When setting up a Netgear WGR614 wireless router I
was surprised to discover that apparently it requires
Java-script to be enabled in order for the router to
function. Since every book on security that I've read
without exception identifies java-script as a security
risk and suggest that it be used sparingly if at all I went
searching for a different router.

I searched this forum with respect to routers in general
and in particular (Linksys, Netgear, etc.). I searched the
STD forum. I did a google search.

There was no shortage of information, in fact there is an
overwhelming amount but I haven't found anything that
addresses my concerns. I've read reviews of the WGR614
that don't mention that it requires java-script enabled.
I found out that one of the Linksys routers defaults to
wireless enabled (which seems like poor security practice).

Even if I would spend a couple of months digging through
these various links I have no confidence that the information
I want would be included.

Would someone here who runs with strong security (java
disabled, java-script disabled, etc. etc. etc. etc. etc.)
steer me to a few routers (preferably that do not smell like
a chemical factory) that do not require insecure
browser settings in order to function?

Django

actually, i have several wireles routers, and NONE requires java. 3com, Netgear and Dlink (piece of junk imho), try without

I did try the WGR614 without java-script enabled on
my browser.

I didn't write down the exact wording but
the gist of the error message was that the enhanced
functionality of the router required java-script enabled
and I should either enable it in my browser or get a
browser that supported java-script. It also required
java-script enabled for the router setup and configuration
wouldn't work until I made a java-script exception for
the router's URL.

Which particular models are you using?

Django

PS: Rereading your post I noticed that you said the
routers didn't require java. The WGR614 didn't complain
about not having java enabled, it complained about not
having java-script enabled.

i use among others a cheap Netgear WAG302EU the other two i can't remember and they are not here in my hotell room so...

Thanks for the information.

Before I hunt up a WAG302EU could you
confirm that you have both java and java-script
disabled in your browser and that the router
doesn't complain.

Thanks again.

Django

as i use lynx it is not enabled as far as I know. lynx is a text only browser, it is very basic, even lacks suport for frames
, as far as i know it s only the wizards that require scripts. and as the configpart is only acessible from inside the network much of the threat is not as large (although not to be neglected)

Lynx sounds interesting.

Anyway, I am using Knqueror and Firefox and
I am mostly concerned with being able to access
websites with java and java-script turned off.

We could nail this down if you would be so kind
as to check

Command Center
--Internet & Network
----Web Browser
------Java & Java-script

and see whether or not java and java-script are enabled.

Django

ah, ok, i think i understsand, you do not need script to surf using that router, just to configure with the wizard, and no i have no java or javascript enabled.

ah, ok, i think i understsand, you do not need script to surf using that router, just to configure with the wizard, and no i have no java or javascript enabled.
You certainly don't need scripting enabled to surf with any router. You might come across one that went overboard on the user interface and wants it to configure the router, but one simple "fix" for that for someone who wanted to avoid any scripting support in their main browser would be to use a second browser just for the rare occasion when they want to configure the router (you could even do this from a virtual machine if you want to exercise extreme caution). If you don't use that browser for anything other than router configuration then the danger is nearly zero, even more so if you rename it, zip it or encrypt it and only put it back when you plan on using it again, but that seems like overkill.

Good to know that java and java-script are not enabled and your router
doesn't complain.

Regarding the WGR614, I configured it with exceptions for java and java-script
for the router's URL and with java and java-script disabled for all other URLs.
Configuration went smoothly. When I tried to go to a website the router complained
about not having java-script. It would not access the web without it.

If it just required java-script for configuration I could live with it. But the router wants java-script on to surf the web, it won't go anywhere without it on. If I try it
gives me the error message I posted earlier.

It is good to have a lead on a router that doesn't require poor security settings
to work.

Thanks for the help.

Django

as far as I am aware that is the weirdest thing i have heard in a looong time, it should not be.
something is SERIOUSLY wrong here, tell me EXACTLY what you are doing to get online, step by step.

I get on line without a router using a software firewall just fine using 4.0.2. and either Konqueror or Firefox. No problems.

But if I stick the WGR614 between my system and the broadband connection it wants java-script enabled to either configure the router or surf the internet.

Yeah it sure is weird... I was flabergasted.

Now I've been messing around with computers for 30 years and I've done some dumb things and overlooked some obvious stuff now and then but I've looked through all of the WGR614s options that I could find and can't find anything that does the job.

If the router is between my system and the internet it wants java-script for everything and if the router is not between my system and the internet everything works just fine.

I've got it packed up to return and would just like to get a router that doesn't befuddle me like this.

