Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Can an intruder remotely reset a Linksys WRT54G v5 router to default?
33 views
Skip to first unread message
William Bonner
May 13, 2012, 1:34:10 PM5/13/12
to
What just happened is clear ... but HOW it happened ... is not clear to me.
Here's what happened:
1. I was home with my PC connected wirelessly to my Linksys WRT54G router
2. The connection was WPA2/PSK with wireless administrator access 'enabled'
3. The connection went down; the router disappeared from view
4. Shortly thereafter, the strongest signal was SSID=linksys
5. My teen-age kid experienced the same thing - at the same time
6. Only the kid & I were home so NOBODY physically touched the router!
7. Yet, the Linksys WRT54Gv5 router was clearly reset back to defaults.
How can that happen without anyone pressing the reset button?
Can a Linksys home broadband router be reset by an intruder on the net?
Here's what happened:
1. I was home with my PC connected wirelessly to my Linksys WRT54G router
2. The connection was WPA2/PSK with wireless administrator access 'enabled'
3. The connection went down; the router disappeared from view
4. Shortly thereafter, the strongest signal was SSID=linksys
5. My teen-age kid experienced the same thing - at the same time
6. Only the kid & I were home so NOBODY physically touched the router!
7. Yet, the Linksys WRT54Gv5 router was clearly reset back to defaults.
How can that happen without anyone pressing the reset button?
Can a Linksys home broadband router be reset by an intruder on the net?
danny burstein
May 13, 2012, 1:48:17 PM5/13/12
to
It's possible the Linksys died and you're hitting a neighbors...
--
_____________________________________________________
Knowledge may be power, but communications is the key
dan...@panix.com
[to foil spammers, my address has been double rot-13 encoded]
VanguardLH
May 13, 2012, 2:54:07 PM5/13/12
to
Page 1
"*Reset* There are two ways to reset the Router’s factory defaults.
Either press and hold the Reset Button for approximately five seconds,
or restore the defaults from Administration > Factory Defaults in the
Router’s web-based utility.
Page 2
"The Linksys default password is admin."
So how secure was yours after changing it? How strong was the password?
How long is the WPA[2] shared key or WEP passphrase? Are they *strong*
keys and not some easily guessed (easily dictionary attacked)?
Did you enable MAC filtering and add the MAC addresses for just your
intranet hosts so only they can connect to the router?
Settings in the router are retained by using NVRAM (non-volatile random
accessed memory) when power is off. Could be the flash memory is going
bad and isn't retaining the settings. However, since the flash memory
is inside the microprocessor (e.g., Atmega88), it means the unit is
kaput. Cooling is by convection only (no fans inside, just holes in the
case). If the ventilation holes get blocked then the parts inside
overheat. Once the unit goes flaky, dusting out the holes and inside
won't help. Could be someone (kid?) installed DD-WRT and then
reinstalled the factory or update firmware without first clearing the
NVRAM. Reinstalling the latest firmware might fix it (but then if the
reset was caused by flashin in new firmware then you already have it).
After entering strong keys/passwords for all the settings (to avoid
hacking), you'll have to watch the unit to see it if screws up again.
Could be it's getting flaky in its old age. So far with the routers
that have died for me, they always exhibit some flakiness in operation
before a catastrophic failure.
Jeff Liebermann
May 13, 2012, 3:54:22 PM5/13/12
to
On Sun, 13 May 2012 10:34:10 -0700, William Bonner <wbo...@gma.com>
wrote:
>How can that happen without anyone pressing the reset button?
If they can get to the admin web pages, they can reset it to defaults.
>Can a Linksys home broadband router be reset by an intruder on the net?
Yes.
However, that's probably not what happened. Some (not all) WRT54G v5
and v6 routers are junk.
<http://www.smallnetbuilder.com/wireless/wireless-reviews/26843-linksyswrt54gv5reallyisalousyrouter>
They will hang, reboot spontaneously, reset themselves, or do other
disgusting things. Installing DD-WRT sometimes cures the problems,
but not always. Oddly, only some WRT54G v5 and v6 routers are like
this. Some actually work quite well.
I'm constantly seeing various routers reset to defaults for no obvious
reason. It's not hackers. It's usually AC power glitches. Give the
power plug the right waveform, and the router thinks the reset button
has been depressed. I had this problem on a different product that I
worked on. The original design had the reset pin on the CPU set to
normally high and using level triggering. If the DC power went down
slowly or erratically, it will look like the reset pin was grounded,
thus causing a reset. It was solved by setting the line to normally
low, using the reset button to pull up the line. The firmware guys
also added additional debouncing to the reset pin. We were tempted to
try edge triggering, but ran out of time.
--
Jeff Liebermann je...@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
wrote:
>How can that happen without anyone pressing the reset button?
>Can a Linksys home broadband router be reset by an intruder on the net?
However, that's probably not what happened. Some (not all) WRT54G v5
and v6 routers are junk.
<http://www.smallnetbuilder.com/wireless/wireless-reviews/26843-linksyswrt54gv5reallyisalousyrouter>
They will hang, reboot spontaneously, reset themselves, or do other
disgusting things. Installing DD-WRT sometimes cures the problems,
but not always. Oddly, only some WRT54G v5 and v6 routers are like
this. Some actually work quite well.
I'm constantly seeing various routers reset to defaults for no obvious
reason. It's not hackers. It's usually AC power glitches. Give the
power plug the right waveform, and the router thinks the reset button
has been depressed. I had this problem on a different product that I
worked on. The original design had the reset pin on the CPU set to
normally high and using level triggering. If the DC power went down
slowly or erratically, it will look like the reset pin was grounded,
thus causing a reset. It was solved by setting the line to normally
low, using the reset button to pull up the line. The firmware guys
also added additional debouncing to the reset pin. We were tempted to
try edge triggering, but ran out of time.
--
Jeff Liebermann je...@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
William Bonner
May 13, 2012, 4:49:59 PM5/13/12
to
On Sun, 13 May 2012 17:48:17 +0000 (UTC), danny burstein wrote:
> First step: make sure you're still hooking up to your own router.
> It's possible the Linksys died and you're hitting a neighbors...
Thanks for the advice. I'm absolutely positive it's my router.
> First step: make sure you're still hooking up to your own router.
> It's possible the Linksys died and you're hitting a neighbors...
Now I'm in worse shape than I was before.
Worried that the intruder put software on the router, I tried to upgrade
the firmware. After about 2 hours of watching the little bars go over nd
over across the screen, I unplugged it all.
Now the power light is flashing about twice a second, and I can no longer
log into the router, despite a bazillion reboots and resets.
Two questions:
a) How long should it take for a firmware upgrade?
b) Should the power light be steady or flashing on the WRT54G v5?
William Bonner
May 13, 2012, 5:07:15 PM5/13/12
to
On Sun, 13 May 2012 12:54:22 -0700, Jeff Liebermann wrote:
> It's usually AC power glitches. Give the
> power plug the right waveform, and the router thinks the reset button
> has been depressed.
