dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
16052
share rss forum feed


planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI

What are you doing regarding the Reaver Hack

So, I'm curious as to what people are doing regarding the Reaver Hack since turning off WPS isn't preventing the hack:
»arstechnica.com/business/news/20···aver.ars

I'm considering going fully wired until a response from Cisco (if there is one that is). I'm running a Cisco E1500 and I don't believe there is a third party firmware without WPS available for it.



Thane_Bitter
Inquire within
Premium
join:2005-01-20
Reviews:
·Bell Sympatico

Nothing, my hardware only supports the physical button version of WPS thus I am not effected by this flaw. I have also changed firmware (some time ago) and remapped the button for more practical uses anyways (turns the wireless radio on or off - very useful for a guest network AP).

Cisco E1500 does not appear in DD-WRT's list of supported hardware, so turning off the wireless features, or limiting the time the wireless radio is on (this is really only practical for access points when the built in switch and other router features are not used) are about the only options you have, pending a fix from the manufacture.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by Thane_Bitter:

Nothing, my hardware only supports the physical button version of WPS thus I am not effected by this flaw. I have also changed firmware (some time ago) and remapped the button for more practical uses anyways (turns the wireless radio on or off - very useful for a guest network AP)...

Oh nice to reassign that button to something else! Which firmware did you use? FYI, "affected" and not "effected".
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer


Thane_Bitter
Inquire within
Premium
join:2005-01-20
Reviews:
·Bell Sympatico

1 recommendation

Meh, sum-a-times i don'tz write so good.

To answer your question, DD-WRT; on a WRT54GSv2 and a WRT54GLv1.1, using their stable release. The GS runs the mega variant (EKO’s VIN version) whereas the GL just the standard flavour. The "radio off" button feature can be found on the Services tab, Services sub tab about half way down the page; the physical button is the Cisco bridge logo on the front bezel of the router.



Reno7
Premium
join:2008-10-26
Keller, TX
reply to planet

I recently got a Linksys E4200. Apparently disabling WiFi Protected setup does not disable WPS (I'm not in the mood to read through how to install Tomato so I guess I'll just wait for new firmware...?:
»homecommunity.cisco.com/t5/Wirel···p/405327

This is from page #2 of that thread:

12-30-2011 05:07 PM - last edited on 12-30-2011 05:25 PM

i've tested the reaver tool on my e4200. i got the link to it from a news site ( »www.h-online.com/open/news/item/···822.html )

The E4200 is vulnerable, even if security is set to "manual" wireless configuration and no button is pressed. i tripple checked that before i ran the test. i got my key after around 4 hours. firmware version is 1.0.03

its time to get a new router


heelyeah
Premium
join:2004-02-11
Raleigh, NC
reply to planet

I flashed both of my routers with DDWRT and set the second one as a repeater bridge. Now I have better wireless coverage in the whole house.



EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric
reply to planet

I assume RADIUS authentication for my wireless LAN and no WPS capability mitigates the vulnerability. I can't use a tablet, and my network printer doesn't support RADIUS authentication, but what the heck.

Question, though - does DD-WRT or other third party firmware have a built-in RADIUS authentication server? I only need to authenticate fewer than five users, and want to eliminate the separate physical server.


nick11

join:2005-07-17
Chicago, IL
kudos:1

1 edit
reply to planet

Does anyone know if turning WPS off does work or not in Netgear routers? All I have read regarding turning WPS off not working mentions Linksys routers.

I have a Netgear WNR1000v3 (N150) router and DD-WRT's supported routers database says 'work in progress'.

EDIT: I forgot to mention, the Google spreadsheet does not mention the WNR1000v3:

»docs.google.com/spreadsheet/ccc?···SSHZEN3c

I see some other netgear routers though.

Expand your moderator at work


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to nick11

Re: What are you doing regarding the Reaver Hack

said by nick11:

Does anyone know if turning WPS off does work or not in Netgear routers? All I have read regarding turning WPS off not working mentions Linksys routers.

I have a Netgear WNR1000v3 (N150) router and DD-WRT's supported routers database says 'work in progress'.

EDIT: I forgot to mention, the Google spreadsheet does not mention the WNR1000v3:

»docs.google.com/spreadsheet/ccc?···SSHZEN3c

I see some other netgear routers though.

Waiting For The WPS Fix (scroll down to see the official Netgear response).

From the Netgear KB:
How do NETGEAR Home routers defend WiFi Protected Setup PIN against brute force vulnerability?

FYI: The Netgear WNR1000 series run openwrt firmware with a custom Netgear html interface, and that probably contributes to their ability to survive this vulnerability.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Expand your moderator at work

nick11

join:2005-07-17
Chicago, IL
kudos:1
reply to NetFixer

Re: What are you doing regarding the Reaver Hack

thank you for the reply netfixer! it says to test and see if WPS is off (after turning it off) to go "into your wireless client and deleting the profile for your network." does this mean to click the wireless symbol in the windows tray and then delete the entry for my home network in the list (and then try to connect)?



NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by nick11:

thank you for the reply netfixer! it says to test and see if WPS is off (after turning it off) to go "into your wireless client and deleting the profile for your network." does this mean to click the wireless symbol in the windows tray and then delete the entry for my home network in the list (and then try to connect)?

I don't recall seeing that particular bit of advice in the links I provided, but it probably might be a good idea depending on how your wireless client handled the WPS PIN mode. Doing that should ensure that the wireless client would then either have to be manually setup with your WPA passphrase or use the WPS push button connection method instead of the PIN method.

I did not need to worry about that because I don't have any wireless clients that used WPS, and I have had the WPS PIN disabled in my WNR1000v2 since very shortly after I first applied power to it.

I have not done any testing with the reaver POC because I ran into a compatibility problem with the Linux live-cd that I tried it with on my notebook (and I did not feel like bothering with troubleshooting it). However, I have MAC filtering also enabled on my WNR1000v2, which means that there is a log entry (that is emailed to me) anytime a connection attempt is made. So I feel confident that even if Netgear's claims are overblown (and I have not seen any counter claims), that I would be able to detect any attempt to use the reaver tool against my router, just as I see the random "normal" connection attempts. Using MAC filtering may indeed not be a "real" security access blocking tool, but in this case, the security logging does make it a useful security tool.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower

nick11

join:2005-07-17
Chicago, IL
kudos:1

1 edit

thanks for the reply and the mac filtering tip too.

when I went to enable the 'disable router's pin' in WPS settings I saw a 'keep existing wireless settings' setting directly below it. I found a screenshot on google:




the 'keep existing wireless settings' is turned on. the description of this setting sounds a bit suspicious:

This shows whether the router is in the WPS configured state.
If this option is not selected, adding a new wireless client will change the router's wireless settings to an automatically generated random SSID and security key.
In addition, if this option is selected, some external registrars (e.g., Network Explorer on Vista Windows) might not see the router.
Configuring basic wireless settings from the router's management GUI selects this option automatically.

should I turn the 'keep existing wireless settings' setting off myself? it wasn't turned off after I enabled the 'disable router's pin' setting. I haven't tried to establish any connections with WPS.


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by nick11:

thanks for the reply and the mac filtering tip too.

when I went to enable the 'disable router's pin' in WPS settings I saw a 'keep existing wireless settings' setting directly below it. I found a screenshot on google:

[attached image]

the 'keep existing wireless settings' is turned on. the description of this setting sounds a bit suspicious:

This shows whether the router is in the WPS configured state.
If this option is not selected, adding a new wireless client will change the router's wireless settings to an automatically generated random SSID and security key.
In addition, if this option is selected, some external registrars (e.g., Network Explorer on Vista Windows) might not see the router.
Configuring basic wireless settings from the router's management GUI selects this option automatically.

should I turn the 'keep existing wireless settings' setting off myself? it wasn't turned off after I enabled the 'disable router's pin' setting. I haven't tried to establish any connections with WPS.

