linsys_54wrt

8/7/2019 Linsys_54wrt

1/9

Turning a Linksys WRT54G into more than just a Wireless Router

Simon InnesSchool of Computer and Information Science

Edith Cowan [email protected]

Abstract

This paper will discuss and analyse the ability of a Linksys wireless router to become an extremely usefulwireless tool. It will analyse the default setup for a Linksys WRT54G and its capabilities. It will then discuss 3rdparty firmware available and the potential activities available using this firmware. The report will also discussseveral wireless tools, demonstrate them running on the router and discuss their potential uses. It will attempt tooutline the advantages and limitations of running different wireless tools on an embedded device. The testenvironment will consist of a Linksys WRT54G, a laptop equipped with 2 wireless cards and a PC connected tothe router via a wired port.

KeywordsWireless, WRT54G, Linksys, OpenWRT, Intrusion Detection

INTRODUCTION

One of the latest trends in technology and computer networking is the concept and implementation of wirelessconnectivity. People use wireless devices in homes and offices because of the added convenience andproductivity to tasks. As the technology emerges, more sophisticated devices are being designed and developed.Certain devices in particular give the user much control over the setup and utilization of the device. This paperwill look at the Linksys WRT54G and the way it can be changed into a powerful wireless device.

The WRT54G was the Linksys flagship 802.11G wireless router in 2004. It is called a wireless router because itis designed to carry out routing tasks between wireless devices and an internet connection. The WRT54G alsosports a 4-port switch which is useful when there is more than one wired device on a network. The routersupports all the features expected in a wireless device such as WEP key encryption, MAC Address filtering,NAT routing, VPN passthrough and a built in DHCP server. These are easily configured with a webadministration tool. Another noteworthy feature is the two external RP-TNC antenna ports that allow attachmentof different, stronger antennas.

In creating the WRT54G, the decision was made to run an embedded version of Linux on it along with otherGeneral Public Licensed (GPL) software. When open source developers were looking into the workings of theWRT54G, it was noticed that not all of the modified GPL code had been supplied. Developers attempted tocontact Linksys to obtain the code, which they were legally entitled to due to its licensing under the GPL. Thiscode included changes to the Linux kernel, changes to components such as iptables and changes to wirelesskernel modules. When Linksys eventually released their modified code, developers were able to look at, changeand add an unlimited number of enhancements and features. Some went as far as to create their own entire

firmware for the router to the exclusion of the majority of the included Linksys firmware. One such developmentwas OpenWRT (OpenWRT, 2005).

OpenWRT differs from other firmware available for the WRT54G because it does not attempt to be an allinclusive solution. For example, the Sveasoft (Sveasoft Incorporated, 2003) firmware called Alchemycomes complete with a collection of features that the Linksys firmware does not include, all of which areinstalled by default. With OpenWRT, upon loading the firmware, a very minimal Linux install occurs. From thispoint, it is, possible to download packages and modules to add the functionality desired. To some users, this mayappear excessive and inefficient; however the ability to customise is appealing and useful to many

Due to the limited storage space on a WRT54G, OpenWRT attempts to utilise the space effectively by storing thefirmware on a compressed Squashfs partition and set the remaining space as a JFFS2 partition to allow forstorage of new packages and configuration files. For a shell, OpenWRT uses Busybox.

Squashfs is a compressed file system that was designed for the sake of being a small, read only file system thatwould be used on devices with limited storage and a need for very small overhead. Squashfs can also be applied


2/9

to individual files for archival purposes as it is documented to outperform tar and gzip archiving. Squashfs is theideal choice of file systems for storing the firmware for the WRT54G as it allows the utilization of space forother modules and features which may increase the effectiveness of the device.

Journaling Flash File System, or JFFS2 is a file system created by the Swedish company Axis CommunicationsAB for use on flash devices. It is designed to manage files and space when operating on a device with limitedstorage. JFFS2 aims to have minimal file overhead, resulting in the utilisation of space more efficiently

elsewhere. This is an ideal choice for the WRT54G due to the space restrictions of the device.