Hi Jeff,
> It's usually AC power glitches. Give the
> power plug the right waveform, and the router thinks the reset button
> has been depressed.
I know you're one of (if not the) most respected guy on this forum so I do
appreciate your advice. I'm in the Santa Cruz mountains (like you) and we
do get glitches in the power a lot. Seems to go down once a month
sometimes, and other times it lasts for six months before the generator
kicks in.
So, maybe that's what happened.
But, now it's even worse. With the router reset to defaults, I had no
problem logging in. I decided to update the firmware, just in case, using
the file FW_WRT54Gv5v6_1.02.8.001_US_20091005.bin downloaded from the
Linksys site for the v5 that I have.
This process went on for hours ... from about 11:00 to about 1:30 when I
finally gave up and pulled the plug. (BTW, how long 'should' a firmware
upgrade take anyway?).
Here's a picture of what showed for hours (the lines were moving and
repeating themselves over and over and over again):
http://www2.picturepush.com/photo/a/8251595/640/8251595.gif
Then, after rebooting and resetting a few times, here's what then showed
up:
http://www5.picturepush.com/photo/a/8251598/640/8251598.gif
Now I can't get anything to work on the Linksys router. No connection.
Two questions:
Q1: How long should it take for firmware to install itself?
(I gave up after almost 3 hours)
Q2: Should the power light be constantly blinking or should it be steady?
(Mine is blinking)
William Bonner
May 13, 2012, 5:08:32 PM5/13/12
to
On Sun, 13 May 2012 13:54:07 -0500, VanguardLH wrote:
> So how secure was yours after changing it? How strong was the password?
The WPA2/PSK password was the maximum length - and I did not use a
> So how secure was yours after changing it? How strong was the password?
dictionary SSID, but it had been setup without change for quite some time
(years).
Ant
May 13, 2012, 5:16:14 PM5/13/12
to
On 5/13/2012 1:49 PM PT, William Bonner typed:
> Now I'm in worse shape than I was before.
>
> Worried that the intruder put software on the router, I tried to upgrade
> the firmware. After about 2 hours of watching the little bars go over nd
> over across the screen, I unplugged it all.
>
> Now the power light is flashing about twice a second, and I can no longer
> log into the router, despite a bazillion reboots and resets.
>
> Two questions:
> a) How long should it take for a firmware upgrade?
> b) Should the power light be steady or flashing on the WRT54G v5?
Not very long. I think your router had problems and is now dead/bricked.
Can you reset it with its hole? :( Maybe the router had problems earlier
too.
--
* <-- Tribble ... *********************** <-- Tribbles imitating ants
(unknown author)
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.
> Now I'm in worse shape than I was before.
>
> Worried that the intruder put software on the router, I tried to upgrade
> the firmware. After about 2 hours of watching the little bars go over nd
> over across the screen, I unplugged it all.
>
> Now the power light is flashing about twice a second, and I can no longer
> log into the router, despite a bazillion reboots and resets.
>
> Two questions:
> a) How long should it take for a firmware upgrade?
> b) Should the power light be steady or flashing on the WRT54G v5?
Can you reset it with its hole? :( Maybe the router had problems earlier
too.
--
* <-- Tribble ... *********************** <-- Tribbles imitating ants
(unknown author)
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.
William Bonner
May 13, 2012, 5:20:11 PM5/13/12
to
On Sun, 13 May 2012 14:16:14 -0700, Ant wrote:
> Not very long. I think your router had problems and is now dead/bricked.
> Can you reset it with its hole? :( Maybe the router had problems earlier
> too.
I held the reset button in for tweny seconds while booting and while
> Not very long. I think your router had problems and is now dead/bricked.
> Can you reset it with its hole? :( Maybe the router had problems earlier
> too.
running - and it still doesn't respond.
The only indication I have is the power light is blinking two to four times
a second which I don't remember seeing (but I'm not sure if it's supposed
to blink).
I'm hooked directly to the rooftop antenna/radio right now so at least one
computer will be OK.
If it's bricked, I might try the WRT54G revival guide:
http://www.linksysinfo.org/index.php?threads/the-wrt54g-revival-guide.15815
Or maybe even Tomato or DD-WRT (although I'm merely a basic home user).
Shadow
May 13, 2012, 5:36:08 PM5/13/12
to
On Sun, 13 May 2012 13:54:07 -0500, VanguardLH <V...@nguard.LH> wrote:
>Did you enable MAC filtering and add the MAC addresses for just your
>intranet hosts so only they can connect to the router?
When I was a wireless hacker, I would spoof the MAC address
>Did you enable MAC filtering and add the MAC addresses for just your
>intranet hosts so only they can connect to the router?
without even thinking about it.
Not really worth the trouble setting up MAC filtering.
The hard bit is the password cracking.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
William Bonner
May 13, 2012, 7:22:41 PM5/13/12
to
On Sun, 13 May 2012 18:36:08 -0300, Shadow wrote:
> Not really worth the trouble setting up MAC filtering.
> The hard bit is the password cracking
I've read much of what Jeff L. has said time and time again, so ...
> Not really worth the trouble setting up MAC filtering.
> The hard bit is the password cracking
a) I don't bother hiding the SSID
b) I don't bother with MAC address filtering
c) I use a non-dictionary SSID & passphrase
Of course, if I have a keylogger trojan on the network, that will negate
everything ... or it may have been a glitch in the power that reset the
router to defaults. I'm surprised - because it never happened before and
I've had the router for years ... but ... either way ...
My problem now is that the router is (apparently) bricked.
Q: Does anyone know if the router power light should be flashing or solid?
Q: How long 'does' it take to do a firmware upgrade?
Ant
May 13, 2012, 7:44:15 PM5/13/12
to
On 5/13/2012 2:20 PM PT, William Bonner typed:
Yeah. Also, try posting on Linksys forum. Good luck. Aren't computer
problems fun? I hate doing firmware problems and upgrades! :(
--
"I've been on some fairways that are as good as the greens we putted on
back then. We had crab grass. I remember one green where I putted
through ants." --Sam Snead
problems fun? I hate doing firmware problems and upgrades! :(
--
"I've been on some fairways that are as good as the greens we putted on
back then. We had crab grass. I remember one green where I putted
through ants." --Sam Snead
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
A song is/was playing on this computer: 505 - Blue Period
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Shadow
May 13, 2012, 9:14:26 PM5/13/12
to
On Sun, 13 May 2012 16:22:41 -0700, William Bonner <wbo...@gma.com>
wrote:
>I've read much of what Jeff L. has said time and time again, so ...
>a) I don't bother hiding the SSID
>b) I don't bother with MAC address filtering
>c) I use a non-dictionary SSID & passphrase
V. Good
router. Always use a temporary cable for that.
minute. That includes the re-boot.
Your upgrade took way too long.
wrote:
>I've read much of what Jeff L. has said time and time again, so ...