Django

Hi Harry

Unless it's a case of operator error (not impossible, I've done it before) there is at least one router that wants java-script enabled to surf the web.

Regarding what I did: I went to

Command Center
--Internet & Network
----Web Browser
------Java & Java-script

and made an exception for the router's URL (www.whatevertheyputhere.whatever) for both java and java-script. Then I configured the router. Then I attempted to visit a website and the router complained that java-script wasn't enabled and demanded that I enable it or get a browser that supported it. I'd gotten the same message when I tried to configure the router with my regular security settings.

Regards,

Django

Unless it's a case of operator error (not impossible, I've done it before) there is at least one router that wants java-script enabled to surf the web.
I just don't see how this could even be. Sure, JS for some over agressive user interface to configure the router, but after that the router just passes along packets (editing them in the process). It doesn't care about java script. It doersn't even care what the application is that sent the packets, it might be a browser, it might be a mail program, it migh be a news reader or an irc client or an FTP client, or Skype or any other internet aware application. It doesn't even know what application sent the packets, it can't tell, all it knows is port numbers and protocol types. You could stop your browser with JS and the other applications would still run. You could delete the browser from your system and the other applications would still run. And one of those applications could well be another browser without scripting, the router would never know.

I really do think that you are talking about a case of operator error. If you want to show that that is not the case I would suggest running ethereal to capture an exchange of packets with a website when you have JS enabled, and then trying to access the web site again without JS and capturing those packets so we can all see what is different about the connections.

Of course, I'm not saying all websites work fine without scripting, so I would suggest using a site that is known to not use scripting. And a simple site will give you far less packets to sort through and see what is really happening than a large complex site. One such clean site would be http://checkip.dyndns.org/, but there are obvioulsy many others.

After sleeping on the problem I've put together a step-by-step of everything I do to get on the net (however mundane). I go through the same steps whether or not the router is connected. Later I will unpack the router and post the same step-by-step regarding its configuration, etc.

I currently believe that the answer to the problem probably lies in an interaction between my security settings and the settings/peculiarities/eccentricities/features of the router.

The Process
Put in the Knoppix CD
Push the power switch (with the eth0 cable unplugged)
When asked use the home=scan bootcode
When asked deselect the load writeable system option & click ok re: image activation
After boot process completes go to
Knoppix
--Services
----Firewall
and activate the software firewall with mode set to easy, external devices set to ippp, ppp, and eth.
Plug in cable to eth0
Run network card configuration
Knoppix
--Network/Internet
----Network card configuration
Click yes to DHCP broadcast
Launch Konqueror.

A few of the Control Center options that might be relevant include:

--internet and network
----desktop sharing
uninvited connects are not allowed and the system is not announced on the network

----proxy
connect to the internet directly is checked, automatically detect proxy connection and specify proxy URL are not

----Browser Identification
this is not enabled

----Java & Java-script
these are not currently enabled although I had made an exception for the router

----Pluggins
pluggins are not enabled


Let me know if there is any other configuration data that might be relevant.

When I get the router set up again I will try spawning a new browser other than the instance that was used to configure the router. And of course look at the packet stream (that is going to be another learning curve for me since I've so far in my career treated network stuff at that level of detail as a black box.)

Thanks for the interest and support. Any suggestions welcome.

Django

When you do your tests, try without the home=scan cheat code, that is, try with just a generic knoppix boot. If yu have Internet access through the router that way and not with home=scan then we know it's not a router issue, it's a configuration issue. I'm not saying that I'm sure home=scan is the issue,or even that I think it is, but it would be better to rule it out than for me to not mention that you should check this.

I think you'll find packet sniffing with ethereal interesting. Yea, it seems mysterious untill you actually have a look, but a lot of thing fall into place when you look. And it is a great tool for resolving issues like this.

Well, I've got it working.

The problem was a combination of my low boredom threshold and what I would call a misleading error message.

Booting the router is a three-step process whereby first the access box is powered on, secondly the router is powered on, and thirdly the computer is powered on. Each step requires what feels like an immense amount of time.

It is my hypothesis that originally I either didn't follow the sequence or didn't wait long enough for one or more of the stages of the process to complete. Either that or the imp of the perverse is toying with me.

I've run through the process twice and both times everything works fine (although I've noticed an increase in timeouts, perhaps just coincidental, and slower downloads of small amounts of data, 16k can take seconds but I suppose it is probably just congestion of some sort somewhere out there).

So impatience and an error message that sent me looking in the wrong direction for the solution seem to have been the problem. (Yeah, it was operator error).

Thanks to all for the support and encouragement as I explored various blind alleys on my way to the mundane solution.

Django