From DD-WRT Wiki
Jump to: navigation, search
DD-WRT is easily the biggest player when it comes to open-source router firmware. They’ve been around for long enough to establish themselves, and they support more routers than anyone else. There are even people selling routers with DD-WRT already flashed on them. It’s pretty safe to say that flashing DD-WRT on most routers is a. Open a web browser and go to 192.168.1.1 to get to the DD-WRT control panel (If your computer doen't use DHCP to get its IP address automatically, you'll have to set the IP address to the same. Huawei Hg8245 Dd-Wrt Rating: 7,2/10 6239 votes Posted: Tue Apr 07, 2015 17:32 Post subject: Huawei Echolife hg8245h Hi good people of dd-wrt. I wanted to know if i could turn my modem, Huawei Echolife hg8245h, into a wifi extender using dd-wrt software.
Wiki Path: DD-WRT Wiki Main / Tutorials / Linking Routers / Universal Wireless Repeater
THIS IS BROADCOM ONLY!
|
![Huawei Huawei](https://s3.publi24.ro/vertical-ro-f646bd5a/extralarge/20170715/1033/c72dd91cf6a1c3885f559d82383824d9.jpg)
A repeater is just a very normal client which, at the same time, can also be an access point, independent of the SSID and type of encryption used.
THESE ARE NOT THE INSTRUCTIONS FOR CREATING A REPEATER OR A REPEATER BRIDGE which is the normal way to link routers. These are OUT OF DATE instructions for creating a special UNIVERSAL repeater as explained below, not for linking the routers you own. See the wiki on linking routers if you wish to connect two routers in your home. That is NOT what these instructions are for! If you are in the wrong place, click here: Linking Routers
This How-To provides step-by-step instructions for creating a Universal Wireless Repeater appliance: a device that you can place anywhere and it will wirelessly repeat the strongest signal, onto another wireless network (with or without security). This functionality is also known as Wireless Client Bridge, or Range Extender. Unlike WDS, once you have this appliance setup, it will work with any open network.
Architecturally the repeater connects to another wireless router as a client, getting a single IP address via DHCP. Effectively the SSID network it connects to becomes your ISP. Therefore you (the client) will operate in your own IP address space, which is different from address space the repeater connects to.
For example:
In a given neighborhood, there are 3 open access wireless networks, jojo, linksys and internetmad. The repeater automatically receives an IP address from jojo. Let's say jojo is using 192.168.1.0/24, and your DDWRT router receives the address 192.168.1.139. The repeater is configured to use 172.16.100.0/24. From your laptop, you associate with the SSID 'repeater' and you receive the address 172.16.101.100 via DHCP. As far as your laptop is concerned you are talking to repeater. As far as repeater is concerned, its gateway is 'jojo' and jojo probably has another gateway via cable modem or DSL.
[edit]Prerequisites
- Know how to use and access Web Interface
- Know how to flash your device.
It takes me just a couple minutes to follow these instructions (but I've done this before).
1. Install latest DD-WRT v24 release candidate (but not RC6.2! v23 doesn't support repeater modes).
- Visit the UWR forum for test results on firmware versions.
- Keep ethernet cable connected for these instructions (to have connectivity across wireless network changes).
- NOTE WRT54GS v4 and WRT54GL-Will need to be flashed with the MINI GENERIC bin 1st.Otherwise you will brick the router and have to tftp the Linksys bin to recover. Windows, use Internet Explorer as Firefox 2.0.0.4 does not handle the new DD-Wrt v24beta interface well.
2. Go to tab 'Setup', sub-tab 'Basic Setup':
- Change 'local IP address' to a unique subnet (different than device you wish to repeat), such as 192.168.69.1.
- Save settings. (on the new V24 (since 07/04/07).use the 'APPLY' button)
3. Java rxtx usb serial ch340. Point your browser to the new IP address you chose in the previous step. Go to tab 'Security', sub-tab 'Firewall':
- Uncheck all check boxes and set firewall to 'disable'.