>a) I don't bother hiding the SSID
>b) I don't bother with MAC address filtering
>c) I use a non-dictionary SSID & passphrase
>
>Of course, if I have a keylogger trojan on the network, that will negate
>everything ... or it may have been a glitch in the power that reset the
>router to defaults. I'm surprised - because it never happened before and
>I've had the router for years ... but ... either way ...
Never allow wireless access to your admin account on the
>Of course, if I have a keylogger trojan on the network, that will negate
>everything ... or it may have been a glitch in the power that reset the
>router to defaults. I'm surprised - because it never happened before and
>I've had the router for years ... but ... either way ...
router. Always use a temporary cable for that.
>
>My problem now is that the router is (apparently) bricked.
Probably
>My problem now is that the router is (apparently) bricked.
>
>Q: Does anyone know if the router power light should be flashing or solid?
>Q: How long 'does' it take to do a firmware upgrade?
I use a Netgear. 1 to 2 minutes. I've used D-link. Just over a
>Q: Does anyone know if the router power light should be flashing or solid?
>Q: How long 'does' it take to do a firmware upgrade?
minute. That includes the re-boot.
Your upgrade took way too long.
Jeff Liebermann
May 13, 2012, 10:20:37 PM5/13/12
to
On Sun, 13 May 2012 14:07:15 -0700, William Bonner <wbo...@gma.com>
wrote:
>I know you're one of (if not the) most respected guy on this forum so I do
>appreciate your advice.
Hang on while I polish my ego.
>I'm in the Santa Cruz mountains (like you) and we
>do get glitches in the power a lot. Seems to go down once a month
>sometimes, and other times it lasts for six months before the generator
>kicks in.
That's fairly typical for a low end consumer router. I have a home
made power line logger running at my palatical office looking for
power line glitches. It's fairly crude and only catches the big
glitches. We've had major two power glitches in the area during the
last week. I've been getting calls for dealing with hung routers,
modems, and computahs all week. It sometimes takes several days for
the effects of the glitch to show up. All that needs to happen is for
the glitch to trip one bit in RAM. No problem until the device needs
to use that bit. Then, it goes nuts. ECC RAM is not used on
commodity routers.
>So, maybe that's what happened.
Highly likely. I can see a wireless attack in a crowded metro area,
but not in the sparcely populated hills. Attacks from the internet
are possible, but unless the router has some built in vulnerabilities,
is grossly misconfigured, or is sensitive to malformed packets, it's
not going to happen. Just in case, try:
<http://www.pcflank.com/exploits.htm>
It's old and incomplete, but I'm still finding modern routers that
fail some of the exploit tests.
>But, now it's even worse. With the router reset to defaults, I had no
>problem logging in. I decided to update the firmware, just in case, using
>the file FW_WRT54Gv5v6_1.02.8.001_US_20091005.bin downloaded from the
>Linksys site for the v5 that I have.
>
>This process went on for hours ... from about 11:00 to about 1:30 when I
>finally gave up and pulled the plug. (BTW, how long 'should' a firmware
>upgrade take anyway?).
The update should take about 60 seconds plus reboot time. Something
went wrong. Hopefully, you didn't try to do the upgrade via a
wireless connection. That's usually a guaranteed disaster.
Checking the web site, you have the correct version:
<http://homesupport.cisco.com/en-us/support/routers/WRT54G>
No checksum, so I have no way to verify if it was correctly
downloaded. You might want to try another download just to be sure.
>Now I can't get anything to work on the Linksys router. No connection.
It's bricked, but probably not fatal.
>Two questions:
>Q1: How long should it take for firmware to install itself?
>(I gave up after almost 3 hours)
About 60 seconds plus a reboot.
>Q2: Should the power light be constantly blinking or should it be steady?
>(Mine is blinking)
Nope. That means there's a checksum error in the firmware.
I would normally consider this a great opportunity to purchase a new
router and get rid of the v5 abomination. However, if you want to
raise the dead, try this simple test:
1. Power OFF the router.
2. Temporarily set your computah to a static IP address of
192.168.1.99.
3. Start a continuous ping to 192.168.1.1 For Windoze, that's
ping -t 192.168.1.1
Don't worry if you see errors at this point. If you don't have TFTP:
<http://www.dd-wrt.com/dd-wrtv2/downloads/others/tornado/Windows-TFTP/tftp2.exe>
IP=192.168.1.1
no password - leave blank
select the firmware
set retries to 99
4. Apply power to the router. You should see proper returns from the
pings after about 8 seconds. The returns will revert to errors after
about 5 more seconds. Try to record the times. You'll need them.
5. If you get proper returns in the previous step, there is hope.
6. Rename the firmware to "code.bin". This might also be a good time
to try loading the mini version of DD-WRT.
7. Under Windoze, type the following onto the command line (in a cmd
window):
tftp -i 192.168.1.1 PUT code.bin code.bin
Do not hit enter quite yet. Do not hit enter quite yet. Do not hit
enter quite yet. Do not hit enter quite yet. Got that? If you're
using tftp book, get ready to hit the start button.
8. Apply power to router and start counting seconds. The idea is to
start the TFTP program in the middle of when the pings were correctly
returned. You may have to do this several times to get it right.
9. When you hit enter, nothing should happen until code.bin is
properly uploaded. You'll get a message about ok to reboot (it varies
with the firmware). Ignore it and do nothing for at least 5 minutes.
Go get some coffee and keep your fingers off the keyboard. After 5
mins, pull the power to the router, wait for it to boot, and see if
you can get to the management page at 192.168.1.1.
10. If that works, don't foget to change the static IP address of the
computah back to DHCP. If it doesn't work, try again, or just get a
better router.
Some notes (and complications):
wrote:
>I know you're one of (if not the) most respected guy on this forum so I do
>appreciate your advice.
>I'm in the Santa Cruz mountains (like you) and we
>do get glitches in the power a lot. Seems to go down once a month
>sometimes, and other times it lasts for six months before the generator
>kicks in.
made power line logger running at my palatical office looking for
power line glitches. It's fairly crude and only catches the big
glitches. We've had major two power glitches in the area during the
last week. I've been getting calls for dealing with hung routers,
modems, and computahs all week. It sometimes takes several days for
the effects of the glitch to show up. All that needs to happen is for
the glitch to trip one bit in RAM. No problem until the device needs
to use that bit. Then, it goes nuts. ECC RAM is not used on
commodity routers.
>So, maybe that's what happened.
but not in the sparcely populated hills. Attacks from the internet
are possible, but unless the router has some built in vulnerabilities,
is grossly misconfigured, or is sensitive to malformed packets, it's
not going to happen. Just in case, try:
<http://www.pcflank.com/exploits.htm>
It's old and incomplete, but I'm still finding modern routers that
fail some of the exploit tests.
>But, now it's even worse. With the router reset to defaults, I had no
>problem logging in. I decided to update the firmware, just in case, using
>the file FW_WRT54Gv5v6_1.02.8.001_US_20091005.bin downloaded from the
>Linksys site for the v5 that I have.
