 RenoPremium
join:2008-10-26
Keller, TX | WPS / Reaver I'm not really in the mood to learn up on converting my new E4200 to Tomato. I wonder how long it will take them to release a new firmware to make it possible to disable WPS (for all their routers apparently). I guess there's nothing else to do other than sit back and wait for a new firmware or switch to Tomato. Is there a really simple idiots guide to installing Tomato with dual band support on a E4200?
»arstechnica.com/business/news/20···aver.ars
»homecommunity.cisco.com/t5/Wirel···7/page/1
(page 2 of that thread has a link to a Python version of Reaver). |
|
 planet
join:2001-11-05
Oz
kudos:1 | I was looking at the dd-wrt firmware for my E1000. There is a learning curve to install that firmware as well. I don't want to brick my router, so I'm sitting back waiting for the firmware from linksys..hopefully sooner than later.
I also use an E1500 that doesn't have any third party firmware being offered. I have disabled wireless to mitigate WPS for now on that router. Got 100 foot of cat 5 running to my upstairs. I had this running before I went wireless so not a biggie. If necessary, I enable my wireless briefly for other devices or convenience.
Hard to believe such a simple hack was there all along  ..go figure. |
|
RenoPremium
join:2008-10-26
Keller, TX | reply to Reno
I barely have time to look at this stuff so I have no clue what I'm talking about. But, I was thinking about:
-Turning on and connecting every wireless device I have (and man... 3 phones, 5 laptops, 1 desktop only on wifi, a kindle fire and an android tablet....)
-Enabling Wireless MAC Filter
-Adding the MAC's of those active devices to the Wireless MAC Filter list
-Setting Wireless MAC Filter to "Permit PCs listed below to access the wireless network."
It sounds like that would prevent any other device from connecting to the network (no matter what). Which should mean the WPS or any other hack would be neutralized since even with a passcode no other device could connect.
I might be totally wrong... Does this sound good? |
|
planet
join:2001-11-05
Oz
kudos:1 | From what I've read it is fairly easy to spoof a MAC address, so while it would add another layer of difficulty, it wouldn't prevent a determined person.
From a quick google:
»www.techrepublic.com/blog/securi···ress/395 |
|
 somms
join:2003-07-28
Salt Lake City, UT | reply to Reno
»www.smallnetbuilder.com/wireless···-wps-fix
Either Tomato or DD-WRT (non-Buffalo version) do not contain WPS function and are not affected by this exploit.
Judging by Linksys's response in the above link, it doesn't seem like they are in any hurry to fix thissecurity hole... |
|
 JohkalCool CatPremium,MVM
join:2002-11-13
Happy Valley
kudos:5 | reply to Reno
Boy, I'm glad you posted this about WPS. I was considering buying one, but I think I'll hang on to my WRT610Nv2 which I can disable WPS. |
|
 Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1
 ·Comcast
·WOW Internet and..
| Don't be so sure you CAN turn it off. Some routers respond even with WPS disabled:
»WiFi Protected Setup PIN brute force vulnerability
»Don't miss this important fact.... |
|
RenoPremium
join:2008-10-26
Keller, TX | reply to Reno
Man, that spreadsheet you linked in the other thread Planet says that if you have v2 of the E4200 (which came out sometime last month it looks like) there's an auto-update firmware button in the menu (which you can click just to see if there is newer firmware).
But, then the flash, processor speed, usb speed, etc etc have all been improved. Bummer, bought mine a couple of months too early.
So, that's why everyone for the last month has had the e4200 for $159. The only place that looks like they specifically have the v2 is Amazon: »www.amazon.com/Linksys-Performan···068ALV8Q
Mine has really worked flawlessly for the last couple of months. The only thing I can think of to complain about is I couldn't get an external USB drive to remain up on it (which I didn't spend more than 20 minutes playing with that so I can't really complain yet). Maybe I'll upgrade mine when the v3 comes out. I got rid of all my older routers so it would be nice to have a spare backup in the closet actually. OCD... I like spares.  |
|
|
|
JohkalCool CatPremium,MVM
join:2002-11-13
Happy Valley
kudos:5 | reply to Bill_MI
Well damn; so much for that.  |
|
planet
join:2001-11-05
Oz
kudos:1 | Update for Linksys Home Models:
»www6.nohold.net/Cisco2/ukp.aspx?···id=25154 |
|
 lordpufferComfortably NumbPremium
join:2004-09-19
Rio Rancho, NM
kudos:1
 ·CenturyLink
 ·Vonage
 ·T-Mobile US
 ·Dish Network
·Time Warner Cable
·AT&T Wireless Br..
