Building The Perfect Home Router

When a favorite piece of hardware dies, it’s fairly common to experience a bit of dread. The thought that now you’ll have to go through the process of getting a replacement for the device can be very troubling, and is fraught with difficult questions. Is the hardware still available? Has it been made obsolete by something else in the time you’ve had it? But while it can be a hassle, there’s no question you can come out the other side better than you went in. Sometimes it takes the passing of an old piece of gear for you to really embrace what’s possible with the latest and greatest.

That’s exactly what happened to [Tyler Langlois]. When his trusty home router finally gave up the ghost, he was left with a couple of options. He could get another consumer router, upgrade to a enterprise-level model, or take the road less traveled and build his own router to his exacting specifications. Since you’re reading about it on Hackday, we’ll give you one guess as to which door he went through.

The blog post [Tyler] has written up about the saga of building his own router is an incredible resource for anyone who might be thinking of taking the plunge into DIY networking. From selecting the proper hardware to the nuances of getting all of the software packages installed, this is an absolute treasure trove. At the beginning of the post he mentions that the post shouldn’t be considered a comprehensive guide, but considering we’ve seen commercial hardware that wasn’t documented this well, we’d have to respectfully disagree on that point.

Some elements of his homespun may come as something of a surprise. For one, [Tyler] bucked the hive mentality and determined the Raspberry Pi simply wasn’t up to the task due (at least in part) to the single 100 Mbps network interface. He ended up going with an ESPRESSObin, a relatively niche Linux SBC that features an onboard gigabit switch in addition to a fairly hefty spec sheet. He also decided to forgo WiFi entirely, and leave the intricacies of wireless networking to a standalone access point from Ubiquity.

A router is often overlooked as just another piece of consumer kit sitting around the house, but it’s actually an excellent place to flex your creative and technical muscle. From adding a remote display to converting it into a mobile battle tank, there’s a lot more you can do with your router than stare at the blinkenlights.

3D Printed Raspberry Pi NAS With Dual Drive Bays

While it might not pack the computational punch you’d usually be looking for in a server platform, you can’t beat how cheap the Raspberry Pi is. As such, it’s at the heart of many a home LAN, serving up files as a network attached storage (NAS) device. But the biggest problem with using the Pi in a NAS is that it doesn’t have any onboard hard drive interface, forcing you to use USB. Not only is this much slower, but doesn’t leave you a lot of options for cleanly hooking up your drives.

This 3D printable NAS enclosure designed by [Paul-Louis Ageneau] helps address the issue by integrating two drive bays which can accommodate 2.25 inch laptop hard disk drives and their associated IB-AC6033-U3 USB adapters. The drives simply slide into the “rails” designed into the case without the need for additional hardware. There’s even space in the bottom of the case for a USB hub to connect the drives, and a fan on the top of the case to help keep the whole stack cool. It still isn’t perfect, but it’s compact and doesn’t look half bad.

The design is especially impressive as it doesn’t require any supports, an admirable goal to shoot for whenever designing for 3D printing. As an added bonus, the entire case is designed in OpenSCAD and licensed under the GPL v3; making modification easy if you want to tweak it for your specific purposes.

This certainly isn’t the strongest Raspberry Pi enclosure we’ve ever seen, that title would have to go to the ammo case that does double duty as a media streamer, but looks like it would make a great home for that new 3 B+ you’ve got on order.

Memcached Servers Abused For DDoS Attacks

Cloudflare announced recently that they are seeing an increase in amplification attacks using memcached servers, and that this exploit has the potential to be a big problem because memcached is capable of amplifying an attack significantly. This takes DDoS attacks to a new level, but the good news is that the problem is confined to a few thousand misconfigured servers, and the solution is to put the servers behind a tighter firewall and to disable UDP. What’s interesting is how the fundamental workings of the Internet are exploited to create and direct a massive amount of traffic.

We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or computer with unsecured firmware. Once the device is compromised, the malicious user can control the botnet and have it execute code. This code could mine cryptocurrency, upload sensitive data, or create a lot of web traffic directed at a particular server, flooding it with requests and creating a distributed denial of service (DDoS) attack that takes down the server. Since the server can’t distinguish regular traffic from malicious traffic, it can’t filter it out and becomes unresponsive.

This DDoS attack is limited to the size of the botnet’s bandwidth, though. If all the web cameras in the botnet are pounding a server as fast as they can, the botnet has reached its max. The next trick is called an amplification attack, and it exploits UDP. UDP (as opposed to TCP) is like the early post office; you send mail and hope it gets there, and if it doesn’t then oh well. There’s no handshaking between communicating computers. When a device sends a UDP packet to a server, it includes the return address so that the server can send the response back. If the device sends a carefully crafted fake request with a different return address, then the server will send the response to that spoofed return address.