>
>This process went on for hours ... from about 11:00 to about 1:30 when I
>finally gave up and pulled the plug. (BTW, how long 'should' a firmware
>upgrade take anyway?).
went wrong. Hopefully, you didn't try to do the upgrade via a
wireless connection. That's usually a guaranteed disaster.
Checking the web site, you have the correct version:
<http://homesupport.cisco.com/en-us/support/routers/WRT54G>
No checksum, so I have no way to verify if it was correctly
downloaded. You might want to try another download just to be sure.
>Now I can't get anything to work on the Linksys router. No connection.
>Two questions:
>Q1: How long should it take for firmware to install itself?
>(I gave up after almost 3 hours)
>Q2: Should the power light be constantly blinking or should it be steady?
>(Mine is blinking)
I would normally consider this a great opportunity to purchase a new
router and get rid of the v5 abomination. However, if you want to
raise the dead, try this simple test:
1. Power OFF the router.
2. Temporarily set your computah to a static IP address of
192.168.1.99.
3. Start a continuous ping to 192.168.1.1 For Windoze, that's
ping -t 192.168.1.1
Don't worry if you see errors at this point. If you don't have TFTP:
<http://www.dd-wrt.com/dd-wrtv2/downloads/others/tornado/Windows-TFTP/tftp2.exe>
IP=192.168.1.1
no password - leave blank
select the firmware
set retries to 99
4. Apply power to the router. You should see proper returns from the
pings after about 8 seconds. The returns will revert to errors after
about 5 more seconds. Try to record the times. You'll need them.
5. If you get proper returns in the previous step, there is hope.
6. Rename the firmware to "code.bin". This might also be a good time
to try loading the mini version of DD-WRT.
7. Under Windoze, type the following onto the command line (in a cmd
window):
tftp -i 192.168.1.1 PUT code.bin code.bin
Do not hit enter quite yet. Do not hit enter quite yet. Do not hit
enter quite yet. Do not hit enter quite yet. Got that? If you're
using tftp book, get ready to hit the start button.
8. Apply power to router and start counting seconds. The idea is to
start the TFTP program in the middle of when the pings were correctly
returned. You may have to do this several times to get it right.
9. When you hit enter, nothing should happen until code.bin is
properly uploaded. You'll get a message about ok to reboot (it varies
with the firmware). Ignore it and do nothing for at least 5 minutes.
Go get some coffee and keep your fingers off the keyboard. After 5
mins, pull the power to the router, wait for it to boot, and see if
you can get to the management page at 192.168.1.1.
10. If that works, don't foget to change the static IP address of the
computah back to DHCP. If it doesn't work, try again, or just get a
better router.
Some notes (and complications):
Jeff Liebermann
May 13, 2012, 10:35:11 PM5/13/12
to
On Sun, 13 May 2012 18:36:08 -0300, Shadow <S...@dow.br> wrote:
>When I was a wireless hacker, I would spoof the MAC address
>without even thinking about it.
Once a wireless hacker, always a wireless hacker.
>When I was a wireless hacker, I would spoof the MAC address
>without even thinking about it.
> Not really worth the trouble setting up MAC filtering.
using about 10 assorted IBM Thinkpads of varying vintage. Some were
sufficiently old that they only supported WEP. There was also a wi-fi
range extender (repeater) that would only pass WEP. However, the
customer was not comfortable with using easily crackable WEP. So, I
added MAC address filtering to the security obstacle course. It
really wasn't necessary because they live in the deep dark forest and
know all the neighbors. Still, it made him feel better.
> The hard bit is the password cracking.
I'll extract a usable portable hash key. Much easier than over the
air pass phrase cracking.
<http://www.nirsoft.net/utils/wireless_key.html>
William Bonner
May 13, 2012, 11:16:41 PM5/13/12
to
On Sun, 13 May 2012 19:20:37 -0700, Jeff Liebermann wrote:
> The update should take about 60 seconds plus reboot time.
Hmm... that's what I needed to know. Bummer.
> The update should take about 60 seconds plus reboot time.
Something definitely went wrong.
>>Q2: Should the power light be constantly blinking or should it be steady?
>>(Mine is blinking)
> Nope. That means there's a checksum error in the firmware.
blinking three or four times a second (or so).
As for the recovery procedure ... I'll get ready for that and respond
when/if it works!
Thanks.
William Bonner
May 14, 2012, 12:30:23 AM5/14/12
to
On Sun, 13 May 2012 20:16:41 -0700, William Bonner wrote:
> As for the recovery procedure ... I'll get ready for that and respond
> when/if it works!
Whew! The version 5 Linksys WRT54G is back in business!
> As for the recovery procedure ... I'll get ready for that and respond
> when/if it works!
After unplugging everything but power, I did the 30/30/30 procedure which
was to hold the button for the entire 90 seconds - the first 30 while the
unit is powered - the second 30 while the power cord is removed - and the
third 30 seconds while the power is back on. Then I let go of the reset
button.
Following Jeff's hint, I again downloaded the same file I had downloaded
before - overwriting the old file for my WRT54G version 5 router:
http://homesupport.cisco.com/en-us/support/routers/WRT54G
I then pinged 192.168.1.1 and this worked (much to my surprise) even though
the power light was still blinking and no other light was on (not even the
"CiscoSystems" orange light).
I opened up Firefox and went to 192.168.1.1 and was surprised to see:
Management Mode Firmware Upgrade
So, I hit the "Browse" button and then the "Apply" button and ... lo and
behold, after about 2 minutes and much flashing of the LAN light on the
router, the web page changed to "Upgrade Success".
I was worried because the power light still blinked for about two minutes
or so, but then it settled down, and now is a solid green!
I was able to log into the router at 192.168.1.1 and immediately noticed I
was at version 1.02.8 (plus the blue color changed in tone).
Thanks for all your help! I've disabled wireless access to the router just
in case it 'was' an intruder. Also I noticed this setting by default:
Wireless->Advanced Wireless Settings->Secure Easy Setup->Enable
Googling for "Linksys Secure Easy Setup" I find PC Magazine loves the
feature ...
http://www.pcmag.com/article2/0,2817,1854719,00.asp
But, I also find a 1/21/2012 Cisco security vulnerability bulletin:
http://tinyurl.com/7uu38cs
http://homecommunity.cisco.com/t5/Wireless-Routers/WRT54G-Secure-Easy-Setup-SES-Security-Vulnerability/td-p/483796
It's also described by Cert:
http://www.kb.cert.org/vuls/id/723755
Vulnerability Note VU#723755
WiFi Protected Setup (WPS) PIN brute force vulnerability
So, I disabled the "Secure Easy Setup" and the orange Cisco light went out!
I wasn't sure if this flaw was related to WPA2/PSK but apparently it is.
