dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8583
share rss forum feed


planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI
reply to NetFixer

Re: WPS / Reaver

said by NetFixer :
OTOH, my cheap Netgear WNR1000v2-VC wireless router does not even need a WPS patch because its WPS PIN mode can be disabled without disabling the WiFi radio, and its WPS push button mode still works if you have a compatible client.
In my previous post, I mentioned avoiding flashing my E1000 with dd-wrt, but, alas I ventured into uncharted waters and ended up with an E1000 paperweight. I visited Walmart and I am now the proud owner of a Belkin N150 which cost less than half of my E1500 (which I patiently await the WPS patch from Linky). This new Belkin router has the capacity to disable WPS.


planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI

1 recommendation

Linksys has begun releasing FW to mitigate this vulnerability..finally..here's link to the E1500 Linksys FW update page:
»homesupport.cisco.com/en-us/supp···rs/E1500


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

1 edit
Yep, also the E3200 update I've been waiting for:
»homesupport.cisco.com/en-us/supp···rs/E3200

And the link keeping track is worth repeating (first posted here by planet See Profile):
»www6.nohold.net/Cisco2/ukp.aspx?···id=25154


caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4
reply to Reno7
I wish they would patch this for the millions of older routers like mine.

It doesn't seem my (reset to stock, then customized) wrt54gs v.7.50 even exists, much less has anything other than "TBD" for a patch date.


no v7.5 ??


Or, is v7.50 the latest firmware and thus no further update is possible?

Oh well, I have the radio disabled anyway and plan to upgrade it to DD-WRT and/or Tomato. Hell, I bought it used in perfect condition for $15 at a thrift shop so it's not like I can bitch toooo much.

Just crappy that a company as big as Linksys leaves it's consumers vulnerable. Of course, most of the types who'd have an old router and be vulnerable would never know about it or visit a forum like this.
--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

1 edit
said by caffeinator:

I wish they would patch this for the millions of older routers like mine.

No need! Wi-Fi Protected Setup (WPS), the vulnerable feature, isn't on older routers. Nor is it on DD-WRT or Tomato. Newer routers only. The details: »en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

Do you see a WPS screen somewhere in your setup pages?


caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4

3 edits
said by Bill_MI:

No need! Wi-Fi Protected Setup (WPS), the vulnerable feature, isn't on older routers. Nor is it on DD-WRT or Tomato. Newer routers only. The details: »en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

Do you see a WPS screen somewhere in your setup pages?

I do. They just renamed it.

It's not in DD-WRT or Tomato, but it most certainly is a default for this model. Look at the "power" button.

And this from the product guide.




From the FAQ: »www6.nohold.net/Cisco2/ukp.aspx?···5057.xml

quote:
5. What is Secure Easy Setup™ (SES)?

It's an easy way to setup wireless settings on both the router and wireless adapter.

6. How does Secure Easy Setup™ (SES) work?

There is a button on the router (Cisco Systems emblem) that the user may push that will automatically generate a Wireless Network Name or SSID (For example: Linksys_SES_4723) and WPA PSK. Then, in the WLAN software and/or setup CD, the customer will click the Secure Easy Setup™ button. Once both buttons are pushed, a profile will automatically be created in the WLAN containing the unique SSID and WPA PSK. At that point, a secure wireless connection is established.

7. Will I be able to setup more than one wireless computer using Secure Easy Setup™ SES?

Yes, as long as the wireless adapter supports Secure Easy Setup™ (SES). The SSID and WPA key won’t change each time you press it as long as the router’s Reset button doesn't get pushed.
It's enabled by default BTW.

--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4
reply to Reno7
Hmm, Not sure what you mean by disable WPS when I simply go into the web interface and choose "manual" instead of leaving it on Wi-Fi Protected Setup. That in itself disables the WPS.

This was added in the latest firmware update back in February. »homedownloads.cisco.com/download···2012.txt


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..
said by Mike Wolf:

Hmm, Not sure what you mean by disable WPS when I simply go into the web interface and choose "manual" instead of leaving it on Wi-Fi Protected Setup. That in itself disables the WPS.

It would seem so doesn't it? Except all recent Linksys routers stay vulnerable even when you do that. Until their new firmware really does turn it off. Fun, huh?


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4
Dunno. I personally haven't had any problems. I know that Windows 7 has the WPS ability built in, and I notice two routers under Network Infrastructure when the WPS is enabled, and disappears into only one when WPS is disabled.


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

1 edit
reply to caffeinator
said by caffeinator:

I do. They just renamed it.

Apples and oranges. SES is from Broadcom, WPS is from Wifi Aliiance.

Did you find any flaw reported for SES? Not that there couldn't be. The WPS flaw is an unintended feedback about the PIN number***. I didn't think SES uses PINs?

*** Linksys added their own flaw... NOT being able to really disable it.


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..
reply to Mike Wolf
said by Mike Wolf:

Dunno. I personally haven't had any problems. I know that Windows 7 has the WPS ability built in, and I notice two routers under Network Infrastructure when the WPS is enabled, and disappears into only one when WPS is disabled.

The data comes from the attack tool (named "Reaver") still cracking the PIN and getting access, regardless the setting.

The best data I know of is: »docs.google.com/spreadsheet/lv?k···SSHZEN3c


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4
thats interesting, but another option would be to use WPA2 Enterprise and attach a RADIUS server.


caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4

1 edit
reply to Bill_MI
said by Bill_MI:

Apples and oranges. SES is from Broadcom, WPS is from Wifi Aliiance.

