dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
16911

planet
join:2001-11-05
Oz

planet

Member

What are you doing regarding the Reaver Hack

So, I'm curious as to what people are doing regarding the Reaver Hack since turning off WPS isn't preventing the hack:
»arstechnica.com/business ··· aver.ars

I'm considering going fully wired until a response from Cisco (if there is one that is). I'm running a Cisco E1500 and I don't believe there is a third party firmware without WPS available for it.

Thane_Bitter
Inquire within
Premium Member
join:2005-01-20

Thane_Bitter

Premium Member

Nothing, my hardware only supports the physical button version of WPS thus I am not effected by this flaw. I have also changed firmware (some time ago) and remapped the button for more practical uses anyways (turns the wireless radio on or off - very useful for a guest network AP).

Cisco E1500 does not appear in DD-WRT's list of supported hardware, so turning off the wireless features, or limiting the time the wireless radio is on (this is really only practical for access points when the built in switch and other router features are not used) are about the only options you have, pending a fix from the manufacture.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude

Premium Member

said by Thane_Bitter:

Nothing, my hardware only supports the physical button version of WPS thus I am not effected by this flaw. I have also changed firmware (some time ago) and remapped the button for more practical uses anyways (turns the wireless radio on or off - very useful for a guest network AP)...

Oh nice to reassign that button to something else! Which firmware did you use? FYI, "affected" and not "effected".

Thane_Bitter
Inquire within
Premium Member
join:2005-01-20

1 recommendation

Thane_Bitter

Premium Member

Meh, sum-a-times i don'tz write so good.

To answer your question, DD-WRT; on a WRT54GSv2 and a WRT54GLv1.1, using their stable release. The GS runs the mega variant (EKO’s VIN version) whereas the GL just the standard flavour. The "radio off" button feature can be found on the Services tab, Services sub tab about half way down the page; the physical button is the Cisco bridge logo on the front bezel of the router.

Reno7
Premium Member
join:2008-10-26
Keller, TX

Reno7 to planet

Premium Member

to planet
I recently got a Linksys E4200. Apparently disabling WiFi Protected setup does not disable WPS (I'm not in the mood to read through how to install Tomato so I guess I'll just wait for new firmware...?:
»homecommunity.cisco.com/ ··· p/405327

This is from page #2 of that thread:
12-30-2011 05:07 PM - last edited on 12-30-2011 05:25 PM

i've tested the reaver tool on my e4200. i got the link to it from a news site ( »www.h-online.com/open/ne ··· 822.html )

The E4200 is vulnerable, even if security is set to "manual" wireless configuration and no button is pressed. i tripple checked that before i ran the test. i got my key after around 4 hours. firmware version is 1.0.03

its time to get a new router

heelyeah
Premium Member
join:2004-02-11
Raleigh, NC

heelyeah to planet

Premium Member

to planet
I flashed both of my routers with DDWRT and set the second one as a repeater bridge. Now I have better wireless coverage in the whole house.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to planet

Premium Member

to planet
I assume RADIUS authentication for my wireless LAN and no WPS capability mitigates the vulnerability. I can't use a tablet, and my network printer doesn't support RADIUS authentication, but what the heck.

Question, though - does DD-WRT or other third party firmware have a built-in RADIUS authentication server? I only need to authenticate fewer than five users, and want to eliminate the separate physical server.
nick11
join:2005-07-17
Chicago, IL

1 edit

nick11 to planet

Member

to planet
Does anyone know if turning WPS off does work or not in Netgear routers? All I have read regarding turning WPS off not working mentions Linksys routers.

I have a Netgear WNR1000v3 (N150) router and DD-WRT's supported routers database says 'work in progress'.

EDIT: I forgot to mention, the Google spreadsheet does not mention the WNR1000v3:

»docs.google.com/spreadsh ··· SSHZEN3c

I see some other netgear routers though.
Expand your moderator at work

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer to nick11

Premium Member

to nick11

Re: What are you doing regarding the Reaver Hack

said by nick11:

Does anyone know if turning WPS off does work or not in Netgear routers? All I have read regarding turning WPS off not working mentions Linksys routers.

