I tested a Belkin Wireless G Router Model F5D7230-4 router that I had purchased for home use by my mother-in-law, but later replaced with a Linksys wireless router after she had a network access problem that I traced to the Belkin router not responding. I thought I might be able to use it to isolate and test systems that I suspected were infected with malware.
The version information for the router I tested is shown below:
|Hardware version:||F5D7230-4 6000|
The Belkin F5D7230-4 router has a security logging feature that shows a "system log" and a "firewall log", but the logging capabilities provided by the router are extremely limited. There's no way to have a log transmitted by email or for log information to be transmitted from the router by syslog. And the information logged is very rudimentary.
The example below shows entries in the system log for attemnpts I made from a system at 192.168.2.4, which was on the WAN side of the router, to login with an incorrect password, from a system that wasn't allowed to remotely manage the router. The entries in the firewall log section are from an nmap scan I ran against the router from a system on the WAN side of the router.
The router provides the capability to set "client IP filters" that allow one to limit outbound access through the router from systems on the LAN side of the router. You can specify an IP range and port range to be blocked and whether the block should apply only during specified days of the week and times or whether the block should always apply. And you can easily enable and disable a block. Using that capability you can limit outbound email access to only certain systems, etc.
There is also a "Parental Control" feature. Belkin states "Belkin's Parental Control protects you and your children/employees from objectionable content on the web. Parental Control comes pre-configured to block many types of web content, but is custom configurable to be more or less restrictive. Any web site can easily be set to be either, always blocked, or always allowed." That feature requires a subscription to Belkin's parental control service.
I had hoped that, if I specified a port block in the client IP filters section, I would see firewall log entries, if a system on the inside of the router attempted to access a system on the outside on a blocked port. Alas, no entries appear in the firewall log in such cases. For me, that makes the firewall logging capability provided by the router too limited to be of much value. I'd have to put a real firewall in front of it.
And for rating its security, you can access a lot of information from the router without even logging into it. If you use your web browser to access the router you can see the following information without logging into the router:
|Version Info||LAN Settings|
|Firmware Version||LAN/WLAN MAC|
|Boot Version||IP Address|
|Hardware (model number)||Subnet Mask|
|Serial No.||DHCP Server (enabled/disabled)|
|WAN MAC Address||NAT (enablded/disabled)|
|WAN IP||Security (enabled/disabled)|
If the router is going to be used strictly for home use, making that information so readily available may not be a big concern, since, hopefully, family members connected by cables to the router can be reasonably trusted. Hopefully, wireless protection has been activated, so that no one can easily access the device, since providing all of that information so readily then could make an attacker's job much easier.
In addition to the lack of logging functionality, I have concerns regarding the router's reliability. I replaced it at my mother-in-law's house after she had some problems printing via the wireless interface in her laptop. I traced the problem to the Belkin router not responding. Powering the router off and on resolved the problem, but this happened a couple of times and I thought it best to replace the router. I also encountered problems with the router not responding when I tested it. The problems occurred within just a few minutes of testing. While logged into the router from a system on the LAN side, I tried accessing it from the WAN side from a system permitted to manage the router. I wanted to see what be logged if I entered the wrong password from that system. Well, the router simply stopped responding completely. I couldn't even ping it from either the WAN or LAN side. It wouldn't provide IP addresses via DHCP and it was no longer accessible from either the LAN or WAN side by HTTP. I had to power the router off and on. I tried again with the same results. Even for a router designed primarily for home use, having to power the router off and on frequently could irritate other family members and, if it was used in a small office, users would likely find any tendency to stop responding aggravating.