005 9:32 pm
Location: Chilterns, West Hertfordshire

Postby Marrea » Fri Aug 16, 2013 2:39 pm

Update on above

I contacted Netgear via their support site to tell them that I had disabled the router’s PIN but should welcome clarification about how to turn off WPS completely, as I had found it impossible to do this by pressing the WPS button on the front of the unit although the User Guide implies I should able to do this. They have replied as follows:

"I have reviewed your case and I understand that you need assistance in disabling the WPS function of the router.

For your query about the WPS function:

The WPS will be enabled automatically if the security is set to WPA, thus disabled when using WEP (54 Mbps). The Push Button will still work even though you have disabled the PIN on the settings. Only the use of the PIN will be disabled."


So - assuming I have read this correctly - if I have security set to WPA (which I have) I am stuck with having WPS enabled; and the only way I can turn WPS off completely is by setting the security to WEP, which will allow any determined hacker to break in within 60 seconds.

Hmmm :shock:
User avatar
Marrea
LXF regular
 
Posts: 1877
Joined: Fri Apr 08, 2005 9:32 pm
Location: Chilterns, West Hertfordshire

Postby Marrea » Sun Aug 18, 2013 4:10 pm

Latest update

I have been back to Netgear on this and they have replied as follows:

"I am aware that you would like to confirm if changing the security into WEP is the only way to completely disable the WPS function of your NETGEAR WNR2200.

In response to your inquiry - yes, as of now, the only way to completely disable WPS is by changing the security into WEP. We have taken note of your comments though and we will try to come up with a firmware that will enable users to completely disable WPS."


I am pleasantly surprised that they have taken my comments on board and offered to try and do something about the situation. I shall wait and see what happens.
User avatar
Marrea
LXF regular
 
Posts: 1877
Joined: Fri Apr 08, 2005 9:32 pm
Location: Chilterns, West Hertfordshire

Postby Rhakios » Sun Aug 18, 2013 4:58 pm

Marrea wrote: I shall wait and see what happens.


Netgear wrote:Today we are proud to announce the Netgear N301 wireless router with enhanced security customisation options, including the ability to disable WPS! (RRP £59.99)


What? Do you think me too cynical? :roll:
Bye, Rhakios
User avatar
Rhakios
Moderator
 
Posts: 7634
Joined: Wed Apr 06, 2005 11:18 pm
Location: Midlands, UK

Next

Return to Hardware

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 1 guest