Ken's Korner Newsletter Logo
October 2015
Routers, Switches and Gateways
Ethernet Ports

What exactly is a router, a switch, a gateway or a modem?

You’ve heard the names thrown around on the Internet but what are they? Are they all really the same thing? Well they are not all the same thing, close but not quite the same.

An Ethernet hub converts one port into several ports and joins multiple computers together. One port connects to the network and the other ports connect to the devices. What comes in from the network is broadcast to all devices on the hub. Only one user can access the network at a time which sounds bad but when the time is divided up into millionths of a second, (or less) many users can be on the network simultaneously without slowing each other down. This makes them quite “chatty” and inefficient. We do not use a lot of hubs these days.

A switch is a little “smarter” than a hub. Like the hub a switch takes the one network connection and attaches three, four maybe even eight devices to it. But the switch actually checks the individual data packets and sends them only to the port that the recipient machine is connected to. Like the hub only one user can access the network at a time but they are a more efficient and are a much smaller load on the network. Switches can be wireless too.

Routers separate networks. On one side is the local network and on the other side is the next network upstream from you. Routers are a lot smarter that switches and hubs. Access to and from the local network is controlled by the router. IP addresses can be assigned by the router. Some routers have a switch built in.

The complete list of what a router can do is very long. Suffice it to say that some routers cost tens of thousands of dollars, run at blazingly fast speeds and require extensive networking expertise. The WiFi router in your house is just a little cousin to some of the big routers out there.

Some routers also scan for viruses and spam e-mail. In most cases we call these devices firewalls which is a little more than just a standard router. In some cases the firewall is more powerful (and more expensive) than the server it is guarding.

Some routers separate your home network from the public network of the cable or phone company. These devices are often referred to as gateways but they are just specialized routers.

In some cases there may be hundreds of routers in one installation. Several routers can be in just one tree. Trees become forests and we can have a great many forests out there. Administering all this is not for the faint of heart.

The traditional modem is hard to find these days. While some ISP’s incorrectly refer to the residential gateway as the “Modem” but it is all digital. Back in the day when we had POTS, (Plain Old Telephone Service) lines we had a device to convert the digital signals from the computer into analog signals for the phone line. We had to modulate at one end and demodulate at the other end hence the term modem. Now it is digital data all the way there and all the way back.

Go back to the top

A Good Virus?

Is there such a thing?
A Good Virus?A Good Virus?

OK so technically it is a Trojan not a virus but a recently discovered malware called “Linux.Wifatch” has been found compromising tens of thousands of routers, mostly in China and Brazil. (Linux is a UNIX clone/variant commonly embedded in devices like routers.) While Windows machines are not directly affected by this particular malware your router might be. Remember it is an Internet of Things, (IoT) now not just computers. And some of those “things” are vulnerable to malware.

Linux.Wifatch infects the device and remains undetected like any malware. It even updates itself through a peer-to-peer network. But once it is working it protects the router from other malware. Yes you read that right it safeguards the infected device from other attacks!

  • It blocks other channels that are typically used by malware to gain access to the machine.
  • It has a module in it to remove some of the common families of malware.
  • It gets updates on new malware threats from the p2p network.
  • When it can’t remove the malware it periodically restarts the router to stop any running processes.
  • It reminds users to change their passwords and update the firmware.
  • The computer code itself is commented with explanations of the functions going on within the code.

This is mighty strange behavior for malware to be sure.
The identity of the author is unknown and the original source remains unclear.

Security organizations like Symantec have been watching this for about year now and so far no malicious activity has been reported. But the potential for harm is still there. This could be a back door entry for the author(s) to exploit at a later time.

What should you do if you think your router or computer may be compromised?

If you have a Linux computer run a virus scan on it. You can use one of the online scanners or one of the commercially available AV apps for Linux. Your normal antivirus program, if it is current, should find the malware and kill it

If you have an infected router you will probably need to reload the firmware. That can be a little more involved. You may have to go to another network to gain access to the manufacture’s web site and download the latest firmware package. Then run that app on the affected system.

Of course you can always call Ken’s Korner and we will take care of the malware, and any other computer problems you may have.

Go back to the top

Copyright © 2015. All Rights Reserved.
Ken's Korner Home Page