Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
You have a Linksys Etherfast Cable / DSL
router and are having problems with:
Upgrading router firmware can sometimes cause more problems than it fixes!
Here are a few lthings to consider before you click that "Upgrade"
Check the Readme or other information that describes what the firmware
will do before you do the upgrade. If you don't need new features and
your product is happily doing it's job... leave it alone and don't
perform the upgrade!
If you do need the upgrade, first download a copy of your
existing firmware revision, or the closest earlier revision
available. You may need it in case something doesn't work right with
the new firmware.
Latest Linksys Router Firmware [All firmware can be downloaded from this
page unless otherwise noted]
BEFSR11 Updated: 11/7/01
RELEASED 1.40.2 filename: befsr-fw1402.zip [download]
Supports enhanced Internet security using ZoneAlarmPro TM and
BEFSRU31 Updated: 9/26/01
RELEASED 1.40.1 filename: befsr-fw1401.zip [download]
Linksys provides Firmware updates for the router in a Windows self-extracting
zip file (.exe extension). Although this file can be expanded via
Stuffit Expander (you may have to change the .exe extension to
.zip to get Stuffit to work its magic) to get the CODE.BIN
file that contains the firmware, the Windows-based TFTP client that's
included with the update won't be of much use on your Mac.
There are multiple ways to upgrade the Linksys firmware with a Mac-only
Use Kem Tekinay's MacTFTP Client.
(This will work no matter what firmware revision your router has.)
Use the built-in Java upgrade client.
(This will work only if your router has V1.22 firmware or higher already
TFTP method Kem Tekinay of MacTechnologies Consulting has written
MacTFTP Client. This little shareware gem is a TFTP client
that supports both Send and Receive to and from any TFTP server.
You just input the IP address of the TFTP server, type in the server's
password (if needed), select the file you want to transfer and hit the
Start button. The program is free for 30 days, after which you'll need
to register. Go
here to download MacTFTP.(Thanks go again to John Strung for
Java Upgrade Client
method Once you get the V1.22 upgrade
into the router, you won't have to hassle with a TFTP client again.
The V1.22 upgrade includes a Java-based upgrade page.
But, MacOs users who try to use the V1.22 firmware's built in Java update
page with Internet Explorer 5.0 or higher will probably find that it won't
work. Reader John Strung reports that you can get around this problem
by using Apple's Applet Runner to execute the Java applet instead
of the IE5.0 Java engine. Here's what you do: NOTE:
You must have V1.22 firmware or higher already loaded in the router in
order to follow these instructions!
If you don't have the Applet Runner, download the
MacOS Runtime for Java package. Version 2.2 for MacOS 8.1
or higher is located here.
Open the Applet Runner and unrestrict security settings
in the Applet Runner's preferences panel.
Download and uncompress (using Stuffit Expander 5.0
or higher) the firmware .exe file from the Linksys FTP site.
(You might have to change the extension from .exe to .zip to get
it to expand.)
Move the CODE.BIN file in the expanded folder to the
Type http://192.168.1.1/Upgrade.htm into the
Location box in the Applet Runner. (If you changed the default
address of the router, change the 192.168.1.1 to the address
that you assigned to the router.)
After the upgrade completes, remember to reboot your
router and restore any special settings.
Updating Firmware with a Linux/Unix
Here are the Linux/Unix commands to upgrade the router
(thanks to Jean-Christophe Hugly for the info!)
You will need to temporarily remove any admin password from the router
before upgrading the firmware. (Linux tftp doesn't embed the password
in the tftp WRQ (write request) packet as the Linksys requires.)
Restore the password after you've completed the upgrade.
This assumes the CODE.BIN file is in the current directory.
tftp <the fire wall IP Address>
Or instead of removing the password, you can try this command:
put CODE.BIN CODE.BINoctetpassword
where password is replaced by your router's password.
(Thanks to Ben Galliart for this tip!)
Or you can patch the Linux TFTP program. You can download
a patch from here
against tftp-0.16-5.src.rpm, courtesy of Jan Vilhuber.
Updating Firmware with a OS/2
(Thanks to Jean-Claude Desinor for the info!)
I have been using 1.35 with an OS/2 machine.
