MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
August
Sun Mon Tue Wed Thu Fri Sat
         
15
           
2008
Months
Aug


Fri, Aug 15, 2008 6:38 pm

Belkin Wireless G Router Model F5D7230-4 Logs

I tested a Belkin Wireless G Router Model F5D7230-4 router that I had purchased for home use by my mother-in-law, but later replaced with a Linksys wireless router after she had a network access problem that I traced to the Belkin router not responding. I thought I might be able to use it to isolate and test systems that I suspected were infected with malware.

The version information for the router I tested is shown below:

Firmware version:F5D7230-4_US_8.01.07
Boot version:v1.01
Hardware version:F5D7230-4 6000

The Belkin F5D7230-4 router has a security logging feature that shows a "system log" and a "firewall log", but the logging capabilities provided by the router are extremely limited. There's no way to have a log transmitted by email or for log information to be transmitted from the router by syslog. And the information logged is very rudimentary.

The example below shows entries in the system log for attemnpts I made from a system at 192.168.2.4, which was on the WAN side of the router, to login with an incorrect password, from a system that wasn't allowed to remotely manage the router. The entries in the firewall log section are from an nmap scan I ran against the router from a system on the WAN side of the router.

Log File
System log:

Administrator login fail, Access deny - IP:192.168.2.4
Administrator login fail, Access deny - IP:192.168.2.4
Administrator login fail, Access deny - IP:192.168.2.4
Friday Aug 15 15:22:05 2008 - 192.168.5.4 login
Administrator login fail, Access deny - IP:192.168.2.4
Administrator login fail, Access deny - IP:192.168.2.4
Friday Aug 15 15:22:09 2008 - 192.168.5.4 login
Administrator login fail, Access deny - IP:192.168.2.4
Administrator login fail, Access deny - IP:192.168.2.4
Friday Aug 15 15:22:29 2008 - 192.168.5.4 login


Firewall log:
Friday Aug 15 15:24:00 2008 1 Blocked/RST by DoS protection 192.168.2.5
Friday Aug 15 15:25:13 2008 1 Blocked/RST by DoS protection 192.168.2.5
Friday Aug 15 15:26:20 2008 1 Blocked/RST by DoS protection 192.168.2.5
Friday Aug 15 15:27:32 2008 1 Blocked/RST by DoS protection 192.168.2.5

The router provides the capability to set "client IP filters" that allow one to limit outbound access through the router from systems on the LAN side of the router. You can specify an IP range and port range to be blocked and whether the block should apply only during specified days of the week and times or whether the block should always apply. And you can easily enable and disable a block. Using that capability you can limit outbound email access to only certain systems, etc.

There is also a "Parental Control" feature. Belkin states "Belkin's Parental Control protects you and your children/employees from objectionable content on the web. Parental Control comes pre-configured to block many types of web content, but is custom configurable to be more or less restrictive. Any web site can easily be set to be either, always blocked, or always allowed." That feature requires a subscription to Belkin's parental control service.

I had hoped that, if I specified a port block in the client IP filters section, I would see firewall log entries, if a system on the inside of the router attempted to access a system on the outside on a blocked port. Alas, no entries appear in the firewall log in such cases. For me, that makes the firewall logging capability provided by the router too limited to be of much value. I'd have to put a real firewall in front of it.

And for rating its security, you can access a lot of information from the router without even logging into it. If you use your web browser to access the router you can see the following information without logging into the router:

Version Info LAN Settings
Firmware Version LAN/WLAN MAC
Boot Version IP Address
Hardware (model number) Subnet Mask
Serial No. DHCP Server (enabled/disabled)
 
Internet Settings Features
WAN MAC Address NAT (enablded/disabled)
Subnet Mask SSID
WAN IP Security (enabled/disabled)
DNS Addresses  

If the router is going to be used strictly for home use, making that information so readily available may not be a big concern, since, hopefully, family members connected by cables to the router can be reasonably trusted. Hopefully, wireless protection has been activated, so that no one can easily access the device, since providing all of that information so readily then could make an attacker's job much easier.

In addition to the lack of logging functionality, I have concerns regarding the router's reliability. I replaced it at my mother-in-law's house after she had some problems printing via the wireless interface in her laptop. I traced the problem to the Belkin router not responding. Powering the router off and on resolved the problem, but this happened a couple of times and I thought it best to replace the router. I also encountered problems with the router not responding when I tested it. The problems occurred within just a few minutes of testing. While logged into the router from a system on the LAN side, I tried accessing it from the WAN side from a system permitted to manage the router. I wanted to see what be logged if I entered the wrong password from that system. Well, the router simply stopped responding completely. I couldn't even ping it from either the WAN or LAN side. It wouldn't provide IP addresses via DHCP and it was no longer accessible from either the LAN or WAN side by HTTP. I had to power the router off and on. I tried again with the same results. Even for a router designed primarily for home use, having to power the router off and on frequently could irritate other family members and, if it was used in a small office, users would likely find any tendency to stop responding aggravating.

[/hardware/network/router/belkin] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo