DGTeam firmware safe to use?

[sat_mad]

Hi folks,

Like many people, I'm going through various routers to see what works best...

I'm currently having a play with an ex-Sky DG834GT and have flashed it with the latest firmware.

I see many references to the DGTeam firmware, and just wanted to ask whether it was secure to use?

Also, I'd like to have a go with the Think Broadband ping monitor. Is it safe to make the router 'pingable' to allow this?

- Rich

[Steve]

I think the risks following making your router pingable are pretty small. DGTeam firmware have been around for a while and certainly your not reducing your security by trying this firmware.

[sat_mad]

Thanks for that Steve... will download DGTeam and have a play. 

[.Griff.]

I've used it in the past with a DG834GT with no problems at all.

[sat_mad]

Thanks for that. 

I'm guessing from what I've read online, that I'm supposed to use either the ...022c (Netgear driver) or ...023o (more features) versions.

My router info page mentions 022c, as it would being Netgear, so I'm leaning towards that. 

[Steve]

I think as you say different versions of the adsl driver.

[Gary]

I think the risks following making your router pingable are pretty small. DGTeam firmware have been around for a while and certainly your not reducing your security by trying this firmware.

Cant it leave you open to DDoS attacks if you are pingable?

[Steve]

It can but why would anyone want to attack my IP address in that fashion?

[Gary]

It can but why would anyone want to attack my IP address in that fashion?

I get random probes registered on my router now and then just DoS attacks, if I was pingable that would let them know I was there. There seem to be varying views on the safety of this, hence I was asking, Steve.

[.Griff.]

I get random probes registered on my router now and then just DoS attacks, if I was pingable that would let them know I was there. There seem to be varying views on the safety of this, hence I was asking, Steve.

You router log may report DOS attacks but it's not being attacked at all.

To that end if you Google "Netgear DOS attack" you'll see it's well known for misreporting attacks.

[Gary]

You router log may report DOS attacks but it's not being attacked at all.

To that end if you Google "Netgear DOS attack" you'll see it's well known for misreporting attacks.

I don't get many it does not report loads its pretty precise, a couple a year at best Griff, it has intrusion detection amongst other features. I just thought being pingable is something that says 'look here I am'  which is probably not the best thing to do on the net, ping floods would be easy also some worms have been known to use this as a way to find routers. I may be wrong, just enquiring. 

[.Griff.]

I just thought being pingable is something that says 'look here I am'  which is probably not the best thing to do on the net,

There's obviously beneficial reasons for a router replying to ICMP requests and I don't really buy into all that paranoia preached by software firewall companies wanting to sell products. The same applies with Netgear where a fairly innocent port scan is flagged up as a DOS attack.

A good quote I stumbled across regarding this issue -

You're not playing hide and seek. There are thousands or IPs on ISP accounts, all of which are known to be allocated to the ISPs customer user base and made publicly available at RIPE (for Europe).

Any malicious attacker looking for a target is going to scan IPs using proper tools, not just with ICMP echo. Thats what 5 years olds do playing hide and seek, and your router can keep out pretty much everything (unless you have port forwarding).

Adults use TCP and UDP pings and other tools.

So basically blocking ICMP echo is hurting you more than its hurting the attacker or "hacker" as the press calls them.

[Steve]

I think if the ony way they can find you is by pinging your router then they probably aren't go to do you any harm. Indeed if there is a genuine risk it would IMO be wrong of TBB to develop their quality meter.