KoRnGtL15Premium
join:2007-01-04
Grants Pass, OR | reply to antdude
Re: Millions of home routers vulnerable...um ok.... It has no effect on opendns when using it.
said by antdude:Hmm, does using OpenDNS' IP address in my router's latest stock firmwares fit with this or is this a completely different thing? I only configured my DNS for OpenDNS. |
|
 antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2
 ·RoadRunner Cable
| said by KoRnGtL15:It has no effect on opendns when using it. said by antdude:Hmm, does using OpenDNS' IP address in my router's latest stock firmwares fit with this or is this a completely different thing? I only configured my DNS for OpenDNS. Darn, I guess I will have to switch to third party firmware then if Linksys doesn't fix this soon.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
| Thanks!  Mine was not successful. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to antdude
said by antdude:Darn, I guess I will have to switch to third party firmware then if Linksys doesn't fix this soon. Linksy sure isn't going to fix the BEFSR41. Mine is almost 7 years old. Even the later version 4 is now six years old. Linksy fixes NOTHING over 2 years old. Their position that the router is outdated at 2 years and needs to be replaced. I'm not buying a new router because of this.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
| said by Mele20:said by antdude:Darn, I guess I will have to switch to third party firmware then if Linksys doesn't fix this soon. Linksy sure isn't going to fix the BEFSR41. Mine is almost 7 years old. Even the later version 4 is now six years old. Linksy fixes NOTHING over 2 years old. Their position that the router is outdated at 2 years and needs to be replaced. I'm not buying a new router because of this. They better fix WRT54GL.  I bet my Netgear RT311 has the same problem, but that's like a decade old!
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
|
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | Well, yeah...the WRT54GL is much newer...but it has been around for several years. Linksy is not the company they were when I bought my router. I bought Linksy on the basis of their reputation which was changing at the time I purchased mine (but I didn't know that). By the time my router was a little over 2 years old Linksy was a different company support wise. That is not to say that I expect them to fix an almost 7 year old router, but I did expect help, and a fix, when I called them with a problem when the router was just slightly over two years old. I was told I needed to purchase a new router and that mine was no longer supported. A vendor of a popular product called them about the same problem and they told him the same thing...any router over two years old gets NO firmware upgrade and they could care less that their BEFSR41 has a bug in it that means it can't work properly with the vendor's software. The router was over two years old..so, buy a new one and the vendor of the sofware was supposed to tell users of his software that Linksy said to buy a new router if they wanted to use his software. So, don't hold your breath because they may not fix it.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
| said by Mele20:Well, yeah...the WRT54GL is much newer...but it has been around for several years. Linksy is not the company they were when I bought my router. I bought Linksy on the basis of their reputation which was changing at the time I purchased mine (but I didn't know that). By the time my router was a little over 2 years old Linksy was a different company support wise. That is not to say that I expect them to fix an almost 7 year old router, but I did expect help, and a fix, when I called them with a problem when the router was just slightly over two years old. I was told I needed to purchase a new router and that mine was no longer supported. A vendor of a popular product called them about the same problem and they told him the same thing...any router over two years old gets NO firmware upgrade and they could care less that their BEFSR41 has a bug in it that means it can't work properly with the vendor's software. The router was over two years old..so, buy a new one and the vendor of the sofware was supposed to tell users of his software that Linksy said to buy a new router if they wanted to use his software. So, don't hold your breath because they may not fix it. Yeah, lot of old companies changed like this. It sucks. I wonder how Netgear is doing these days. Their old routers and switches were good back in early 2000s. I didn't buy a their router because I like Linksys WRT54GL's popularity, Linux, and third party supports.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
 jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2
1 edit | FWIW, I have a "vulnerable" v1.1 WRT54GL too. And I agree with Mele that I doubt you'll see a new Firmware release, or any other kind of "fix" for that matter, since the last one was (I believe), 4.30.14, released some time back in 2009.
They've moved on to "bigger and better things"...(debatable, of course).
I also have two older version WRT54G's that are supposedly NOT vulnerable (go figure), sitting in my closet.
But I'm just too lazy to drag one of them out, rewire my desk upstairs, and reconfigure it...I'll just take my chances, I suppose. 
I have a strong password, and I sleep with a loaded shotgun...that's good enough for me. 
--
I had a life once.....now I have a Computer and a Modem. |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
| said by jabarnut:FWIW, I have a "vulnerable" v1.1 WRT54GL too. And I agree with Mele that I doubt you'll see a new Firmware release, or any other kind of "fix" for that matter, since the last one was (I believe), 4.30.14, released some time back in 2009. They've moved on to "bigger and better things"...(debatable, of course). I also have two older version WRT54G's that are supposedly NOT vulnerable (go figure), sitting in my closet. But I'm just too lazy to drag one of them out, rewire my desk upstairs, and reconfigure it...I'll just take my chances, I suppose. I have a strong password, and I sleep with a loaded shotgun...that's good enough for me. I also use a strong password too. I thought this exploit can bypass that part or am I understanding the issue incorrectly?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2
1 edit | said by antdude:I also use a strong password too. I thought this exploit can bypass that part or am I understanding the issue incorrectly? I think you're understanding the issue incorrectly.
If they did get access to your network, and found the password was something other than "admin", I think they'd move on to the next sucker where things are a lot easier.
But with the information I have so far, who knows...maybe I'm not understanding the issue correctly either.
(Edit) Oops...changed understanding the issue from "correctly" to "incorrectly"
--
I had a life once.....now I have a Computer and a Modem. |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
| said by jabarnut:said by antdude:I also use a strong password too. I thought this exploit can bypass that part or am I understanding the issue incorrectly? I think you're understanding the issue correctly. If they did get access to your network, and found the password was something other than "admin", I think they'd move on to the next sucker where things are a lot easier. But with the information I have so far, who knows...maybe I'm not understanding the issue correctly either. Have these routers be seen attacked in real world scenarios yet? I assume we'll find out more from Def Con.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2 | That's the thing...I'm not sure.
I guess according to "security researcher Craig Heffner" (whoever he is), we won't know a whole lot more until the upcoming "Black Hat security conference", where he divulges more information.
I haven't thoroughly read everything about this thing (bits and pieces here and there), but I've still got more important things than this to worry about...at least for now.
--
I had a life once.....now I have a Computer and a Modem. |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
kudos:2 Reviews:
·RoadRunner Cable
1 edit | said by jabarnut:That's the thing...I'm not sure. I guess according to "security researcher Craig Heffner" (whoever he is), we won't know a whole lot more until the upcoming "Black Hat security conference", where he divulges more information. I haven't thoroughly read everything about this thing (bits and pieces here and there), but I've still got more important things than this to worry about...at least for now. Ditto. He might just saying craps. We need proofs! He could be social engineering us to make us panic. :P
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2
1 edit | By the way, I edited my 2nd post above.
From my understanding, they need to figure out your Router's password to do some real damage. (Not that it would be a good thing to be compromised somehow anyway, but the idea is to get access to your Router settings, at least as I understand it).
Then again, sometimes this old noggin' of mine understands very little. 
--
I had a life once.....now I have a Computer and a Modem. |
|