Busybox (http://www.busybox.net) is a lightweight, customisable shell designed to run on embedded systems. Itis based on UNIX and GNU utilities to allow the user to create a familiar environment. Generally, the optionsavailable will be less extensive than the complete versions, primarily because they are deemed less useful and thespace may be more economically used elsewhere. Busybox can be customised at compile time to allow a user toadd and remove features as required. Busybox is effectively the shell interface users are presented with whenlogging onto a WRT54G running OpenWRT.

Installing the Firmware

Once the firmware has been identified, the next step is to obtain the firmware and install it. The WRT54G usedfor these tests is Revision 2.0. This can be identified by examining the serial number of the router. At thebeginning of the serial number are the characters CDF50D, where the 5 represents Revision 2.0. The firmware

was retrieved from the OpenWRT website (http://openwrt.org/ ) and the experimental binary was used. Theinstall process uses an exploit located in the Linksys web interface. On the web interface is a diagnostics pagethat allows the user to ping remote hosts. By issuing a ;in the area that allows the user to enter the target, Linuxfunction creates a new line, and any command may be entered. By redirecting the output of the command to /tmp/ping.log (e.g. ls la / > /tmp/ping.log) the output can be seen in the ping reply window once the commandhas finished. This is needed so that it is possible to switch on what is known as boot wait. This is an environmentvariable that tells the router how to proceed at boot time. Normally, the boot loader and firmware are loaded inrapid succession, however with this variable set, there will be a pause allowing new firmware to be installedusing tftp. Once this is done, a tftp client will need to be configured to point at the routers diagnostic address(192.168.1.1) and be set to retry sending the firmware, allowing it to continue to try and send until a connectionis made. Once this has happened, the router is rebooted and the new firmware will be automatically recognisedand installed.

Upon booting the firmware for the first time a jffs2 partition will be created from the remaining space on the

device. Once the lights on the router stop flashing (DMZ and power in particular), the router is ready for use. Bydefault, a telnet server is started which can be connected to. On first connecting, this screen will be displayed:

=== IMPORTANT ============================

Use 'passwd' to set your login password

this will disable telnet and enable SSH

------------------------------------------

BusyBox v1.00 (2005.05.25-20:30+0000) Built-in shell (ash)

Enter 'help' for a list of built-in commands.

_______ ________ __

| |.-----.-----.-----.| | | |.----.| |_

| - || _ | -__| || | | || _|| _|

|_______|| __|_____|__|__||________||__| |____|

|__| W I R E L E S S F R E E D O M

root@crankap:/#

It is stated in the OpenWRT documentation that the default telnet server has been purposely left without apassword to emphasise the insecurity of the telnet protocol. When first changing the password, telnet is disabledand ssh is enabled automatically.

An issue of note regarding the default install of OpenWRT is that there is no web interface by default. A packageis available called interface-wrt which provides basic configuration functionality. Some users prefer to simplyuse the command line.


3/9

On conclusion of the basic install, examine the file system layout to become familiar with the actual lack ofstorage space.

root@crankap:~# mount

/dev/root on /rom type squashfs (ro)

none on /rom/dev type devfs (rw)

/dev/mtdblock/4 on / type jffs2 (rw)

none on /proc type proc (rw)

none on /dev type devfs (rw)

none on /tmp type tmpfs (rw)

none on /dev/pts type devpts (rw)

root@crankap:~# df -h

Filesystem Size Used Available Use% Mounted on

/dev/root 1.0M 1.0M 0 100% /rom

/dev/mtdblock/4 2.2M 364.0k 1.8M 16% /

none 6.9M 12.0k 6.9M 0% /tmp

As is recognisable from this command, there is just less than 2 megabytes of flash memory left to installpackages to. There is also 7 megabytes of RAM to use for temporary storage. This will most likely be used for

log outputs.

