ASUS RT-N66U Firmware version 3.0.0.4.376.3657

[wouterv]

I suppose KevTech referred to a default router, resulting in dhcp-lease-max=253.

[dhcp-lease-max] should ideally be:
[IP Pool Ending Address]-[IP Pool Starting Address]+[number of Manually Assigned IP addresses]
Maybe easier to leave it fixed to 253.

For what the manual is worth, it states: The ASUS Wireless Router can support up to 253 IP addresses for your network.
That is not related to what DHCP can handle.

Anyway:

1. What is the firmware version you are using?
2. If your wifi gets "cracked", do you really think hackers require a DHCP address to get in your router?
3. The best protection against hacking of your wifi is to set the Authentication Mode to WPA2-Personal, the WPA Encryption to AES and choose a strong WPA Pre-Shared Key. Untill today this has not been broken.
4. How often do you (need to) reset your router?

 

[Greg_Hope]

[dhcp-lease-max] should ideally be:
[IP Pool Ending Address]-[IP Pool Starting Address]+[number of Manually Assigned IP addresses]
Maybe easier to leave it fixed to 253.

For what the manual is worth, it states: The ASUS Wireless Router can support up to 253 IP addresses for your network.
That is

Anyway:

1. What is the firmware version you are using?
2. If your wifi gets "cracked", do you really think hackers require a DHCP address to get in your router?
3. The best protection against hacking of your wifi is to set the Authentication Mode to WPA2-Personal, the WPA Encryption to AES and choose a strong WPA Pre-Shared Key. Untill today this has not been broken.
4. How often do you (need to) reset your router?

[/QUOTE]

Firmware is 376_3754

I think the lack of dhcp adddress makes it harder, and is a reasonably easy measure to implement. It should stop the script kiddies who run up a cracking app from the web, but yes, any network engineer should blow past it

The password that was cracked was wpa2, aes, and the password at the time was over 20 characters long, but had not been changed in years. I was changing monthly since then but down to quarterly at present. Current risk profile is lower (unlimited cap whereas last time, they blew through 90 of my 100g in 20 hours, and once the limit was hit, it was obvious what had happened.
I noted the crackers hit a number of local ssids, but that was over a year ago, and have not seen any obvious indications lately - maybe they moved or maybe we all got better at changing our keys

I don't fiddle with the router that often - monthly? - but having to remember to change the setting is annoying. It is also not clear if the setting is read once at boot - in my fishing around, I saw a note somewhere about restarting the dhcp service, so I assume this would be required. I also noted that I could hack around in /mnt/

I am an old Unix hacker, strong in solaris, basically ok with Linux and bsd, have moderate network skills and a working knowledge of firewalls, and could run wrt, but mostly, I just expect the router to work. Learning router skills to work around a dumb bug seems overkill to me, I would rather keep playing with solaris

 

[RMerlin]

[dhcp-lease-max] should ideally be:
[IP Pool Ending Address]-[IP Pool Starting Address]+[number of Manually Assigned IP addresses]
Maybe easier to leave it fixed to 253.

What I did in my firmware is to use either 253 or the pool size, whichever being the largest of the two. So people using a /16 subnet will be (in theory) able to allocate more than just 253 leases (tho if you have that many devices, stop using home gateways and get a business-oriented device IMHO). Anyone else will get 253.