According to Wikipedia http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
"The flaw allows a remote attacker to recover the WPS PIN and, with it, the
network's WPA/WPA2 pre-shared key in a few hours".
Maybe that's what happened to me?
William Bonner
May 14, 2012, 12:57:52 AM5/14/12
to
On Sun, 13 May 2012 10:34:10 -0700, William Bonner wrote:
> Can a Linksys home broadband router be reset by an intruder on the net?
UPDATE:
> Can a Linksys home broadband router be reset by an intruder on the net?
Apparently my Linksys WRT54G v5 router 'can' be reset by an intruder and/or
by a glitch in the power line. Drat!
To make it harder for the 'next' intruder, I realized belatedly we should
all turn OFF the Linksys/Cisco/ "Secure Easy Setup" feature!
Beware, it's not only Linksys that is affected by the SES vulnerability.
According to CERT, these companies are affected by the vulnerability:
1. Belkin, Inc. Affected - 10 May 2012
2. Buffalo Inc Affected - 10 May 2012
3. Cisco Systems, Inc. Affected - 10 May 2012
4. D-Link Systems, Inc. Affected 05 Dec 2011 10 May 2012
5. Linksys/Cisco Affected 05 Dec 2011 10 May 2012
6. Netgear, Inc. Affected 05 Dec 2011 10 May 2012
7. Technicolor Affected - 10 May 2012
8. TP-Link Affected - 10 May 2012
9. ZyXEL
The CERT advisory is:
http://www.kb.cert.org/vuls/id/723755
Here is a pictorial look at what I did AFTER my router was bricked:
0. I ran the 30/30/30 procedure which left the power light blinking but
allowed me to ping the router. This was a good sign.
http://www4.picturepush.com/photo/a/8252512/640/8252512.gif
1. In a browser, I went to 192.168.1.1 and was happy to see the Management
Mode Firmware Upgrade page. I downloaded a 'new' Firmware upgrade and
browsed to it and hit the "apply" button.
http://www1.picturepush.com/photo/a/8252514/640/8252514.gif
2. After only a couple of minutes, I saw the Upgrade Success notification
in the browser:
http://www3.picturepush.com/photo/a/8252516/640/8252516.gif
3. Logging into 192.168.1.1, I immediately noticed a different shade of
blue and that the firmware had been updated to version 1.02.8.
http://www5.picturepush.com/photo/a/8252518/640/8252518.gif
4. In my googling, I had found the CERT vulnerability so I disabled
Wireless -> Advanced Wireless Settings -> Secure Easy Setup -> Disabled
http://www2.picturepush.com/photo/a/8252520/640/8252520.gif
Hopefully, with a new non-dictionary SSID, non-dictionary password, a
rather long WPA2-PSK/AES key, & with remote management and wireless web
access disabled, I'm a bit more secure from outside hacking (if that's what
had happened).
I didn't bother hiding the SSID or filtering the MAC address based on
advice previously provided in this forum.
Minor question:
Q: Does setting the administrator access to https buy me any security over
http?
Jeff Liebermann
May 14, 2012, 2:45:17 AM5/14/12
to
On Sun, 13 May 2012 21:57:52 -0700, William Bonner <wbo...@gma.com>
wrote:
>Q: Does setting the administrator access to https buy me any security over
>http?
No. All that does is prevent anyone from sniffing the wireless
traffic and extracting your admin password and WPA2 key if they were
able to capture a WPA2 setup session.
Congrats. What the 30/30/30 did was wipe the firmware completely
leaving only the TFTP loader and in your case, the initial firmware
loader. I forgot about that. It doesn't appear in all models.
>Maybe that's what happened to me?
Maybe, but I don't think so. I've always assumed that using WPS
requires that the button on the router be pressed in order to start
the WPS session. I can't currently determine if it's really required,
or if WPS is running all the time. I'll check later (time
permitting).
<http://www.pcworld.com/businesscenter/article/247118/two_new_tools_exploit_router_security_setup_problem.html>
"Further, some access points don't provide an option
to disable WPS or don't actually disable WPS when the
owner tells it to."
Groan...
Linksys has only fixed the WPS vulnerability problem on newer models.
I don't expect a fix for the WRT54G.
<http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154>
That's from Jan 27, 2012. Since then there have been fixes for E1200
v2, E1500, E3200, and E4200 v1. Note that the WRT54G is not listed,
probably because it's not a currently selling product. If you must
use WPS/SES/AOSS/EZ-SETUP, I suggest you get an alternative firmware,
such as DD-WRT.
11,000 attempts works out to 9 hrs maximum. When I tried Reaver, I
was able to recover the PIN in about 6 hrs at about 1.5 seconds per
attempt. I only tried it once:
<http://code.google.com/p/reaver-wps/wiki/README>
It generated considerable wireless traffic, which was easily detected.
More:
<http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-fi-wps-vulnerability/>
wrote:
>Q: Does setting the administrator access to https buy me any security over
>http?
traffic and extracting your admin password and WPA2 key if they were
able to capture a WPA2 setup session.
Congrats. What the 30/30/30 did was wipe the firmware completely
leaving only the TFTP loader and in your case, the initial firmware
loader. I forgot about that. It doesn't appear in all models.
>Maybe that's what happened to me?
requires that the button on the router be pressed in order to start
the WPS session. I can't currently determine if it's really required,
or if WPS is running all the time. I'll check later (time
permitting).
<http://www.pcworld.com/businesscenter/article/247118/two_new_tools_exploit_router_security_setup_problem.html>
"Further, some access points don't provide an option
to disable WPS or don't actually disable WPS when the
owner tells it to."
Groan...
Linksys has only fixed the WPS vulnerability problem on newer models.
I don't expect a fix for the WRT54G.
<http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154>
That's from Jan 27, 2012. Since then there have been fixes for E1200
v2, E1500, E3200, and E4200 v1. Note that the WRT54G is not listed,
probably because it's not a currently selling product. If you must
use WPS/SES/AOSS/EZ-SETUP, I suggest you get an alternative firmware,
such as DD-WRT.
11,000 attempts works out to 9 hrs maximum. When I tried Reaver, I
was able to recover the PIN in about 6 hrs at about 1.5 seconds per
attempt. I only tried it once:
<http://code.google.com/p/reaver-wps/wiki/README>
It generated considerable wireless traffic, which was easily detected.
More:
<http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-fi-wps-vulnerability/>
Arklin K.
May 14, 2012, 1:31:35 PM5/14/12
to
On Sun, 13 May 2012 23:45:17 -0700, Jeff Liebermann wrote:
> "Further, some access points don't provide an option to disable WPS
> or don't actually disable WPS when the owner tells it to."
My Linksys WRT54G version 5.0 has the option to disable secure easy setup
> "Further, some access points don't provide an option to disable WPS
> or don't actually disable WPS when the owner tells it to."
but I can't find out from Linksys if that option actually works.
http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154
They say nothing about the WRT54G here either:
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/
cisco-sr-20120111-wps
I called Cisco technical support three times:
1-877-770-4113
They didn't know what I was talking about.