The firmware also comes with several base packages installed:

root@crankap:~# ipkg list_installed

bridge - 1.0.6-1 - Ethernet bridging tools

busybox - 1.00-2 - Core utilities for embedded Linux systems

dnsmasq - 2.22-1 - A lightweight DNS and DHCP server

dropbear - 0.45-2 - a small SSH 2 server/client designed for small memory

environments.

ipkg - 0.99.145-1 - lightweight package management system

iptables - 1.3.1-1 - The netfilter firewalling software for IPv4

kmod-brcm-et - 2.4.30-1 - Proprietary driver for Broadcom Ethernet chipsets

kmod-brcm-wl - 2.4.30-1 - Proprietary driver for Broadcom Wireless chipsets

kmod-diag - 2.4.30-1 - Driver for Router LEDs and Buttonskmod-ppp - 2.4.30-1 - PPP support

kmod-pppoe - 2.4.30-1 - PPP over Ethernet support

kmod-wlcompat - 2.4.30-1 - Compatibility module for using the Wireless Extension

with broadcom's wl

openwrt-utils - 1 - Basic OpenWrt utilities

ppp - 2.4.3-4 - a PPP (Point-to-Point Protocol) daemon (with MPPE/MPPC support)

ppp-mod-pppoe - 2.4.3-4 - a PPPoE (PPP over Ethernet) plugin for PPP

wireless-tools - 28.pre6-1 - Tools for setting up WiFi cards using the Wireless

Extension

zlib - 1.2.2-1 - an implementation of the deflate compression method (library)

Successfully terminated.

OpenWRT comes with an easy to use package management system called ipkg. ipkg stands for Itsy PackageManagement System and is designed to be an rpm style system for flash based devices such as PDAs. Thepackages are retrieved from a list of indexes that are downloaded from user specified locations. This is a veryeffective and ideal solution for this type of device.

For the purpose of this paper, a list of tools have been selected to be loaded onto the device and tested. Thesetools include Kismet, Snort, nmap and wireless-tools.

Kismet

The first tool to be examined is Kismet. Kismet is a wireless sniffer that picks up 802.11 traffic. It is a useful toolthat will work with any wireless card which supports monitor mode. With the Broadcom chipset that comes withthe Linksys WRT54G, this tool is ideal. Kismet can also work as an intrusion detection system, due to the factthat it can detect wireless scans (such as Netstumbler) and other suspicious activity.


4/9

Kismet was set up to run on the WRT54G to do a basic scan to attempt to detect and wireless devices in the area.The wireless card on the laptop was set to Master mode to obtain some expected results. Please note that theoutput has been cut down to remove unnecessary data.

root@crankap:~# kismet_server

Enabling channel splitting.

Source 0 (wireless): Enabling monitor mode for wrt54g source interface prism0

channel 0...

Source 0 (wireless): Opening wrt54g source interface prism0...

Dropped privs to nobody (65534) gid 65534

Allowing clients to fetch WEP keys.

WARNING: Disabling GPS logging.

Writing data files to disk every 300 seconds.

Mangling encrypted and fuzzy data packets.

Tracking probe responses and associating probe networks.

Reading AP manufacturer data and defaults from /etc/ap_manuf

Reading client manufacturer data and defaults from /etc/client_manuf

Dump file format: wiretap (local code) dumpCrypt file format: airsnort (weak packet) dump

Kismet 2005.04.R1 (WRT-Kismet)

Listening on port 2501.

Gathering packets...

Sat Jan 1 01:40:00 2000 Found new network "belkin54g" bssid 00:11:50:32:88:77 WEP Y

Ch 11 @ 54.00 mbit

Sat Jan 1 01:40:24 2000 Found new network "" bssid 00:0F:66:AA:1C:96 WEP N

Ch 0 @ 0.00 mbit

Sat Jan 1 01:40:24 2000 Found new probed network "" bssid

00:0E:35:41:6F:98

Sat Jan 1 01:40:31 2000 Found new probed network "" bssid

00:04:47:00:14:7C

Sat Jan 1 01:40:31 2000 Associated probe network "00:04:47:00:14:7C" with

"00:11:50:32:88:77" via probe response.Sat Jan 1 01:40:50 2000 Associated probe network "00:0E:35:41:6F:98" with

"00:11:50:32:88:77" via probe response.