·Verizon Wireless..
| Cisco lists a workaround by disabling the Wireless Radio. Now who bought the E4200 to use it only as a Wired Router? 
--
"Is there a 50's Cafe around here"? |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·Comcast
·WOW Internet and..
| reply to planet
Thanks for the update. Sort of says how many programmers Cisco/Linksys has. I'd guess none. 60 days to patch 1 bug on a critical flaw? I'm not impressed. |
|
 NetFixerFreedom is NOT freePremium
join:2004-06-24
The 'Boro
·Vonage
·Cingular Wireless
·Comcast
·AT&T Southeast
| said by Bill_MI:Thanks for the update. Sort of says how many programmers Cisco/Linksys has. I'd guess none. 60 days to patch 1 bug on a critical flaw? I'm not impressed. Yep, Linksys is Cisco's left handed, red headed step child. Even the former Linksys Business products that have been re-branded as Cisco Small Business (with the Linksys branding removed), are still not supported by Cisco. The "Chinglish" error, help, and status messages in my RV082 tell me that the firmware definitely is coming directly from a Chinese supplier, and Cisco is not directly involved with the programing.
OTOH, my cheap Netgear WNR1000v2-VC wireless router does not even need a WPS patch because its WPS PIN mode can be disabled without disabling the WiFi radio, and its WPS push button mode still works if you have a compatible client.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower |
|
KoRnGtL15Premium
join:2007-01-04
Grants Pass, OR | reply to Bill_MI
Longer then that. This bug was found in December. Just a few days ago Linksys finally spoke of a coming fix. Absolutely pathetic how long it is taking them to fix this. Shame on Cisco/Linksys considering how big of a name and company they are in general.
said by Bill_MI:Thanks for the update. Sort of says how many programmers Cisco/Linksys has. I'd guess none. 60 days to patch 1 bug on a critical flaw? I'm not impressed. |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·Comcast
·WOW Internet and..
| said by KoRnGtL15:Longer then that. This bug was found in December. Whoa... you're right. I knew US-Cert published end of December so I thought I was only a little generous. But they notified D-Link, Linksys/Cisco and Netgear 12/05/2011!!! (from »www.kb.cert.org/vuls/id/723755 )
Here I am... stuck with an E3200 at work from the same scumbags spinning the story as if they were the victim of the WPS protocol like everyone else. What I wouldn't give right now to suggest what they can use as a suppository...  |
|
KoRnGtL15Premium
join:2007-01-04
Grants Pass, OR | Do you think anyone might bring on a class action law suit? They knew about this back in December. Millions are vulnerable right now. How can they continue to sell the product and get away with it? Imo, sales should be stopped until a fix is made public. |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·Comcast
·WOW Internet and..
| Interesting idea. But when I calmed down, I thought more clearly... ...
This "Cisco Linksys Business Unit", the group that can't even use the cisco.com domain for their info (notice that?) is probably a non-technical staff. Which means they might not have been aware they couldn't turn off WPS until more recently. Nor would they have any appreciation of the urgency. This fact puts their customers at high risk.
So I'd go for the criminal as well as civil aspects. |
|
lordpufferComfortably NumbPremium
join:2004-09-19
Rio Rancho, NM
kudos:1 Reviews:
·CenturyLink
·Vonage
·T-Mobile US
·Dish Network
·Time Warner Cable
·AT&T Wireless Br..
·Verizon Wireless..
| reply to KoRnGtL15
said by KoRnGtL15:Do you think anyone might bring on a class action law suit? They knew about this back in December. Millions are vulnerable right now. How can they continue to sell the product and get away with it? Imo, sales should be stopped until a fix is made public.
Only problem with a Class Action suit, even if one was brought, is that the Attorneys make the money and us, the end users/clients, get pittance.
--
"Is there a 50's Cafe around here"? |
|
lordpufferComfortably NumbPremium
join:2004-09-19
Rio Rancho, NM
kudos:1 Reviews:
·CenturyLink
·Vonage
·T-Mobile US
·Dish Network
·Time Warner Cable
·AT&T Wireless Br..
·Verizon Wireless..
| reply to Bill_MI
said by Bill_MI:So I'd go for the criminal as well as civil aspects.
I used to be a Prosecutor, and unfortunately, unless a lot of people get hurt from this vulnerability, I don't see a State or the Federal Attorney General stepping in with criminal charges. 
--
"Is there a 50's Cafe around here"? |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·Comcast
·WOW Internet and..
| said by lordpuffer:I used to be a Prosecutor, and unfortunately, unless a lot of people get hurt from this vulnerability, I don't see a State or the Federal Attorney General stepping in with criminal charges. I know... just fantasizing. |
|