They gave me two more numbers to call:
1-800-326-7114 Cisco Consumer Support for Linksys
1-800-546-7597
They answer pretty quickly but none have a clue.
Jeff Liebermann
May 14, 2012, 3:17:07 PM5/14/12
to
However, I won't have much time to do anything until later in the
week.
Meanwhile, if you have a Linux box, try running Reaver:
<http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154>
and see how it responds to WPS traffic with it enabled and then
disabled in the router. Also try it before and after punching the SES
button on the front. I would do this for you except that I just
upgraded my Ubuntu box to 12.04 which broke most of my highly modified
wireless drivers and programs. Maybe I'll try to build it on my Mac
instead.
Char Jackson
May 14, 2012, 6:35:13 PM5/14/12
to
On Mon, 14 May 2012 12:17:07 -0700, Jeff Liebermann <je...@cruzio.com>
wrote:
The bundled Reaver solution, Reaver Pro, could be an option for folks
who don't have the time, the knowledge, or a compatible radio. The
cost, $99.99, is a bitter pill, however.
<http://hakshop.myshopify.com/products/reaver-pro>
Any comments?
wrote:
who don't have the time, the knowledge, or a compatible radio. The
cost, $99.99, is a bitter pill, however.
<http://hakshop.myshopify.com/products/reaver-pro>
Any comments?
Jeff Liebermann
May 14, 2012, 11:52:16 PM5/14/12
to
On Mon, 14 May 2012 17:35:13 -0500, Char Jackson <no...@none.invalid>
wrote:
>The bundled Reaver solution, Reaver Pro, could be an option for folks
>who don't have the time, the knowledge, or a compatible radio. The
>cost, $99.99, is a bitter pill, however.
><http://hakshop.myshopify.com/products/reaver-pro>
>Any comments?
Yeah... I don't like commercialized attacker tools. It's one thing to
disclose vulnerabilities to improve security and generally do the
everyone a favor. It's another to provide a tool kit designed solely
for breaking and entry.
--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558
# http://802.11junk.com je...@cruzio.com
# http://www.LearnByDestroying.com AE6KS
wrote:
>The bundled Reaver solution, Reaver Pro, could be an option for folks
>who don't have the time, the knowledge, or a compatible radio. The
>cost, $99.99, is a bitter pill, however.
><http://hakshop.myshopify.com/products/reaver-pro>
>Any comments?
disclose vulnerabilities to improve security and generally do the
everyone a favor. It's another to provide a tool kit designed solely
for breaking and entry.
--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558
# http://802.11junk.com je...@cruzio.com
# http://www.LearnByDestroying.com AE6KS
Char Jackson
May 15, 2012, 12:44:45 AM5/15/12
to
On Mon, 14 May 2012 20:52:16 -0700, Jeff Liebermann <je...@cruzio.com>
wrote:
>On Mon, 14 May 2012 17:35:13 -0500, Char Jackson <no...@none.invalid>
>wrote:
>
somewhere, would use it to check for the vulnerability or to prove to
themselves that turning it off in firmware actually disables it, but I
suppose you're right.
wrote:
>On Mon, 14 May 2012 17:35:13 -0500, Char Jackson <no...@none.invalid>
>wrote:
>
>>Any comments?
>
>Yeah... I don't like commercialized attacker tools. It's one thing to
>disclose vulnerabilities to improve security and generally do the
>everyone a favor. It's another to provide a tool kit designed solely
>for breaking and entry.
Thanks, hard to argue with that. I was thinking that someone,
>
>Yeah... I don't like commercialized attacker tools. It's one thing to
>disclose vulnerabilities to improve security and generally do the
>everyone a favor. It's another to provide a tool kit designed solely
>for breaking and entry.
somewhere, would use it to check for the vulnerability or to prove to
themselves that turning it off in firmware actually disables it, but I
suppose you're right.
Arklin K.
May 15, 2012, 6:08:41 AM5/15/12
to
I'm confused about the terms.
Is this a correct attempt at simplifying the terms?
SES = Secure Easy Setup = an "easy setup feature" (such as the push
button on the WRT54Gv5 router)
WPA = Wi-Fi Protected Access = a "security protocol" designed in 1999 to
supercede WEP (see also WPA2 & WPA2/PSK)
WPS = Wi-Fi Protected Setup = a "certification standard" that allows 4
methods of easy setup (PIN, button, near-field, usb)
Regarding the router vulnerability flaw, is this the correct summary?
SES ==> This is not what's vulnerable with respect to that CERT advisory
(http://www.kb.cert.org/vuls/id/723755)
WPA ==> This is not what's vulnerable with respect to that CERT advisory
(neither is WPA2, nor WPA2/PSK)
WPS ==> This is what's vulnerable!
Is this a correct attempt at simplifying the terms?
SES = Secure Easy Setup = an "easy setup feature" (such as the push
button on the WRT54Gv5 router)
WPA = Wi-Fi Protected Access = a "security protocol" designed in 1999 to
supercede WEP (see also WPA2 & WPA2/PSK)
WPS = Wi-Fi Protected Setup = a "certification standard" that allows 4
methods of easy setup (PIN, button, near-field, usb)
Regarding the router vulnerability flaw, is this the correct summary?
SES ==> This is not what's vulnerable with respect to that CERT advisory
(http://www.kb.cert.org/vuls/id/723755)
WPA ==> This is not what's vulnerable with respect to that CERT advisory
(neither is WPA2, nor WPA2/PSK)
WPS ==> This is what's vulnerable!
Jeff Liebermann
May 15, 2012, 10:31:28 AM5/15/12
to
WPA/WPA2 encryption pass phrase from the router to a new wireless
client securely. The idea is to make it easy to setup a new computer
on a wireless network without having to type in a long and ugly
WPA/WPA2 pass phrase.
SES (Linksys - Secure Easy Setup),
AOSS (Buffalo - AirStation One-Touch Secure System),
EZ-SETUP (Asus)
Jumpstart (Atheros, Broadcom),
are implimentations and individual trademarks for WPS (Wi-Fi Protected
Setup). If WPS is vulnerable, they all are vulnerable (unless they
fixed the problem).
Arklin K.
May 15, 2012, 6:57:54 PM5/15/12
to
On Tue, 15 May 2012 07:31:28 -0700, Jeff Liebermann wrote:
> SES (Linksys - Secure Easy Setup),
> SES (Linksys - Secure Easy Setup),
> If WPS is vulnerable, they all are vulnerable (unless they
> fixed the problem).
The question, I guess, is whether the WRT54Gv5 implements the PIN feature
> fixed the problem).
of WPS, along with the button feature of SES.
I don't that answer - but it's the critical question.
I 'guess' I could test it out by trying to crack my own system!
1. http://www.tacnetsol.com/products/
2. http://hakshop.myshopify.com/products/reaver-pro
3. http://code.google.com/p/reaver-wps/wiki/HintsAndTips
etc.