So if the web camera sends a request to Server A and the response is sent to Server B, then Server A is unintentionally attacking Server B. If the request is the same size as the response, then there’s no benefit to this attack. If the request is smaller than the response, and Server A sends Server B a bunch of unrequested data for every request from the camera, then you have a successful amplification attack. In the case of memcached, traffic can be amplified by more than 50,000 times, meaning that a small botnet can have a huge effect.

Memcached is a memory caching system whose primary use is to help large websites by caching data that would otherwise be stored in a database or API, so it really shouldn’t be publicly accessible anyway.  And the solution is to turn off public-facing memcached over UDP, but the larger solution is to think about what things you are making available to the Internet, and how they can be used maliciously.

Router Rebooter Eliminates Hassles

Some low-end or older routers might get you a decent WiFi network in your house or apartment, but often these cheaply made devices are plagued with subtle software problems that cause the router itself to become unresponsive after a few days of operating. One solution is to just power cycle the router by hand whenever the Internet disappears, but a better solution is to build something that does that for you.

[Charlie] had this problem as the de facto IT person in his family, and didn’t want to keep getting bothered for such a simple problem. His solution involves a relay, an ESP8266, and a Wemos D1 mini. The device connects to the Internet through the router and occasionally sends out pings to another address. If it can’t ping the address successfully after a certain time period, the device power cycles the router by activating the relay.

Since this isn’t the newest idea out there, there are many ways to solve this problem if you are constantly annoyed by router issues, whether from your own router or from friends and family who treat you as their personal IT department. One solution doesn’t involve any extra hardware at all as long as you have a computer near your router/modem already, and others solve this problem when it happens to the modem rather than the router.

Continue reading “Router Rebooter Eliminates Hassles”

34C3: Roll Your Own Network Driver In Four Simple Steps

Writing your own drivers is a special discipline. Drivers on the one hand work closely with external hardware and at the same time are deeply ingrained into the operating system. That’s two kinds of specialization in one problem. In recent years a lot of dedicated networking hardware is being replaced by software. [Paul Emmerich] is a researcher who works on improving the performance of these systems.

Making software act like network hardware requires drivers that can swiftly handle a lot of small packets, something that the standard APIs where not designed for. In his talk at this year’s Chaos Commnication Congress [Paul] dissects the different approaches to writing this special flavor of drivers and explains the shortcomings of each.

Continue reading “34C3: Roll Your Own Network Driver In Four Simple Steps”

Aireon Hitchhikes On Iridium To Track Airplanes

SpaceX just concluded 2017 by launching 10 Iridium NEXT satellites. A footnote on the launch was the “hosted payload” on board each of the satellites: a small box of equipment from Aireon. They will track every aircraft around the world in real-time, something that has been technically possible but nobody claimed they could do it economically until now.

Challenge one: avoid adding cost to aircraft. Instead of using expensive satcom or adding dedicated gear, Aireon listen to ADS-B equipment already installed as part of international air traffic control modernization. But since ADS-B was designed for aircraft-to-aircraft and aircraft-to-ground, Aireon had some challenges to overcome. Like the fact ADS-B antenna is commonly mounted on the belly of an aircraft blocking direct path to satellite.

Challenge two: hear ADS-B everywhere and do it for less. Today we can track aircraft when they are flying over land, but out in the middle of the ocean, there are no receivers in range except possibly other aircraft. Aireon needed a lot of low-orbit satellites to ensure you are in range no matter where you are. Piggybacking on Iridium gives them coverage at a fraction of the cost of building their own satellites.

Continue reading “Aireon Hitchhikes On Iridium To Track Airplanes”

ADSL Robustness Verified By Running Over Wet String

A core part of the hacker mentality is the desire to test limits: trying out ideas to see if something interesting, informative, and/or entertaining comes out of it. Some employees of Andrews & Arnold (a UK network provider) applied this mentality towards connecting their ADSL test equipment to some unlikely materials. The verdict of experiment: yes, ADSL works over wet string.

ADSL itself is something of an ingenious hack, carrying data over decades-old telephone wires designed only for voice. ADSL accomplished this in part through robust error correction measures keeping the bytes flowing through lines that were not originally designed for ADSL frequencies. The flow of bytes may slow over bad lines, but they will keep moving.

How bad? In this case, a pair of strings dampened with salty water. But there are limits: the same type of string dampened with just plain water was not enough to carry ADSL.

The pictures of the test setup also spoke volumes. They ran the wet string across a space that looked much like every hacker workspace, salt water dripping on the industrial carpet. Experimenting and learning right where you are, using what you have on hand, are hallmarks of hacker resourcefulness. Fancy laboratory not required.

Thanks to [chris] and [Spencer] for the tips.