Phil Cartwright writes:

> Sometime during the night the internet connection to my small network
> died. After about ten minutes I determined the cause when logging into
> the router with its proper password failed, but logging in with a
> password of "admin" succeeded. The router's memory had been erased
> during the night. As a result it had also forgotten that the DSL
> connection requires PPPoE with a particular username and password.
>
> What would cause a BEFSR41 to spontaneously revert to a factory-new
> state with the default password and other settings?

Failing hardware. The non volatile memory could be headin south.
I've experienced this on a BEFSR41 unit myself.

How old is yours? What's your power quality like? Have the MOV's in
that surge suppressor to which it's connected long since worn out?

> Is this a known issue with the BEFSR41 and if so is there a way to
> prevent its recurrence?

Replace the unit. Fortunately they're cheap.

--
Todd H.
http://www.toddh.net/

Todd H. wrote:
>>What would cause a BEFSR41 to spontaneously revert to a factory-new
>>state with the default password and other settings?
>
> Failing hardware. The non volatile memory could be headin south.
> I've experienced this on a BEFSR41 unit myself.

Can't be.

> How old is yours?

Less than six months. It should not be showing any sort of ageing yet.

> What's your power quality like? Have the MOV's in
> that surge suppressor to which it's connected long since worn out?

I wouldn't know, but it (and everything else) is plugged into a surge
suppressor.

>>Is this a known issue with the BEFSR41 and if so is there a way to
>>prevent its recurrence?
>
> Replace the unit. Fortunately they're cheap.

Seventy bucks is not cheap.

I want a second opinion.

--
There's only four things you can be certain of: taxes, change, spam, and
death.

Phil Cartwright writes:

> Todd H. wrote:
> >>What would cause a BEFSR41 to spontaneously revert to a factory-new
> >>state with the default password and other settings?
> > Failing hardware. The non volatile memory could be headin south.
> > I've experienced this on a BEFSR41 unit myself.
>
> Can't be.
>
> > How old is yours?
>
> Less than six months. It should not be showing any sort of ageing
> yet.

True enough. Could be something else, or just defective hardware.
It's certainly not unheard of for non-volatile memory to have some
rate of defectivity that isn't screened out at manufacture, and
without knowing Linksys's final test QA procedures, hard to say how
likely a bad chip got through, but it's certainly possible.

> > What's your power quality like? Have the MOV's in that surge
> > suppressor to which it's connected long since worn out?
>
> I wouldn't know, but it (and everything else) is plugged into a surge
> suppressor.
>
> >>Is this a known issue with the BEFSR41 and if so is there a way to
> >>prevent its recurrence?
> > Replace the unit. Fortunately they're cheap.
>
> Seventy bucks is not cheap.

In the world of networking gear, yeah it is. But you did pay 40% more
than you needed to:
http://www.newegg.com/Product/Produc...82E16833124001

> I want a second opinion.

Sure. Go nuts. Take 3-they're cheap too.

--
Todd H.
http://www.toddh.net/

Todd H. wrote:
> You've got a 1 year warranty. If it's routinely forgetting its
> settings and you've already
> a) upgraded to the latest firmware to rule out any bug on that
> end, and
> b) you've disabled uPNP (if the device has it) which has a
> client side exploit running around for it,
>
> and it still is losing its settings, then I'd say "make a warranty
> claim."

If it becomes a serious issue during the next few months I suppose I will.

However, I need uPNP for some stuff. I don't let any kind of malware run
on any of the machines, though, so a client-side exploit is no worry.
(The router itself provides NAT/firewall, plus all the PCs run
ZoneAlarm, AVG, Lavasoft Ad-Aware, and Spybot Search and Destroy, with
AVG resident protection, and I'm the only user and scan new executables,
don't use OE or IE or trust email attachments, and so forth. Haven't had
an infestation of any sort in ages.)

>>That's the US$ price from a wholesaler with no shop-front
>>presence. The typical price in local bux in big-box retail here was
>>$70 six months ago. Perhaps it's been dropping, though, as the price
>>of a however-fast or however-big piece of computing equipment does
>>tend to.
>>
>>Regardless, it's not cheap on my budget.
>
> Then you're not doing your budget any favors by overpaying by 40% at
> your local big box. Newegg's a good place.