Arklin K.
May 16, 2012, 3:02:52 AM5/16/12
to
On Tue, 15 May 2012 22:57:54 +0000, Arklin K. wrote:
> I 'guess' I could test it out by trying to crack my own system!
> 1. http://www.tacnetsol.com/products/
> 2. http://hakshop.myshopify.com/products/reaver-pro 3.
> http://code.google.com/p/reaver-wps/wiki/HintsAndTips etc.
S'more references ...
> I 'guess' I could test it out by trying to crack my own system!
> 1. http://www.tacnetsol.com/products/
> 2. http://hakshop.myshopify.com/products/reaver-pro 3.
> http://code.google.com/p/reaver-wps/wiki/HintsAndTips etc.
http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
Scapy: http://www.secdev.org/projects/scapy/
The most amazing irony, to me, is that I can't find a thing about this
vulnerability on the entire WiFi Alliance web site.
http://www.wi-fi.org/knowledge-center/featured-topics/security
How can that be?
Jolly polly
May 20, 2012, 12:31:27 PM5/20/12
to
"William Bonner" <wbo...@gma.com> wrote in message
news:joorbo$ulg$1...@speranza.aioe.org...
> What just happened is clear ... but HOW it happened ... is not clear to
> me.
>
> Here's what happened:
> 1. I was home with my PC connected wirelessly to my Linksys WRT54G router
> 2. The connection was WPA2/PSK with wireless administrator access
> 'enabled'
> 3. The connection went down; the router disappeared from view
> 4. Shortly thereafter, the strongest signal was SSID=linksys
> 5. My teen-age kid experienced the same thing - at the same time
> 6. Only the kid & I were home so NOBODY physically touched the router!
> 7. Yet, the Linksys WRT54Gv5 router was clearly reset back to defaults.
>
> How can that happen without anyone pressing the reset button?
> How can that happen without anyone pressing the reset button?
> Can a Linksys home broadband router be reset by an intruder on the net?
I can't answer how this happened, sorry.
But I can confirm that it does happen and not only with Linksys. I've seen
it with EnGenius routers as well as Linksys.
Arklin K.
May 22, 2012, 9:32:50 PM5/22/12
to
On Wed, 16 May 2012 07:02:52 +0000, Arklin K. wrote:
> The most amazing irony, to me, is that I can't find a thing about this
> vulnerability on the entire WiFi Alliance web site.
> http://www.wi-fi.org/knowledge-center/featured-topics/security
>
> How can that be?
Those who would give up essential security to purchase a little
> The most amazing irony, to me, is that I can't find a thing about this
> vulnerability on the entire WiFi Alliance web site.
> http://www.wi-fi.org/knowledge-center/featured-topics/security
>
> How can that be?
temporary convenience, deserve neither security nor convenience.
(Appologies to Ben Franklin).
Apologies to Jeff L.
Jeff Liebermann
May 23, 2012, 11:42:32 AM5/23/12
to
You won't find anything from Wi-Fi.org because they're not in the
business of testing for security issues. They simply certifify that
the device complies with various specifications.
Better questions might be why router security certification
organizations:
<https://www.icsalabs.com>
apparently don't test for this, why the major router vendors are
ignoring the problem on all but their currently selling products, and
why WPS can't be disabled on some routers (i.e. Netgear WNR1000)?
Arklin K.
May 23, 2012, 7:32:18 PM5/23/12
to
On Wed, 23 May 2012 08:42:32 -0700, Jeff Liebermann wrote:
> You won't find anything from Wi-Fi.org because ...
> They simply certifify that the device complies ...
OK. I guess that makes sense. Too bad though.
They have an FAQ, and they 'could' have mentioned it in the FAQ since any
compliant device is essentially useless as a secure router if left
compliant.
> Better questions might be why router security certification
> organizations: <https://www.icsalabs.com>
> apparently don't test for this, why the major router vendors are
> ignoring the problem on all but their currently selling products,
All good points!
Especially since any wi-fi certified device essentially has no security
unless/until you manage to disable wi-fi protected setup (WPS).
> why WPS can't be disabled on some routers (i.e. Netgear WNR1000)?
That's such a shame. It looks like 'many' routers can't effectively
disable WPS ... so that essentially makes those routers unsecure.
I'm curious about one oddity if I may ask about it:
Since this flaw negates all security, why isn't there a bigger push to
repair this flaw?
For example, how long have you guys known about this WPS flaw that I just
found out about?
> You won't find anything from Wi-Fi.org because ...
> They simply certifify that the device complies ...
OK. I guess that makes sense. Too bad though.
They have an FAQ, and they 'could' have mentioned it in the FAQ since any
compliant device is essentially useless as a secure router if left
compliant.
> Better questions might be why router security certification
> organizations: <https://www.icsalabs.com>
> apparently don't test for this, why the major router vendors are
> ignoring the problem on all but their currently selling products,
Especially since any wi-fi certified device essentially has no security
unless/until you manage to disable wi-fi protected setup (WPS).
> why WPS can't be disabled on some routers (i.e. Netgear WNR1000)?
disable WPS ... so that essentially makes those routers unsecure.
I'm curious about one oddity if I may ask about it:
Since this flaw negates all security, why isn't there a bigger push to
repair this flaw?
For example, how long have you guys known about this WPS flaw that I just
found out about?
Jeff Liebermann
May 23, 2012, 11:30:50 PM5/23/12
to
On Wed, 23 May 2012 23:32:18 +0000 (UTC), "Arklin K."
<ark...@notmyemail.com> wrote:
>Since this flaw negates all security, why isn't there a bigger push to
>repair this flaw?
Politics. If the industry doesn't admit or publicize that there's a
<ark...@notmyemail.com> wrote:
>Since this flaw negates all security, why isn't there a bigger push to
>repair this flaw?
problem, the GUM (great unwashed masses) and the media will not
consider it serious. Kinda like sticking one's head in the sand. If
you don't see it, it's not there.
Let's pretend that the affected manufacturers suddenly develop a
concience and decide to do the right thing. They could issue a recall
for all affected products claiming that it is "unsafe" to operate.
That would be amusing as everyone from Joe Sixpack to corporate
America simultaneously attempt to update their firmware, or replace
their router. Kinda like Y2K compressed into a few weeks. Obviously,
that's not going to happen.
The same strategy of ignoring the problem was adopted by the industry
with the chronic premature electrolytic capacitor failures that
pleague all modern electronics.
<http://en.wikipedia.org/wiki/Bad_caps>
The failure rates are very high, the solutions useless, and the
manufacturers are ignoring the problem. It should be listed as a
national quality disaster. Ask anyone outside of the industry, and
they've never heard of the "bad caps" problem. Same with the crappy
soldering on large BGA chips in laptops, which has been going on for
about 8 years with little improvement.