Did you find any flaw reported for SES? Not that there couldn't be. The WPS flaw is an unintended feedback about the PIN number***. I didn't think SES uses PINs?

*** Linksys added their own flaw... NOT being able to really disable it.



Hmmm, my bad...ack!

Not sure what to think about this since I'm not actually using the router at the moment, but it seems you are right about them being different. So, no idea if SES is also vulnerable or not without more research but it seems it isn't. Weird.

From: Linksys WRT54G Ultimate Hacking
By Paul Asadoorian, Larry Pesce


click to read better


I know mine does have a "pin" mentioned in the wireless setup, but I don't use wi-fi, so I tend to ignore that stuff. I've always just disabled wi-fi on everything and used good 'ol cables.

I think I'll leave the radio off until I can get DD-WRT on there, just in case.
--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4
Well don't get any ideas with the v2 because Linksys is specifically designing the new routers to NOT be third party firmware supported, even taking it as far as writing the firmware in house instead of by an outside company.


caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4
No worries, I have checked and it's supported:

»www.dd-wrt.com/wiki/index.php/Li···_%26_7.2

Mine is a WRT54GS v7.50, but I saw on DD-WRT forums where it has been used.
--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4
oh ok yeah the WRT54G is supported yes, I was afraid you were going to try to do this on one of the new E4200v2 routers which don't use ODM'd code lol.

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
reply to Bill_MI
said by Bill_MI:

It would seem so doesn't it? Except all recent Linksys routers stay vulnerable even when you do that. Until their new firmware really does turn it off. Fun, huh?

Actually, this isn't exactly the same. With older versions of the firmware you didn't really have an option to "turn off" WPS. You could either pick "Manual" or "WPS" but selecting Manual did not turn off WPS (this was the issue). Cisco is releasing updated firmware that does allow WPS to explicitly be turned off, and the Feb release for the V1 routers is the first of these updates.

I have not seen any screenshots of the new firmware or any further discussion on this update so I wouldn't know if this setting now disables WPS, or if a new option was added to disable it. The google docs spreadsheet page doesn't appear to have been updated or make any notes about being able to disable WPS with the latest firmware (IE: that page is out of date)

The Cisco page listing the routers that have this update is at »www6.nohold.net/Cisco2/ukp.aspx?···id=25154

There had been a posting in Cisco's forums that enabling MAC address filtering on the AP disabled WPS, but it isn't clear to me that this truly disables it rather than providing an extra control (IE: only authorized hardware addresses may use WPS). It is well known that hardware addresses are easily spoofed, so if the latter this is not much protection but if the former (IE: even authorized MAC addresses can not use WPS) it may be a potential workaround.


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

1 edit
Click for full size
E3200 f/w ver 1.0.03 Mar 2012
said by Shady Bimmer:

I have not seen any screenshots of the new firmware or any further discussion on this update so I wouldn't know if this setting now disables WPS, or if a new option was added to disable it. The google docs spreadsheet page doesn't appear to have been updated or make any notes about being able to disable WPS with the latest firmware (IE: that page is out of date)

Here's a screen shot and a revelation...

In that spreadsheet (»docs.google.com/spreadsheet/lv?k···SSHZEN3c) the E3200 occurs twice, including the latest 1.0.03. Looks like Reaver is STILL cracking it if I read that right - Item 44. Not good.

Laramar

join:2002-08-23
Minneapolis, MN
E3200 1.0.03 firmware adds two things:
1. Disable/Enable WPS
2. WPS lockdown (when WPS is enabled)

Disabling WPS will stop the Reaver crack.

With WPS lockdown, the router is suppose to lockdown WPS after a certain number of unsuccessful attempts. One person at the Cisco forum claims the lockdown is not working: »homecommunity.cisco.com/t5/Wirel···p/497518

Laramar

join:2002-08-23
Minneapolis, MN


Oregonian
Premium
join:2000-12-21
West Linn, OR
reply to Reno7
Still waiting on a firmware update for my WRT610N...

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
reply to Bill_MI
said by Bill_MI:

Here's a screen shot and a revelation...

Your snapshot looks different that that of Laramar See Profile below and seems to be missing the option that was added to disable WPS. Something seems very odd there.

That spreadsheet, unfortunately, does not make any note of whether or not WPS can be disabled or whether the attempt was made while it was set to 'disabled'. It is difficult to put much weight on a doc only populated by unsubstantiated user feedback, particularly when it is missing a key piece of information. In the forum thread noted by Laramar See Profile below one poster confirms he was instructed how to properly disable WPS, but that when enabled the lockdown is not working. That would seem to hint that you can disable WPS with the new firmware, but it may not be clear how to do so.

Laramar

join:2002-08-23
Minneapolis, MN
It's the GUI that looks confusing, but when you toggle between 'Manual' and 'Wi-Fi Protected Setup', it will bring up a different page.

To disable WPS, you first have to click on 'Wi-Fi Protected Setup', then click 'Disabled'. Then click on Manual to bring you back to the wireless settings. It took me a couple minutes to figure that out on my e4200 v1.

Cisco should redesign that page. It comes back to how people thought clicking on Manual automatically turned off WPS, but it really does not.


planet

join:2001-11-05
Oz
kudos:1
So far, no firmware update for the Linksys E1000..latest firmware dated August 2011.