Newegg doesn't know about the existence of a whole world outside the
borders of the United States, so it's useless to me.

> Flash memory, while much better than spinning platters, actually does
> have a wear mechanism due to tunnelling, and eventually those oxides
> decide they don't wanna put up with that stuff anymore. Heat
> accelerates the failure rate of microelectronics.

This unit is well ventilated and doesn't get more than slightly warm,
even under fairly heavy network traffic load.

--
There's only four things you can be certain of: taxes, change, spam, and
death.

Phil Cartwright writes:

> Todd H. wrote:
> > You've got a 1 year warranty. If it's routinely forgetting its
> > settings and you've already a) upgraded to the latest
> > firmware to rule out any bug on that
> > end, and b) you've disabled uPNP (if the device
> > has it) which has a
> > client side exploit running around for it,
> > and it still is losing its settings, then I'd say "make a warranty
> > claim."
>
> If it becomes a serious issue during the next few months I suppose I will.
>
> However, I need uPNP for some stuff. I don't let any kind of malware
> run on any of the machines, though, so a client-side exploit is no
> worry.

You've either somehow prevented all machines on your network from ever
surfing the web with modern web browser, or you don't really
understand the uPNP problem.

> Newegg doesn't know about the existence of a whole world outside the
> borders of the United States, so it's useless to me.

Hah. Yer kinda an asshole in case no one's ever told ya. Just
sayin.

Or for a bit more comic flair:

Well excuuuuuuuuse me Mr. Phil Cartwright munging with a .com address,
and quoting big box store prices in dollars for making such a nutty
assumption you just MIGHT be in the US.

Good luck with your problem. I get the distinct impression yer one of
those folks who enjoys having them, helps create them, and really
loves bitching about them rather than really solving them.

But, I betcha in a few months your problem still exists, and you've
got a hardware problem that you claimed in your first reply "Can't
be."

Cheers,
--
Todd H.
http://www.toddh.net/

Todd H. wrote:
> You've either somehow prevented all machines on your network from ever
> surfing the web with modern web browser, or you don't really
> understand the uPNP problem.

I don't think there's any reason for you to be insulting.

My web browser is locked down too. I use Firefox, and keep it up to
date. Browser itself shouldn't use UPnP since it doesn't need to open
listen ports. Java applet running in browser shouldn't be able to from
sandbox. Cross-site scripting attack on router's web configuration
should be foiled by a) using Firefox, b) keeping Firefox up to date, and
c) the router having a non-default password.

>>Newegg doesn't know about the existence of a whole world outside the
>>borders of the United States, so it's useless to me.
>
> Hah. Yer kinda an asshole in case no one's ever told ya. Just
> sayin.

Once again, I see no reason for you to be insulting. (Or to keep posting
this thread back into comp.os.ms-windows.misc, for that matter.)

> Well excuuuuuuuuse me Mr. Phil Cartwright munging with a .com address,
> and quoting big box store prices in dollars for making such a nutty
> assumption you just MIGHT be in the US.

I implied two posts ago that I wasn't, and you responded to that post by
suggesting Newegg.

Meanwhile, .com is a country-agnostic TLD. US-centric domain names
should presumably end in .us, though you don't tend to see many,
probably because Americans tend to think that the world consists of two
geographical regions: a) America and b) a bunch of weird places "out
there somewhere" where foreign languages are spoken and that have little
real significance. Unless they have oil, exotic forms of porn, or
terrorists, of course. :P

> [rest of unhelpful nonsense deleted]


--
There's only four things you can be certain of: taxes, change, spam, and
death.

Phil Cartwright writes:

> Todd H. wrote:
> > You've either somehow prevented all machines on your network from ever
> > surfing the web with modern web browser, or you don't really
> > understand the uPNP problem.
>
> I don't think there's any reason for you to be insulting.

I don't mean to be insulting. It's just my ascii accent.

Actually Phil, you raised my ire by being dismissive of good advice
you've been given for free, and speaking in terms of absolutes when
you don't seem to know what you don't know. It's irritating.

> My web browser is locked down too. I use Firefox, and keep it up to
> date. Browser itself shouldn't use UPnP since it doesn't need to
> open listen ports. Java applet running in browser shouldn't be able
> to from sandbox. Cross-site scripting attack on router's web
> configuration should be foiled by a) using Firefox, b) keeping
> Firefox up to date, and c) the router having a non-default password.