I have a Netgear WNR1000v3 (N150) router and DD-WRT's supported routers database says 'work in progress'.

EDIT: I forgot to mention, the Google spreadsheet does not mention the WNR1000v3:

»docs.google.com/spreadsh ··· SSHZEN3c

I see some other netgear routers though.

Waiting For The WPS Fix (scroll down to see the official Netgear response).

From the Netgear KB:
How do NETGEAR Home routers defend WiFi Protected Setup PIN against brute force vulnerability?

FYI: The Netgear WNR1000 series run openwrt firmware with a custom Netgear html interface, and that probably contributes to their ability to survive this vulnerability.
Expand your moderator at work
nick11
join:2005-07-17
Chicago, IL

nick11 to NetFixer

Member

to NetFixer

Re: What are you doing regarding the Reaver Hack

thank you for the reply netfixer! it says to test and see if WPS is off (after turning it off) to go "into your wireless client and deleting the profile for your network." does this mean to click the wireless symbol in the windows tray and then delete the entry for my home network in the list (and then try to connect)?

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by nick11:

thank you for the reply netfixer! it says to test and see if WPS is off (after turning it off) to go "into your wireless client and deleting the profile for your network." does this mean to click the wireless symbol in the windows tray and then delete the entry for my home network in the list (and then try to connect)?

I don't recall seeing that particular bit of advice in the links I provided, but it probably might be a good idea depending on how your wireless client handled the WPS PIN mode. Doing that should ensure that the wireless client would then either have to be manually setup with your WPA passphrase or use the WPS push button connection method instead of the PIN method.

I did not need to worry about that because I don't have any wireless clients that used WPS, and I have had the WPS PIN disabled in my WNR1000v2 since very shortly after I first applied power to it.

I have not done any testing with the reaver POC because I ran into a compatibility problem with the Linux live-cd that I tried it with on my notebook (and I did not feel like bothering with troubleshooting it). However, I have MAC filtering also enabled on my WNR1000v2, which means that there is a log entry (that is emailed to me) anytime a connection attempt is made. So I feel confident that even if Netgear's claims are overblown (and I have not seen any counter claims), that I would be able to detect any attempt to use the reaver tool against my router, just as I see the random "normal" connection attempts. Using MAC filtering may indeed not be a "real" security access blocking tool, but in this case, the security logging does make it a useful security tool.
nick11
join:2005-07-17
Chicago, IL

1 edit

nick11

Member

thanks for the reply and the mac filtering tip too.

when I went to enable the 'disable router's pin' in WPS settings I saw a 'keep existing wireless settings' setting directly below it. I found a screenshot on google:




the 'keep existing wireless settings' is turned on. the description of this setting sounds a bit suspicious:
This shows whether the router is in the WPS configured state.
If this option is not selected, adding a new wireless client will change the router's wireless settings to an automatically generated random SSID and security key.
In addition, if this option is selected, some external registrars (e.g., Network Explorer on Vista Windows) might not see the router.
Configuring basic wireless settings from the router's management GUI selects this option automatically.

should I turn the 'keep existing wireless settings' setting off myself? it wasn't turned off after I enabled the 'disable router's pin' setting. I haven't tried to establish any connections with WPS.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by nick11:

thanks for the reply and the mac filtering tip too.

when I went to enable the 'disable router's pin' in WPS settings I saw a 'keep existing wireless settings' setting directly below it. I found a screenshot on google:

[attached image]

the 'keep existing wireless settings' is turned on. the description of this setting sounds a bit suspicious:

This shows whether the router is in the WPS configured state.
If this option is not selected, adding a new wireless client will change the router's wireless settings to an automatically generated random SSID and security key.
In addition, if this option is selected, some external registrars (e.g., Network Explorer on Vista Windows) might not see the router.
Configuring basic wireless settings from the router's management GUI selects this option automatically.

should I turn the 'keep existing wireless settings' setting off myself? it wasn't turned off after I enabled the 'disable router's pin' setting. I haven't tried to establish any connections with WPS.

