Upgrades needed if old router functions as needed?

A

aliaskary77

Limp Gawd
Joined
Dec 18, 2006
Messages
439
I have a Netgear WNDR3700 v1, probably 8 years old I think.
My ISP connection is 200/50.
Wirelessley and gigabit ports, this router serves my purpose.
I have the latest firmware, which I think is close to 6 years old if i go by the file date on the firmware.

I have SSID visible, but have MAC filter list for approved wireless devices and WPA2.
Remote console is disabled.

If it serves my purpose, should I still consider getting it upgraded as it may not protect me from all the new attacks?

I wanted newer Asus or Netgear routers but they are close to $200 plus so I always back out as I dont really NEED the additional wifi speed. My high internal bandwidth machines are connected wired via gigabit ports. iOS devices and wifes laptop are only ones on wireless.

Thoughts and suggestions?
 
Is NetGear still providing regular firmware update for that router? That would be my biggest concern. NetGear hasn't exactly had a great record with security lately.
 
nope, from everything I can see, the last firmware was released in 2011. I didn't realize it had been that long till I wondered about it today and double checked and was shocked. I thought at most 2 years ago.

everything runs super smooth with it, so its more of security concern, not a performance issue.
 
Last edited:
if i should be replacing, i am now leaning towards this: NETGEAR R7000 Nighthawk AC1900. Last firmware was a few days ago. Don't know how old the model is but seems to be the only revision so far.
 
aliaskary77 said:
nope, from everything I can see, the last firmware was released in 2011...
Click to expand...

I would be replacing that soon. Don't really have recommendation because I've been running a pfSense firewall for a few years now.
 
KRACK is a client-side vulnerability. Upgrading to a new access-point / router means nothing if your client devices are still unpatched.

The WNDR3700 may not be getting updates from Netgear anymore, but it is still fully supported by DD-WRT. I run two WNDR4500, one WNDR3700, and one WNDR3400 across my property, all running current versions of DD-WRT. By current, I mean only like 7 days old... I doubt even brand-new Netgear routers have firmware that current.

Follow the guide here to put DD-WRT on the WNDR3700: http://www.dd-wrt.com/wiki/index.php/Netgear_WNDR3700
 
I would tend to stay with what you have if it's working well for you.
You are doing MAC filtering with the WPA2, so you're not an easy target.

That said, those Netgear R7000 boxes are nice.
That's what I'm currently installing for customers.

.
 
awesome, thanks.

I have considered pfsense before, never looked into it too far.
Will have a look at DD-WRT again, and if not. the R7000 may be the way to go.

Have not looked into the details other than firmware fix needed against KRACK, but didn't look at how it affects each part in the chain: router, computers, mobile devices and tablets.
 
There are plenty of other vulnerabilities other than KRACK that old NetGear is probably vulnerable to.
 
ok went to the stores to see what's in stock

Nighthawk R7000 CDN$189 clearance
Asus RT-AC87U CDN$147 clearance
D-Link DIR-885L CDN$227

Will try DD-WRT Saturday morning, if things don't look good (I have version 1 of the WNDR3700), will run out and get one of these.

prices all close enough to consider all. opinions? reviews are all around the same.
 
Last edited:
If the client machines are current on patches, probably not much to worry about wifi security wise. Far more likely they will be compromised by ad-malware. Before buying a new router, do your homework on your possible purchase. You don't want to buy a new device only to discover it DOES have a known security flaw. WPS is a common attack vector. Also check out the edge security features. Some have more then others.
 
I installed dd-wrt. it shows version 24 sp2, but the build was from 2013!! I thought the file date of September 2017 would mean its fairly new. I ended up restoring latest factory firmware for now and reloaded saved config till I figured things out.

is there no newer dd-wrt firmware for it? am I reading the wrong date?

If its that old, not sure if it makes sense going to dd-wrt and just go out and get something newer.


edit: I see the folder path for the links going through beta, 2017, then by month. but firmware installed shows a 2013 date. aarrrggghh!!
 
Last edited:
KRACK is bad but way over blown....unless you have an Android device. Yes, it is a network device (router, AP, etc...) issue along with being an operating system issue.

I will caveat the following by saying if you have an Android device running OS 6.0+, you are at the mercy of your provider for an update and I believe 11/6 is the date Google said it would have the OS patched.