Sat Jan 1 01:41:00 2000 Found new network "FAKE" bssid 00:09:5B:EA:DD:E6 WEP N Ch 1

@ 11.00 mbit

From this output it can be seen that there were two named networks detected. FAKE was the laptop sitting inmaster mode. An interesting point of note is that the program did not detect the SSID of itself.00:0F:66:AA:1C:96 is the MAC address of the router and was detected as . A network scan was run onthe laptop to see if the outcome was similar, however in this instance, the SSID was displayed. For the purpose oftesting, the MAC address on the laptop card was incremented by one and the SSID I was changed. The resultswere as follows:

Sat Jan 1 01:50:27 2000 Found new network "ALSO-FAKE" bssid 00:09:5B:EA:DD:E7 WEP NCh 11 @ 11.00 mbit

ALERT Sat Jan 1 01:50:45 2000 Beacon on 00:09:5B:EA:DD:E7 (ALSO-FAKE) for channel

2, network previously detected on channel 11

As seen in this instance, the MAC address now ends in E7 rather than E6. Finally for the purpose of completion,fakeap was run on the laptop. Fakeap is a simple perl script that randomly generates MAC addresses andchanges the SSID of a wireless card while in master mode. This is how kismet on the WRT54G displayed thefindings:

Sat Jan 1 01:51:55 2000 Found new network "" bssid 00:00:0C:02:F6:19 WEP N

Ch 0 @ 0.00 mbit

Sat Jan 1 01:51:55 2000 Found SSID "zoar" for network BSSID 00:00:0C:02:F6:19

Sat Jan 1 01:51:55 2000 Found new network "" bssid 00:00:0C:15:C6:F8 WEP NCh 0 @ 0.00 mbit

Sat Jan 1 01:51:55 2000 Found SSID "tulley" for network BSSID 00:00:0C:15:C6:F8


5/9

Sat Jan 1 01:51:56 2000 Found new network "redbook" bssid 00:00:CE:5F:45:BD WEP N

Ch 6 @ 11.00 mbit

Sat Jan 1 01:51:56 2000 Found new network "" bssid 00:00:0C:76:5C:F8 WEP N

Ch 0 @ 0.00 mbit

Sat Jan 1 01:51:56 2000 Found SSID "tarra" for network BSSID 00:00:0C:76:5C:F8

Sat Jan 1 01:51:56 2000 Found new network "rivaherrera" bssid 00:00:CE:52:C3:61 WEP

N Ch 3 @ 11.00 mbit

Sat Jan 1 01:51:57 2000 Found new network "sam-houston" bssid 00:00:CE:21:26:41 WEP

N Ch 6 @ 11.00 mbit

Sat Jan 1 01:51:57 2000 Found new network "" bssid 00:00:CE:C3:6E:48 WEP N

Ch 0 @ 0.00 mbit

Sat Jan 1 01:51:57 2000 Found SSID "faretheewell" for network BSSID

00:00:CE:C3:6E:48

Sat Jan 1 01:51:57 2000 Found new network "" bssid 00:00:0C:19:B9:2D WEP N

Ch 0 @ 0.00 mbit

Sat Jan 1 01:51:57 2000 Found new network "" bssid 00:00:CE:64:15:24 WEP N

Ch 0 @ 0.00 mbit

Sat Jan 1 01:51:57 2000 Found SSID "locusts" for network BSSID 00:00:CE:64:15:24

As can be seen from this, Kismet was successful in detecting the networks. Unfortunately it was unable to

establish that these access points were not real. An issue that was observed whilst running Kismet on theWRT54G was that the small amount of space available for logging was very restricted. If fakeap had been leftrunning, , the /tmp directory would have filled and the server would have stopped running.