The procedure is the same as for Linux/Unix:
1) Temporarily remove the password through the Administration Web Pages
2) Exit your WEb browser
3) Go to the directory where the code.bin file is located
4) Type "tftp router's_address>" to start tftp and connect with the
5) Type "mode binary" to get into binary mode
(If you want to see the packets being sent, type "verbose")
6) Type "put code.bin" to upload the code
7) Type "quit" to go back to the command prompt.
REMEMBER TO REINSTALL A PASSWORD!!!!
Firmware upgrade tips
The following tips may help you with the firmware upgrade process:
It's a good idea to download a copy of the existing
version of your firmware from the Linksys
FTP site, so that you can restore it in case something goes
wrong with the newer version of firmware that you are trying to load.
If you can't find your exact version, just download the latest released
version. If the Linksys FTP server is down, use the 1.30
version from here (this is the entire 1.8MB self-extracting
Does the upgrade program successfully finish, but
you can't bring up the Admin page?
Try backing off to the previous version of firmware and use the
"Advance" button on the Upgrade Firmware program and set it to
send Filename with path, and change the Initial delay
to 1000ms. (Thanks to Timothy R. Davis for the tip.)
The TFTP upgrade server is burned into the ROM of
the router, and can't be erased. If something goes wrong
with the upgrade and you get the dreaded steady "Diag" light
on the router, just repeat the upgrade.
If you are having a NIC connection problem, you may
have an upgrade fail and not be able to resurrect the router.
Either connect the router to another computer with a different
NIC, or connect a hub between your computer and the router
(don't connect "Uplink" to "Uplink", connect "Uplink
to a NORMAL port), and retry the upgrade.
You might have a problem upgrading or logging into
the router if you use too strong
a password. Some versions of the firmware are
reported to have problems with mixed upper & lower case letters,
or with characters other than numbers and letters. Some users
have been able to use their password successfully on the router, but
have it fail when trying to use the TFTP upgrade client.
We recommend trying to use as strong a password as possible, but if
you have problems, try using a simpler password. You should
also stay away from the characters "/" and "\"
in your passwords, keep the length under 39 characters, and do
not use any spaces in the password (your browser will translate
the space character to '+').
Some firmware versions reset the password to "admin",
so try that if your normal password doesn't work.
If you still have problems upgrading due to getting
your password rejected, try entering a blank password, then
try the upgrade. Be sure to restore your password after you've
Here's a copy of the installation
instructions (Readme.doc) file that comes with the upgrade file:
How to upgrade the BEFSR41 Firmware
The firmware on the EtherFast Cable/DSL Router (BEFSR41)
has a 512KB flash
chip that can be upgraded with a new firmware. Please read the instructions
below to upgrade the firmware.
1. Double click on Tftp to install the Upgrade Firmware software.
Follow the screen and accept the default settings by clicking on
Next a few times, then click on finish to finish the installation.
2. Click on Start, Programs, Upgrade Firmware, then click
on Upgrade Firmware. You should see the screen below.
3. The following option is available.
Server- Enter the IP Address of the BEFSR41 that you assigned. By
default, the router is 192.168.1.1 as shown above.
Password- Enter the password you assigned the router. By default,
the router’s password is “ADMIN”.
File- Click the triple “…” button to browse for the code.bin that
was part of the extracted file you downloaded. In the example, the
code.bin was extracted on the Windows desktop.
4. Click Upgrade button to start upgrading. A progress bar
should show up to
show the progress.
Upgrade is complete.
Reviving a "dead" Linky
If you follow this procedure, you should be able to successfully load
firmware into your router, even if you think you've tried everything.
Follow the steps exactly and don't skip any! [Thnx to Mike Ronayne & Linksys!]
To reload the firmware when an upload fails or when the red error light
is blinking, do the following:
1) Set a static IP Address on the Windows PC as following:
IP Address: 192.168.1.50
2) Make sure that you can execute the DOS command: "PING
3) Make sure that the file name of the firmware code, given
to TFTP.EXE, is "code.bin". RENAME the firmware
file if you have to.
4) Try passwords in this order:
First: Try a blank password,
Second: Try "admin" (don't enter the quotes)
Third: The password you assigned previously
5) After successfully uploading the firmware, press the Reset
button to clear memory and select default settings.
6) Reconfigure the LinkSys as required to support your Broadband
Another reader suggested a simpler method for reviving Linky:
1) Press and hold the Reset button for about 30 seconds
Remove power. Wait about 5 seconds. Reapply power.
Linky should now be restored to factory default settings
and you should be able to load firmware using the default password admin.