On my WNR1000v2, I setup my own 63 character WPA passphrase in the standard wireless setup page on the router, and that action automatically causes the "Keep Existing Wireless Settings" option to be checked on the advanced wireless settings page. Whether you will be able to connect wirelessly with that option un-checked will depend on your wireless client(s) using an algorithm that is compatible with the one used by the Netgear router.

I only have older HP/Broadcom b/g and Cisco Aironet a/b/g wireless clients and they don't support WPS, so that is how I must setup my WPA(2) connections. Having said that, even if I did have only newer wireless clients that supported WPS, I would probably still use the manual method because I know how that works. I don't know what kind of algorithms are being used for the non-pin push button WPS negotiations, so I don't really trust it (trusting the vendor's algorithms is what got us into this current mess). If one has frequent guest users, keeping the WPA passphrase on a thumb drive makes entering the passphrase on a new wireless client a copy-paste snap.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower

nick11

join:2005-07-17
Chicago, IL
kudos:1

said by NetFixer:

On my WNR1000v2, I setup my own 63 character WPA passphrase in the standard wireless setup page on the router, and that action automatically causes the "Keep Existing Wireless Settings" option to be checked on the advanced wireless settings page.

oh, I see. that must've happened in my case too. thanks a lot for all your help.


planet

join:2001-11-05
Oz
kudos:1

Went out and bought a $30 Belkin to replace my $70 Linksys. The Belkin disables WPS whereas the Linksys can't.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by planet:

Went out and bought a $30 Belkin to replace my $70 Linksys. The Belkin disables WPS whereas the Linksys can't.

Which Linksys router? Can it use third party firmwares?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer


planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI

Long story short..my E1500 doesn't have third party firmware available however, I tried to flash with ddwrt my E1000 and was successful flashed but when configuring it somehow ended up bricked, details here:
»Linksys E1000: Is it bricked?



DarkSithPro

join:2005-02-12
Tempe, AZ
kudos:2
reply to planet

Click for full size
So this means I'm good, right?


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

Yes, you're good to go. It's disabled.



DaMaGeINC
The Lan Man
Premium
join:2002-06-08
Greenville, SC
kudos:2

Alot of routers say its disabled, but in reality, its not... Since Ive been using this hack this week. Ive gained access to two routers that have this function disabled, yet, I was still able to use the hack on them....

I would not count yourself safe just yet....
--
Hating ignorance since 1984.



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

Well, never mind then...

What router brands, and models were hacked?



jamesnyc

@comcast.net
reply to planet

I found another web page with WPS vulnerability tips.. The site has lots of PC security tips I wish more users would follow.

»www.safegadget.com/72/major-wire···wps-bug/



planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI
reply to Juggernaut

There is a spreadsheet available that lists router vulnerabilities. I would add the link here but I'm at work and unable to access it. It is mentioned in several other threads that speak to WPS here on dslr.The primary router that is unable to disable WPS is cisco/linksys. Other brands that offer cheaper routers including belkin and d-link are able to disable it. The spreadsheet confirms this.



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

Yes, I've seen the Google doc you refer to. Didn't see my Netgear 2000 v3 on it, but who knows.

I was actually asking Damage which routers he had hacked, as he stated he hacked two. More of a curiosity thing.



DaMaGeINC
The Lan Man
Premium
join:2002-06-08
Greenville, SC
kudos:2

Linksys wrt54hgsv2 and a netgearcgd modem router combo.



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

Thanks.



planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI
reply to Juggernaut

said by Juggernaut:

Yes, I've seen the Google doc you refer to. Didn't see my Netgear 2000 v3 on it, but who knows.

After disabling WPS on your router, have you tried deleting the connection status on your pc to the router? After doing this and you try to connect wirelessly to your router, you should only be prompted to enter your passkey manually not via WPS.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

I'm hard wired on my desktop, and haven't bothered to do it yet on my Playbook, or lappie. I guess I should do it today!