Snort

The next tool looked at is called Snort. Snort is an open source Intrusion Detection System (IDS). Snort is alightweight program, making it ideal for use on the WRT54G. Another advantage of Snort is that it is free, asCommercial IDS software can carry expensive licensing fees,. Snort is a rule based IDS, meaning it will analyseeach packet and determine, from a list of rules, whether or not the packet is malicious. It is convenient to haveSnort running on a router, as it examines all traffic coming in and out of the network. This makes detection ofattacks and intrusions effectively from both inside and outside the network. From the OpenWRT firmware, thereare no data analysis tools available for Snort. This is acceptable as the large content of data analysis would provedifficult for the WRT54G to manage. Another problem is that the amount of logging Snort can perform is limitedto the storage size of the device. One solution to this potential problem is to install a package that allows forSnort data to be logged to a MySQL database and point it at a database on another machine. On the secondmachine you could also run the data analysis tools.

NMap

Another tool that could be used to increase the usefulness of the WRT54G is called Nmap. Nmap is short forNetwork Mapper and is an open source tool for scanning networks. This tool has the ability to detect howmany systems are in a network, what the IP addresses are and what services are running. It can also determinewhat operating systems are running on each host. For the purpose of this paper, Nmap will be used for simplenetwork and port scans as shown below:

root@crankap:~# nmap -v -sT 192.168.0.0/24

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2000-01-01 02:17 UTC

Initiating Connect() Scan against 192.168.0.1 [1663 ports] at 02:17

The Connect() Scan took 4.11s to scan 1663 total ports.

Host 192.168.0.1 appears to be up ... good.

Interesting ports on 192.168.0.1:

(The 1659 ports scanned but not shown below are in state: closed)

PORT STATE SERVICE

22/tcp open ssh

23/tcp open telnet

53/tcp open domain

80/tcp open http

The Connect() Scan took 16.42s to scan 6652 total ports.

Host 192.168.0.3 appears to be up ... good.Interesting ports on 192.168.0.3:



6/9

PORT STATE SERVICE

80/tcp open http

135/tcp open msrpc

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

1025/tcp open NFS-or-IIS

3389/tcp open ms-term-serv

MAC Address: 00:11:D8:4C:52:16 (Asustek Computer)




PORT STATE SERVICE

22/tcp open ssh

111/tcp open rpcbind

631/tcp open ipp

MAC Address: 00:0E:35:41:6F:98 (Intel)


Interesting ports on 192.168.0.11:(The 1660 ports scanned but not shown below are in state: closed)

PORT STATE SERVICE

22/tcp open ssh


631/tcp open ipp

MAC Address: 00:0E:35:41:6F:98 (Intel)




PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet25/tcp open smtp

53/tcp open domain

80/tcp open http

110/tcp open pop3


139/tcp open netbios-ssn

143/tcp open imap

445/tcp open microsoft-ds

515/tcp open printer

901/tcp open samba-swat

3128/tcp open squid-http

3306/tcp open mysql

MAC Address: 00:90:27:35:3B:CD (Intel)

Nmap finished: 256 IP addresses (5 hosts up) scanned in 64.999 seconds

Raw packets sent: 1010 (34.3KB) | Rcvd: 15 (468B)

This scan shows that there are 4 machines and 5 network interfaces available on the network at the time of thescan. A point of note is that there is still a telnet service open on the WRT54G (192.168.0.1) even thought thisappeared to have closed when a password was set. When attempting to run an operating system fingerprint,Nmap was unable to initialise.root@crankap:~# nmap -O 192.168.0.0/24

Killed

Aircrack

A tool which may prove to be more malicious than useful is Aircrack. Aircrack is designed to be a WEP keycracker. It works by sniffing for wireless traffic and taking note of all the encrypted packets. It will then take the


7/9

packets initialisation vector (IV) and use them to attempt to establish the WEP key. The more unique an IV is,the greater the possibility of cracking the WEP key. The process initiates by running a piece of software calledAirodump which is a wireless sniffer. Its basic function is to sniff for encrypted packets, establish the networkthey are for and log them. This can be run for as long as needed, with more unique IVs being detected the longerit is run, When run from the WRT54G, the output looked like this:

BSSID CH MB ENC PWR Packets LAN IP / # IVs ESSID

00:00:0C:0D:EA:B7 1 11 WEP 0 1 0 FAKE

00:0F:66:AA:1C:96 -1 -1 0 16

00:11:50:32:88:77 11 48 WPA 0 5099 2565 belkin54g

In the space of just a few minutes, airodump retrieved 2565 unique IVs from the belkin54g network. Once thecaptured packets have been saved, aircrack needs to be run on the file to attempt to crack the WEP key.Unfortunately, the WRT54G does not have the processing power or memory available to be able to run aircrack.

root@crankap:~# aircrack /tmp/test.cap

malloc(80 MB) failed

This is to be expected as much processing power would be needed to sort through all of the data. Anotherlimitation is storage space again. In the 2500 IVs that were detected by airodump, a file of almost 2 megabyteswas created. This means that 10 000 IVs would fill the routers temporary storage. This becomes problematic astakes at least 150 000 unique IVs to reliably crack a 40bit WEP key and around 500k to 1 million IVs for a104bit WEP key.

Wireless-tools

The last package to be tested is known as wireless-tools. Using this, the WRT54G will disguise itself as adifferent access point to investigate how the laptop running Kismet will react. From previous examples it wouldseem as though the belkin54g network is nearby and usable. The SSID is belkin54g and the MAC address is00:11:50:32:88:77.

root@crankap:~# ifconfig eth1 down

root@crankap:~# ifconfig eth1 hw ether 00:11:50:32:88:77

root@crankap:~# ifconfig eth1 up

root@crankap:~# ifconfig eth1

eth1 Link encap:Ethernet HWaddr 00:11:50:32:88:77

BROADCAST MULTICAST MTU:1500 Metric:1

RX packets:57573 errors:0 dropped:0 overruns:0 frame:9521

TX packets:91347 errors:7668 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:3112315 (2.9 MiB) TX bytes:81200011 (77.4 MiB)

Interrupt:4 Base address:0x1000

root@crankap:~# iwconfig eth1 essid b3lkin

root@crankap:~# iwconfig eth1

eth1 IEEE 802.11-DS ESSID:"b3lkin"

Mode:Master Frequency:2.462 GHz Access Point: 00:11:50:32:88:77

Tx-Power:22 dBm

RTS thr=2347 B Fragment thr=2346 B

Encryption key:0000-0000-0000-0000-0000-0000-0000-0000

Once that is done, Kismet is run on the laptop:

Sat May 28 01:20:59 2005 Found SSID "belkin54g" for network BSSID 00:11:50:32:88:77

Sat May 28 01:20:59 2005 Found SSID "b3lkin" for network BSSID 00:11:50:32:88:77









8/9


As it can be seen, it has become difficult to know which is the actual access point. Kismet changes who it sees asthe access point, based on the most recently received packet. This could prove interesting if a user were to createa fakeap script for the WRT54G.

As useful as the WRT54G undeniably is, there are several limitations. The primary problem is the lack of storagesize. A possible remedy to this may lie in setting up a samba or CIFS share on a machine elsewhere andmounting this on the WRT54G, to be used for storage space. In the case of Snort, a plugin is available to allow itto log to a MySQL server. The other limitation is the lack of memory and processing power for carrying out anycalculation tasks. Again, this can be remedied by moving the data to a larger machine and carrying out thefunctions there.

CONCLUSION

The Linksys WRT54G can be turned into a powerful wireless tool. There is potential for the router to be used asan IDS, a wireless scanner or a rogue access point. With the large amount of customisation that OpenWRToffers, the possibilities are endless. When evaluating the features and applications available on the WRT54G, it is

apparent that the device, which retails at around $150AU, is an economical, reliable and quality option. Whilstthe WRT54G carries out the aforementioned tasks using 3rd party firmware, an interesting comparison mightinvolve a cost analysis of other devices built specifically to perform these tasks. Future work with this routerwould include setting up an NFS server on the same network as the router and then running applications thatrequire disk space for logging, such as snort and kismet. The WRT54G can also be configured to handle menialtasks on a network such as DNS and DHCP. Further investigation may lead to using the WRT54G as a completewireless defence solution.