- Save settings. (on the new V24 (since 07/04/07).use the 'APPLY' button)
4. Go to tab 'Wireless', sub-tab 'Basic Settings':
- Set Wireless Mode to 'Repeater'
- Under 'Wireless Physical Interface', set 'Wireless Network Name (SSID)' to the network you wish to repeat. Set Network Configuration to 'Bridged'.
- Click on 'Save Settings' ('Virtual Interfaces' section does not appear until you save the changes)
- Click on 'Add' under 'Virtual Interfaces', and enter an SSID (such as 'repeater'). AP Isolation is 'disabled' and Network Configuration is 'Bridged'.
- Optional: Set Wireless Channel to 'Auto' (or your preferred channel).
- Click 'Save Settings'. (on the new V24 (since 07/04/07).use the 'APPLY' button)
[EDIT-Redhawk] - If the host AP settings Wireless>>Basic Settings>>Wireless Network Mode is set to 'G-only' then your repeater must also be set the same way.otherwise you will not make the connection from the repeater side - 09/22/07
5. To repeat any network dynamically (make this a universal wireless repeater), the following will make the repeater connect to the first available SSID:
- Go to tab 'Administration', subtab 'Command'.
- Copy and paste the following into the edit box:
Huawei Hg8245 Dd Wrt Download
- Click the Save Startup button.
- Note: this will not automatically repeat secure/encrypted networks. If your source network uses WEP or WPA, enter the ssid under the Physical Interface in step 4 instead, and proceed to the next step.
6. You may use security (WEP, WPA, etc) in repeater mode. Coldplay spotify session london download. An example application of this would be to make the repeated network private (for your use only).
- Go to tab 'Wireless', sub-tab 'Wireless Security'.
- Setup WEP (or other security) under virtual interface.
- Configure your client/computer to use the same security.
- Notice in the screenshot above you may also configure security for the physical interface (source) network if you wish to repeat a secure network. In the example this is disabled. If you enable this, the dynamic repeating functionality may not work (since you're hard configuring the source network).
7. The first time you connect to the repeater (wirelessly), or after disconnect, you may need to perform a 'repair wireless network connection'. For example, in XP, right click on the wireless icon and select 'Repair'.
[edit]Optimizations
8. If you wish to dynamically repeat the STRONGEST signal (a more sophisticated version of #5 above) please read the AutoAP Wiki Article.
- AutoAP is a script that continuously scans for open wifi connections, tests them for validity, and connects to the strongest signal. If the connection is lost, the script scans again and finds the strongest valid signal again, and maintains a continuous connection to the internet in a mobile or portable environment. The script paremeters are highly configurable, including ability to configure secure connections.
9. For optional repeater performance enhancements:
- Go to tab 'Wireless', subtab 'Advanced Settings'. Set 'Preamble' to 'Short'. Set 'Xmit Power' to higher than default (I use 200). Click 'Save Settings'. (on the new V24 (since 07/04/07).use the 'APPLY' button)
Also take note of the fact that all repeaters, including this Universal Wireless Repeater mode, will sacrifice half of the bandwidth available from the primary router for clients wirelessly connected to the repeater. This is a result of the repeater taking turns talking to not just one partner, but to two, and having to relay the traffic between them. As long as your bandwidth requirements are within this halved bandwidth amount there will be little or no reduction in 'speed'.
- Repeater modes are broken in v24 RC6. Pick another version, such as RC5 or RC7+
- If you are having problems getting repeater mode working, first setup Client Mode or Client-Bridged Mode as a test. Once you have client mode working, then switch to repeater mode (keeping all your other settings) - verify its still working, and then add the virtual interface(s).
- The first time you connect to the repeater (wirelessly), or after disconnect, you may need to perform a 'repair wireless network connection'. For example, in XP, right click on the wireless icon and select 'Repair'.
- If your router has two different antenas and you are having high packet loss, it can help to remove the second antena.
- Visit the UWR forum for latest information on features and issues.
Huawei Hg8245h Manual
- There is some discussion on the Repeater Bridge page on wireless security shortcomings . This seems to be equally applicable to the Universal Wireless Repeater .
