| reply to RUdude0884a
Remote access problem. Just tried connecting to the WAN IP address via my browser and was able to get the login screen and successfully log in to my Linksys BEFSR41 v1 router. Remote management and remote upgrade are both off so something is definitely not right. That make two problems I've seen others post about and that I've now experienced too. |
|
 dq1
@manc.broadband.ntl.c | I used to be able to access the wan address using the previous firmware too (through LAN ports). Try doing it through the WAN port - I think mine blocks it properly through the WAN port. |
|
| reply to RUdude0884a
WAN fix. I figured out how to prevent the login prompt from coming up when connecting to the WAN IP address. Make sure "Filter Internet NAT Redirection" is off or this won't work. Next set up forwarding so that port 80 is forwarded to a non-existent LAN IP address. That's it. Now, I'm not sure if trying to connect to the WAN IP address from a remote computer brings up the login screen or not but I figure why take the chance? There is no reason for it since I do all router config from the LAN side anyways. |
|
 jbobReach Out and Touch SomeonePremium
join:2004-04-26
Little Rock, AR | I'm not gonna say what you have found is not a problem but that is not a valid check of the router login page. You have to attempt access from the WAN side which means outside of the router not inside your own LAN. Not saying that one doesn't need to worry about it from inside ones own LAN but we are more worried about it if someone can access the router login screen from the internet. |
|
| Stuff like this doesn't help either:
»www.securitytracker.com/alerts/2···357.html
I'm aware testing from inside my LAN by connecting to the WAN address isn't a good test. Don't have the means to test from a remote point outside my LAN unfortunately. Hoping someone using a pre-v3 BEFSR41 router can do a test to see if we're now affected too thanks to the latest firmware "fix". |
|
jbobReach Out and Touch SomeonePremium
join:2004-04-26
Little Rock, AR | True! I have another computer that I can dial-up and check. I have checked with the 1.45.7 firmware and it doesn't work, however Comcast, whihc I am on, blocks inbound ports 80 and 443 so I don't think I can even perform a valid check or even if it really matters. I think a valid check would only come from someone who can access their router on the WAN side with fully open ports or with a direct connection to the WAN side. |
|
 griff99Premium
join:2002-12-29
Merrimack, NH | I just confirmed on the v2 (and the v3 if anyone cares) that the remote management fails from the WAN side.
It is perfectly normal to access the WAN IP from the LAN side since the router knows about both of it's IP addresses. |
|
jbobReach Out and Touch SomeonePremium
join:2004-04-26
Little Rock, AR | griff99:
Can I ask how you accomplished the test? Do you know if the ISP you are using to connect your router does or does not block inbound ports 80 and 443? If you want to verify this you have to run the Shields Up test at GRC or something similar and not be behind the router. |
|
griff99Premium
join:2002-12-29
Merrimack, NH | I have some at my office, so I plugged them into the network via the WAN port and via DHCP they obtained addresses. Then from another system on that same network I tried to access those ports both 80 and 443, eventually the connection times out. Then I took it one step further and ran a Nessus scan of these boxes and then I finally ran an Nmap scan.
The only thing that is a bit disturbing and I have already spoken with Linksys about this, is on the version 2, port 1900/udp (UPnP) is showing open on the WAN side from the Nessus scan. Nmap however doesn't seem to be showing this port as open. The version 3 did not show this behavior at all with the current 1.05.00. |
|
jbobReach Out and Touch SomeonePremium
join:2004-04-26
Little Rock, AR | How is the linksys set up this way? Gateway or Router? I myself wouldn't even be sure how to set one up that way. Does it work just like connnecting to a modem?
Currently I am testing a setting with my SR41 running the 1.45.7 firmware. I have changed all the dafault IP settings to check for further lockups. As of right now it has been running for 4 days and I have yet to have the red diag light come on. The computers hooked to it do occasionally lose connectivity though. I have had to do one reset on it. |
|
| reply to RUdude0884a
Re: Firmware 1.45.11 for BEFSR41 (v1 and v2) I installed the 1.45.11 firmware this morning on a BEFSR41 V1 and DHCP lease doesn't work automatically. When the lease expires,I have to renew it manually. On the previous drivers I would get an occasional,about every 2-3 months,lockup where my reset led would stay lit. Does anyone know anything about this? |
|
griff99Premium
join:2002-12-29
Merrimack, NH
1 edit | reply to jbob
said by jbob:
How is the linksys set up this way? Gateway or Router? I myself wouldn't even be sure how to set one up that way. Does it work just like connnecting to a modem?
Basically my test environment consists of a switch, a Cisco 2900 series to be exact, and a DHCP server. The switch pretends to be the Internet, the DHCP server acts like the DHCP server your ISP uses to send you an address, and my test computer sits on that network and scans box I am interested in securing. It is a stock setup that I have for configuring web servers and the like. Anyway, I have now changed my Nmap scan settings and dropped back to 1.44.2 and I am scanning the box again to see if anything anomalous shows up. Incidentally 1.44.2 still shows the same behavior on the Nessus scan. |
|
jbobReach Out and Touch SomeonePremium
join:2004-04-26
Little Rock, AR | I hadn't really thought of testing that way but guess I can. I run a SX41(replaced my SR41) normally so I guess I could hook my SR41 to SX41 using WAN port as well and check it out that way. Are you running a NIX environment or Windows? Unfortunately both are having firmware issues! |
|
|
|
griff99Premium
join:2002-12-29
Merrimack, NH | Doesn't really matter. Most of my systems are *nix, but Nmap runs on Windows as well.
At home I run an SX41 and I have run it through its paces as well, I am currently running firmware 1.51.00 and it seems pretty stable. |
|
| reply to RUdude0884a
Seems their is still alot of issues that this new firmware has. I don't think i'll upgrade.
Come on Linksys AKA Cisco. Surely you could come out with a descent update rather a more problematic one.
--
Like My DSL!!! |
|
griff99Premium
join:2002-12-29
Merrimack, NH | I will post the follow up results of the Nmap scans tomorrow once I am finished with them. Doing a complete scan for both TCP & UDP can take quite a while, so I left it going and went home for the night. I have seen Nessus show false positives before. |
|
| reply to RUdude0884a
It won't renew DHCP lease automatically for me either.
BEFSR41 ver 1 |
|
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | reply to RUdude0884a
I think that is enough feedback for me to decide I'll wait a couple of weeks and see if they fix the fix.
I bet this BIOS was half-done, then the BootP vulnerability announcement came out, and Linksys/Cisco rushed it into general release without properly testing it.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) |
|
jbobReach Out and Touch SomeonePremium
join:2004-04-26
Little Rock, AR | Well actually it's still in testing phase. They just forgot to add beta to the name! |
|
| reply to RUdude0884a
1.45.11 = GARBAGE I thought I could put up with the router not renewing an IP automatically (lease on my DSL IP always lasts 4 hours), but it's turning out to be way too big of an interference to my LAN and is a huge pain in the a** to do manually every four hours. So I'm going to go back to an earlier version and I heartily recommend that nobody use this firmware until it's fixed. This is just like the last release debacle. The put up a new firmware (1.45.6) and had to release another (1.45.7) right away to fix new problems that were introduced. I swear they don't test these things at all, considering the problems are always so damn obvious. |
|