REFERENCES

Anderson, E. (2005). BusyBox: The Swiss Army Knife of Embedded Linux. Retrieved 18 May, 2005 fromhttp://www.busybox.net/about.html

Bull, D. (2003). iPKG the Itsy Package Management System. Retrieved 20 May, 2005 from http://www.uk-

dave.com/tutorials/zaurus/ipkg.shtml

Cisco Systems. (2005). Wireless-G Broadband Router:WRT54G. Retrieved 19 May, 2005 fromhttp://www.linksys.com/international/product.asp?coid=19&ipid=452

Davis, Z. (2001). JFFS a GPL Journaling Flash File System. Retrieved 15 May, 2005 fromhttp://www.linuxdevices.com/links/LK6391004496.html

Devine, C. (2005). Aircrack documentation. Retrieved 20 May, 2005 fromhttp://www.cr0.net:8040/code/network/aircrack/#q40

Flickenger, R. (2003). Is Linksys shirking the GPL? (Maybe not.) Retrieved 17 May, fromhttp://www.oreillynet.com/pub/wlg/3580

Fyodor. (2005). Nmap Security Scanner. Retrieved 19 May, 2005 from http://www.insecure.org/nmap/

GNU Project. (2005). GNU General Public Licence. Retrieved 17 May, 2005 fromhttp://www.gnu.org/copyleft/gpl.html

Kershaw, M. (2005). Kismet: Documentation. Retrieved 20 May, 2005 fromhttp://www.kismetwireless.net/documentation.shtml

Martin P. (2005). Configuring OpenWRT as a Wireless Client. Retrieved 14 May, 2005, fromhttp://martybugs.net/wireless/openwrt/client.cgi

Miklas, A. (2003). Linksys WRT54G and the GPL. Retrieved 18 May, 2005 fromhttp://www.uwsg.iu.edu/hypermail/linux/kernel/0306.0/1758.html

Open Wrt. (2005). Open Wrt Docs. Retrieved 20 May, 2005 from http://openwrt.org/OpenWrtDocs

Pavlov, A. (2005) What is SquashFS. Retrieved 16 May, 2005 from http://tldp.org/HOWTO/SquashFS-HOWTO/whatis.html

Pirie,S. (2005). WRT54G Version Differences. Retrieved 15 May, 2005, fromhttp://www.linksysinfo.org/modules.php?name=News&file=article&sid=18


9/9

Roesch, M. (2005). About Snort. Retrieved 19 May, 2005 from http://www.snort.org/about_snort/

Russel, R. (1999). Using iptables. Retrieved 15 May, 2005 from http://www.telematik.informatik.uni-karlsruhe.de/lehre/seminare/LinuxSem/downloads/netfilter/iptables-HOWTO.html#toc6

Seattle Wireless. (2005). LinksysWrt54g. Retrieved 14 May, 2005, fromhttp://www.seattlewireless.net/index.cgi/LinksysWrt54g

Sveasoft Incorporated. (2003). Sveassoft. Retrieved 20 May, 2005, from http://www.sveasoft.com/

Woodhouse, D. (2001). JFFS: The Journaling Flash File System. Retrieved 16 May, 2005 fromhttp://sources.redhat.com/jffs2/jffs2-html/jffs2-html.html

COPYRIGHT

Simon Innes 2005. The author/s assign the School of Computer and Information Science (SCIS) & EdithCowan University a non-exclusive license to use this document for personal use provided that the article is usedin full and this copyright statement is reproduced. The authors also grant a non-exclusive license to SCIS & ECUto publish this document in full in the Conference Proceedings. Such documents may be published on the WorldWide Web, CD-ROM, in printed form, and on mirror sites on the World Wide Web. Any other usage isprohibited without the express permission of the authors.

linsys_54wrt

Documents