- There are some notes and downloadable files available on Both Repeaters which may help in troubleshooting.
- On WRT54G v5 select assign wan port to switch apply settings then hard reboot by way of power plug.
- Setting ACK Timing to 0 on my Buffalo WHR HP G54 with DD-WRT v24 (05/24/08) std
(SVN revision 9526) disables network sharing between WinXP computers.
Your testing results and enhancements are appreciated:
- For contributions to UWR: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=42375
- For contributions to AutoAP: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=6575
Retrieved from 'http://wiki.dd-wrt.com/wiki/index.php/Universal_Wireless_Repeater'
Two weeks ago, officials in the private and public sectors warned that hackers working for the Russian government infected more than 500,000 consumer-grade routers in 54 countries with malware that could be used for a range of nefarious purposes. Now, researchers from Cisco’s Talos security team say additional analysis shows that the malware is more powerful than originally thought and runs on a much broader base of models, many from previously unaffected manufacturers.
The most notable new capabilities found in VPNFilter, as the malware is known, come in a newly discovered module that performs an active man-in-the-middle attack on incoming Web traffic. Attackers can use this ssler module to inject malicious payloads into traffic as it passes through an infected router. The payloads can be tailored to exploit specific devices connected to the infected network. Pronounced “essler,” the module can also be used to surreptitiously modify content delivered by websites.Huawei Hg8245 Change Password
Besides covertly manipulating traffic delivered to endpoints inside an infected network, ssler is also designed to steal sensitive data passed between connected end-points and the outside Internet. It actively inspects Web URLs for signs they transmit passwords and other sensitive data so they can be copied and sent to servers that attackers continue to control even now, two weeks after the botnet was publicly disclosed.
To bypass TLS encryption that’s designed to prevent such attacks, ssler actively tries to downgrade HTTPS connections to plaintext HTTP traffic. It then changes request headers to signal that the end point isn’t capable of using encrypted connections. Ssler makes special accommodations for traffic to Google, Facebook, Twitter, and Youtube, presumably because these sites provide additional security features. Google, for example, has for years automatically redirected HTTP traffic to HTTPS servers. The newly discovered module also strips away data compression provided by the gzip application because plaintext traffic is easier to modify.
All your network traffic belongs to us
The new analysis, which Cisco is expected to detail in a report to be published Wednesday morning, shows that VPNFilter poses a more potent threat and targets more devices than was reported two weeks ago. Previously, Cisco believed the primary goal of VPNFilter was to use home and small-office routers, switches, and network-attached storage devices as a platform for launching obfuscated attacks on primary targets. The discovery of ssler suggests router owners themselves are a key target of VPNFilter.
“Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”
While HTTP Strict Transport Security and similar measures designed to prevent unencrypted Web connections may help prevent the HTTP downgrade from succeeding, Williams said those offerings aren’t widely available in Ukraine, where a large number of the VPN-infected devices are located. What’s more, many sites in the US and Western Europe continue to provide HTTP as a fallback for older devices that don’t fully support HTTPS. Parable of the patch and wine skins in scripture.
(Much) bigger attack surface
Talos said VPNFilter also targets a much larger number of devices than previously thought, including those made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. The malware also works on new models from manufacturers previously known to be targeted, including Linksys, MikroTik, Netgear, and TP-Link. Williams estimated that the additional models put 200,000 additional routers worldwide at risk of being infected. The full list of targeted devices is:
Asus Devices:
RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)
RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)
D-Link Devices:
DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)
DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)
Huawei Devices:
HG8245 (new)
HG8245 (new)
Linksys Devices:
E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N
E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N
Mikrotik Devices:
CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)
CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)
Netgear Devices:
DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)
DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)
QNAP Devices:
TS251
TS439 Pro
Other QNAP NAS devices running QTS software
TS251
TS439 Pro
Other QNAP NAS devices running QTS software
Huawei Hg8245 Dd Wrt Setup
TP-Link Devices:
R600VPN
TL-WR741ND (new)
TL-WR841N (new)
R600VPN
TL-WR741ND (new)
TL-WR841N (new)
Ubiquiti Devices:
NSM2 (new)
PBE M5 (new)
NSM2 (new)
PBE M5 (new)
Upvel Devices:
Unknown Models* (new) Star wars 4k77.