If you have Windows, Linux, or MAC OS that is supported and updated, you are patched. If you are using encryption for all of your Internet activity, there is not much to be overly concerned about from the privacy perspective.

MAC filtering helps but does not mean not susceptible. MAC spoofing can be done. Not saying it is trivial but possible and more likely to be effective in conjunction with Android devices (IMO).

Reality - at home, with the possible exclusion of apartment complexes or other mass dwellings, the odds of someone trying this on you are slim to none.

My biggest recommendation to people is to quit using free Wi-Fi at Starbucks, airports and other mass locations. Google Wi-Fi pineapple...it's easier to do and so much more effective.
 
KRACK was just one thing that got me thinking about using a router with 6 yr old firmware. I didn't really think that I could be susceptible to other forms of attacks, mostly all the pinging and probing that happens thousands of times an hour. I am in an apartment and can see 20 or so wifi around. I'm less worried about advances in wireless attempts, more so coming through the modem.

after post 13, I happen to research and came across this site: https://www.routersecurity.org/checklist.php seems like pretty good, and used it to configure some more settings on the netgear firmware. I checked shields up and getting all green.

no android other that bluestack on the win 10 machine.
 
If the point of getting a new router is security, then you'd need to move into the realm of UTM units as nothing newer will do anything different. Also, most malware is targetted at current hardware and software. When you're running ancient stuff that people haven't seen in a decade, the malware of that era is also ancient (check for windows 95 on https://nvd.nist.gov/ and www.cvedetails.com/product/112/Microsoft-Windows-95.html?vendor_id=26 and you'll find nearly nothing this decade).
 
aliaskary77 said:
I installed dd-wrt. it shows version 24 sp2, but the build was from 2013!! I thought the file date of September 2017 would mean its fairly new. I ended up restoring latest factory firmware for now and reloaded saved config till I figured things out.

is there no newer dd-wrt firmware for it? am I reading the wrong date?

If its that old, not sure if it makes sense going to dd-wrt and just go out and get something newer.


edit: I see the folder path for the links going through beta, 2017, then by month. but firmware installed shows a 2013 date. aarrrggghh!!
Click to expand...


This is the version of DD-WRT for your router that was released today (10/25/17): https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2017/10-25-2017-r33607/netgear-wndr3700/

Since you already have DD-WRT installed on your router, you only need to:

1. Download the "webflash" version of the firmware I linked to above.
2. Reset the router to default settings.
3. Log back into the router, go Administraton/Firmware Update
4. Click the "Browse" button and select the firmware you just downloaded in step 1.
5. Select "Reset to default settings" in the dropdown above the "Browse" button.
6. Click Upgrade, wait a few minutes
7. Router should be upgraded! Now put all your settings back in.

** DO NOT RESTORE SETTINGS FILE FROM OLD FIRMWARE VERSIONS ** Doing so might cause bad things to happen. Re-enter your settings manually.
 
thanks. yes i noticed the beta firmware by dates. the september one i installed showed a 2013 firmware date which threw me off.
entering in settings each firmware update is time consuming though, but i guess thats the life of the tinkerer.
 
Damn, I haven't messed around with DDWRT since my old Linksys WRT54GS. I think I finally through out the last of those old Linksys routers.

I really liked DDWRT.
 
Opinions differ a lot over resetting to default before upgrading. The official line is "always reset", but if you look around on their forms it seems like a lot of people don't.

You could try backing up your settings first, resetting to defaults, flashing the new firmware, and restoring the backup. If that doesn't work you'll just have to manually reset the router using the reset button and putting everything in manually.
 
TheSmJ said:
Opinions differ a lot over resetting to default before upgrading. The official line is "always reset", but if you look around on their forms it seems like a lot of people don't.

You could try backing up your settings first, resetting to defaults, flashing the new firmware, and restoring the backup. If that doesn't work you'll just have to manually reset the router using the reset button and putting everything in manually.
Click to expand...
This is interesting as most netgear fvs and cisco rv series routers have this same issue with saved settings. In fact, the official instructions is identical to the one posted above about defaulting, not restoring settings, and rebuilding from scratch.
 
You must log in or register to reply here.
Back
Top