>For example, how long have you guys known about this WPS flaw that I just
>found out about?
it until about mid April 2012.
miso
May 26, 2012, 3:44:14 PM5/26/12
to
> For example, how long have you guys known about this WPS flaw that I just
> found out about?
The WPS bug was covered on the Linux Outlaws and TWIT's Security Now.
> found out about?
Jan 25th:
> http://twit.tv/show/security-now/337
Feb 2nd:
> http://sixgun.org/linuxoutlaws/249
Arklin K.
May 27, 2012, 12:51:33 AM5/27/12
to
On Sat, 26 May 2012 12:44:14 -0700, miso wrote:
> The WPS bug was covered on the Linux Outlaws and TWIT's Security Now.
> Jan 25th:
>> http://twit.tv/show/security-now/337
> Feb 2nd:
>> http://sixgun.org/linuxoutlaws/249
I had trouble finding the text of the first link but the second link was:
> The WPS bug was covered on the Linux Outlaws and TWIT's Security Now.
> Jan 25th:
>> http://twit.tv/show/security-now/337
> Feb 2nd:
>> http://sixgun.org/linuxoutlaws/249
Attack tool published for WiFi setup flaw; Cisco issues warning
Which said:
"In response to a public warning about design implementation flaws in Wi-
Fi Protected Setup (WPS), Cisco has published a list of vulnerable
products and is urging its customers to disable the feature until a
software fix is ready."
So, I guess you guys knew about it all along. But I had never heard of
"sixgun.org" and I doubt a lot of router owners like me know to go to
sixgun.org to find out about router security.
Seems to me there should be a more general news in the technews on this.
I wonder if we should email this story to others who publish USA-today-
style tech news.
Any suggestions whom to email this story to so they can get the word out
to your basic router owner like me?
George
May 27, 2012, 8:39:49 AM5/27/12
to
"automagic" features such as WPS and uPnP. If it makes it easy for users
it very likely makes it easier for bad guys.
miso
May 27, 2012, 5:17:32 PM5/27/12
to
> My basic rule when it comes to stuff like firewalls is to disable
> "automagic" features such as WPS and uPnP. If it makes it easy for users
> it very likely makes it easier for bad guys.
(xbox?). It should be turned off.
The linux outlaws are a good source for security bugs. Often they are
just ragging on Adobe (is there a crappier software company?) for their
flaws, but hardware bugs are mentioned as well. I don't recall the
brand, but there is a family of wifi TV cameras that can easily be
hacked due to some problem with how they configured the apache server.
Probably the worst security flaw I've seen of late is that Apple
imessage. The messages go out to the wrong people. Worse yet, there is
only one cypto key for every iphone/pad, so if you get a wrong message
sent to you, you can easily read it.
Axel Hammerschmidt
May 31, 2012, 11:38:33 AM5/31/12
to
Jeff Liebermann <je...@cruzio.com> wrote:
<snip
> why WPS can't be disabled on some routers (i.e. Netgear WNR1000)?
The PIN method itself can be disbled on Netgear's WNR1000v2.
Se <http://support.netgear.com/app/answers/detail/a_id/19824>
: Since only the Router PIN method is vulnerable to brute force attack,
: NETGEAR recommends disabling this function to best protect your
: network from invasion.
:
: To disable the Router PIN method:
: 1. Login to the router GUI by typing www.routerlogin.net on an
: Internet browser's address bar. Note: Default logins are: Username =
: admin, Password = password.
: 2. Go to Advanced Setup menu and select Wireless Settings.
: 3. Under WPS settings, put a check mark on Disable Router's PIN box.
: 4. Hit Apply button to save settings.
So there :-)
Leaves PBC intact. I think.
--
Not him on Facebook
<snip
> why WPS can't be disabled on some routers (i.e. Netgear WNR1000)?
Se <http://support.netgear.com/app/answers/detail/a_id/19824>
: Since only the Router PIN method is vulnerable to brute force attack,
: NETGEAR recommends disabling this function to best protect your
: network from invasion.
:
: To disable the Router PIN method:
: 1. Login to the router GUI by typing www.routerlogin.net on an
: Internet browser's address bar. Note: Default logins are: Username =
: admin, Password = password.
: 2. Go to Advanced Setup menu and select Wireless Settings.
: 3. Under WPS settings, put a check mark on Disable Router's PIN box.
: 4. Hit Apply button to save settings.
So there :-)
Leaves PBC intact. I think.
--
Not him on Facebook
Jeff Liebermann
May 31, 2012, 12:03:48 PM5/31/12
to
didn't see that setting when I checked the various menus. I'll also
confess to not checking the Netgear web pile. The router is V1, not
V2, but that probably makes no difference.
>Leaves PBC intact. I think.
--
Axel Hammerschmidt
May 31, 2012, 1:49:08 PM5/31/12
to
Jeff Liebermann:
<snip>
>>So there :-)
>
> Thanks. I'll fix it when I visit the customer on Monday or Tues.
> I didn't see that setting when I checked the various menus. I'll
> also confess to not checking the Netgear web pile. The router is
> V1, not V2, but that probably makes no difference.
>
>>Leaves PBC intact. I think.
It does.
BTW. There was a firmware update for mine, when I checked.
F/W v1.1.2.50 - changes the menu items to tiles, ugh!
--
Banned from Version2.dk for writing a Firesheep script.
<snip>
>>So there :-)
>
> Thanks. I'll fix it when I visit the customer on Monday or Tues.
> I didn't see that setting when I checked the various menus. I'll
> also confess to not checking the Netgear web pile. The router is
> V1, not V2, but that probably makes no difference.
>
>>Leaves PBC intact. I think.
BTW. There was a firmware update for mine, when I checked.
F/W v1.1.2.50 - changes the menu items to tiles, ugh!
--
Banned from Version2.dk for writing a Firesheep script.
Jeff Liebermann
May 31, 2012, 10:13:31 PM5/31/12
to
On 31 May 2012 17:49:08 GMT, Axel Hammerschmidt <hl...@hotmail.com>
wrote:
>BTW. There was a firmware update for mine, when I checked.
>F/W v1.1.2.50 - changes the menu items to tiles, ugh!
v1 is still at v1.0.1.15 dated 10/30/2011. No tiles.
Get used to tiles. It's that latest is retro desktop fashions,
bringing windows back to its roots as in Windoze 1.0 tiles. Also,
notice the similarity between Windoze 8 tiles (Metro) and the typical
ATM teller machine user interface. Hmm....
>Banned from Version2.dk for writing a Firesheep script.
Nicely done. However, that was a year ago. Are you still banned?
wrote:
>BTW. There was a firmware update for mine, when I checked.
>F/W v1.1.2.50 - changes the menu items to tiles, ugh!
Get used to tiles. It's that latest is retro desktop fashions,
bringing windows back to its roots as in Windoze 1.0 tiles. Also,
notice the similarity between Windoze 8 tiles (Metro) and the typical
ATM teller machine user interface. Hmm....
>Banned from Version2.dk for writing a Firesheep script.
0 new messages