On my WNR1000v2, I setup my own 63 character WPA passphrase in the standard wireless setup page on the router, and that action automatically causes the "Keep Existing Wireless Settings" option to be checked on the advanced wireless settings page. Whether you will be able to connect wirelessly with that option un-checked will depend on your wireless client(s) using an algorithm that is compatible with the one used by the Netgear router.

I only have older HP/Broadcom b/g and Cisco Aironet a/b/g wireless clients and they don't support WPS, so that is how I must setup my WPA(2) connections. Having said that, even if I did have only newer wireless clients that supported WPS, I would probably still use the manual method because I know how that works. I don't know what kind of algorithms are being used for the non-pin push button WPS negotiations, so I don't really trust it (trusting the vendor's algorithms is what got us into this current mess). If one has frequent guest users, keeping the WPA passphrase on a thumb drive makes entering the passphrase on a new wireless client a copy-paste snap.
nick11
join:2005-07-17
Chicago, IL

nick11

Member

said by NetFixer:

On my WNR1000v2, I setup my own 63 character WPA passphrase in the standard wireless setup page on the router, and that action automatically causes the "Keep Existing Wireless Settings" option to be checked on the advanced wireless settings page.

oh, I see. that must've happened in my case too. thanks a lot for all your help.

planet
join:2001-11-05
Oz

planet

Member

Went out and bought a $30 Belkin to replace my $70 Linksys. The Belkin disables WPS whereas the Linksys can't.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude

Premium Member

said by planet:

Went out and bought a $30 Belkin to replace my $70 Linksys. The Belkin disables WPS whereas the Linksys can't.

Which Linksys router? Can it use third party firmwares?

planet
join:2001-11-05
Oz

planet

Member

Long story short..my E1500 doesn't have third party firmware available however, I tried to flash with ddwrt my E1000 and was successful flashed but when configuring it somehow ended up bricked, details here:
»Linksys E1000: Is it bricked?
DarkSithPro (banned)
join:2005-02-12
Tempe, AZ

DarkSithPro (banned) to planet

Member

to planet
Click for full size
So this means I'm good, right?

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

Yes, you're good to go. It's disabled.

DaMaGeINC
The Lan Man
Premium Member
join:2002-06-08
Greenville, SC

DaMaGeINC

Premium Member

Alot of routers say its disabled, but in reality, its not... Since Ive been using this hack this week. Ive gained access to two routers that have this function disabled, yet, I was still able to use the hack on them....

I would not count yourself safe just yet....

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

Well, never mind then...

What router brands, and models were hacked?

jamesnyc
@comcast.net

jamesnyc to planet

Anon

to planet
I found another web page with WPS vulnerability tips.. The site has lots of PC security tips I wish more users would follow.

»www.safegadget.com/72/ma ··· wps-bug/

planet
join:2001-11-05
Oz

planet to Juggernaut

Member

to Juggernaut
There is a spreadsheet available that lists router vulnerabilities. I would add the link here but I'm at work and unable to access it. It is mentioned in several other threads that speak to WPS here on dslr.The primary router that is unable to disable WPS is cisco/linksys. Other brands that offer cheaper routers including belkin and d-link are able to disable it. The spreadsheet confirms this.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

Yes, I've seen the Google doc you refer to. Didn't see my Netgear 2000 v3 on it, but who knows.

I was actually asking Damage which routers he had hacked, as he stated he hacked two. More of a curiosity thing.

DaMaGeINC
The Lan Man
Premium Member
join:2002-06-08
Greenville, SC

DaMaGeINC

Premium Member

Linksys wrt54hgsv2 and a netgearcgd modem router combo.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

Thanks.

planet
join:2001-11-05
Oz

planet to Juggernaut

Member

to Juggernaut
said by Juggernaut:

Yes, I've seen the Google doc you refer to. Didn't see my Netgear 2000 v3 on it, but who knows.

After disabling WPS on your router, have you tried deleting the connection status on your pc to the router? After doing this and you try to connect wirelessly to your router, you should only be prompted to enter your passkey manually not via WPS.

Juggernaut
Irreverent or irrelevant?
Premium Member
join:2006-09-05
Kelowna, BC

Juggernaut

Premium Member

I'm hard wired on my desktop, and haven't bothered to do it yet on my Playbook, or lappie. I guess I should do it today!