Unfortunately you still don't get it. You think you're protected but
you're not. But you're not alone in misunderstanding this.

Please read the following--it explains the issue in detail:
http://www.gnucitizen.org/blog/flash-upnp-attack-faq

If after reading that, you dont' want to disable uPNP, you'll have
raised me out.

Linksys apparently started enabling UPnP by default in firmware
1.42.3 of the befsr41.

> >>Newegg doesn't know about the existence of a whole world outside the
> >>borders of the United States, so it's useless to me.
> > Hah. Yer kinda an asshole in case no one's ever told ya. Just
> > sayin.
>
> Once again, I see no reason for you to be insulting.

Sorry, folks who ask for advice then start copping an attitude when
they get answers (even ones that include pieces of information that
aren't necessarily applicable) deserve a flame now and again.

> (Or to keep posting this thread back into comp.os.ms-windows.misc,
> for that matter.)

Want some cheese with that whine?

Look pal, you're the one who started this thread by crossposting all
over hell. I'm just exercising my prerogative to actually include the
one group of that shotgun blast that I actually read regularly.

But mea culpa on the non-US thing. My little secret: I don't read
every sentence, and missed that second one after you went into your
negative "well here's why I don't like that answer" response to my
suggestion that perhaps you didn't get the best price on your router.


Best Regards,
--
Todd H.
http://www.toddh.net/

Todd H. wrote:
> Phil Cartwright writes:
>>Todd H. wrote:
>>
>>>You've either somehow prevented all machines on your network from ever
>>>surfing the web with modern web browser, or you don't really
>>>understand the uPNP problem.
>>
>>I don't think there's any reason for you to be insulting.
>
> I don't mean to be insulting. It's just my ascii accent.

After which, of course, Todd H. proceeds to be insulting again.

>>My web browser is locked down too. I use Firefox, and keep it up to
>>date. Browser itself shouldn't use UPnP since it doesn't need to
>>open listen ports. Java applet running in browser shouldn't be able
>>to from sandbox. Cross-site scripting attack on router's web
>>configuration should be foiled by a) using Firefox, b) keeping
>>Firefox up to date, and c) the router having a non-default password.

And in response to this, Todd H. again responds with insults instead of
helpful information.

>>Once again, I see no reason for you to be insulting.

And in response to this, naturally, Todd H. is again insulting.

> But mea culpa on the non-US thing. My little secret: I don't read
> every sentence, and missed that second one

That, of course, would seem to explain a great deal.

And it also tells me exactly what I should do next: add you to my
killfile. Thanks for clearing that up. Have a nice day.

--
There's only four things you can be certain of: taxes, change, spam, and
death.

Phil Cartwright writes:

> Todd H. wrote:
> > Phil Cartwright writes:
> >>Todd H. wrote:
> >>
> >>>You've either somehow prevented all machines on your network from ever
> >>>surfing the web with modern web browser, or you don't really
> >>>understand the uPNP problem.
> >>
> >>I don't think there's any reason for you to be insulting.
> > I don't mean to be insulting. It's just my ascii accent.
>
> After which, of course, Todd H. proceeds to be insulting again.

I'm glad the sarcasm wasn't lost on ya Phil!

> >>My web browser is locked down too. I use Firefox, and keep it up to
> >>date. Browser itself shouldn't use UPnP since it doesn't need to
> >>open listen ports. Java applet running in browser shouldn't be able
> >>to from sandbox. Cross-site scripting attack on router's web
> >>configuration should be foiled by a) using Firefox, b) keeping
> >>Firefox up to date, and c) the router having a non-default password.
>
> And in response to this, Todd H. again responds with insults instead
> of helpful information.

Actually, the helpful information that was included, I hope you read.

If you failed to read the linked article that described the very real
prescient threat that leaving UPnp enabled on your network while
having anything on the LAN using the Flash plugin, then you're just
sticking your head in the sand to perpetuate your belief that you're
safe. Patching your computer's apps doesn't fix this one.

> And it also tells me exactly what I should do next: add you to my
> killfile. Thanks for clearing that up. Have a nice day.

Darn, does that mean I'll not be enjoying another obstinate reply?

--
Todd H.
http://www.toddh.net/