Unknown Models* (new) Star wars 4k77.
ZTE Devices:
ZXHN H108N (new)
ZXHN H108N (new)
Incredibly targeted
Wednesday's Talos report also provides new insights into a previously found packet sniffer module. It monitors traffic for data specific to industrial control systems that connect over a TP-Link R600 virtual private network. The sniffer module also looks for connections to a pre-specified IP address. It also looks for data packets that are 150 bytes or larger.
“They’re looking for very specific things,” Williams said. 'They’re not trying to gather as much traffic as they can. They’re after certain very small things like credentials and passwords. We don’t have a lot of intel on that other than it seems incredibly targeted and incredibly sophisticated. We’re still trying to figure out who they were using that on.”
Wednesday’s report also details a self-destroy module that can be delivered to any infected device that currently lacks that capability. When executed it first removes all traces of VPNFilter from the device and then runs the command “rm -rf /*,” which deletes the remainder of the file system. The module then reboots the device.
Despite the discovery of VPNFilter and the FBI seizure two weeks ago of a key command and control server, the botnet still remains active, Williams said. The reason involves the deliberately piecemeal design of the malware. Stage 1 acts as a backdoor and is one of the few known pieces of router malware that can survive a reboot. Meanwhile, stages 2 and 3, which provide advanced functions for things such as man-in-the-middle attacks and self-destruction capabilities, have to be reinstalled each time an infected device is restarted.To accommodate for this limitation, stage 1 relies on a sophisticated mechanism to locate servers where stage 2 and stage 3 payloads were available. The primary method involved downloading images stored on Photobucket.com and extracting an IP address from six integer values used for GPS latitude and longitude stored in the EXIF field of the image. When Photobucket removed those images, VPNFilter used a backup method that relied on a server located at ToKnowAll.com.
Even with the FBI’s seizure of ToKnowAll.com, devices infected by stage 1 can still be put into a listening mode that allows attackers to use specific trigger packets that manually install later VPNFilter stages. That means hundreds of thousands of devices likely remain infected with stage 1, and possibly stages 2 and 3.
There is no easy way to know if a router is infected. One method involves searching through logs for indicators of compromise listed at the end of Cisco's report. Another involves reverse engineering the firmware, or at least extracting it from a device, and comparing it with the authorized firmware. Both of those things are out of the abilities of most router owners. That's why it makes sense for people to simply assume a router may be infected and disinfect it. Researchers still don't know how routers initially become infected with stage 1, but they presume it's by exploiting known flaws for which patches are probably available.
Steps to fully disinfect devices vary from model to model. In some cases, pressing a recessed button on the back to perform a factory reset will wipe stage 1 clean. In other cases, owners must reboot the device and then immediately install the latest available authorized firmware from the manufacturer. Router owners who are unsure how to respond should contact their manufacturer, or, if the device is more than a few years old, buy a new one.
Router owners should always change default passwords and, whenever feasible, disable remote administration. For extra security, people can always run routers behind a proper security firewall. Williams said he has seen no evidence VPNFilter has infected devices running Tomato, Merlin WRT, and DD-WRT firmware, but that he can't rule out that possibility.
Huawei Hg8245 Dd Wrt Settings
Two weeks ago, however, the FBI recommended that all owners of consumer-grade routers, switches, and network-attached storage devices reboot their devices. While the advice likely disrupted VPNFilter’s advance and bought infected users time, it may also have created the mistaken belief that rebooting alone was enough to fully remove VPNFilter from infected devices.Tomato Firmware
“I’m concerned that the FBI gave people a false sense of security,” Williams said. “VPNFilter is still operational. It infects even more devices than we initially thought, and its capabilities are far in excess of what we initially thought. People need to get it off their network.”