 planet
join:2001-11-05
Oz
kudos:1 | reply to NetFixer
Re: WPS / Reaver said by NetFixer :
OTOH, my cheap Netgear WNR1000v2-VC wireless router does not even need a WPS patch because its WPS PIN mode can be disabled without disabling the WiFi radio, and its WPS push button mode still works if you have a compatible client.
In my previous post, I mentioned avoiding flashing my E1000 with dd-wrt, but, alas I ventured into uncharted waters and ended up with an E1000 paperweight. I visited Walmart and I am now the proud owner of a Belkin N150 which cost less than half of my E1500 (which I patiently await the WPS patch from Linky). This new Belkin router has the capacity to disable WPS. |
|
planet
join:2001-11-05
Oz
kudos:1 | Linksys has begun releasing FW to mitigate this vulnerability..finally..here's link to the E1500 Linksys FW update page:
»homesupport.cisco.com/en-us/supp···rs/E1500 |
|
 Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1
 ·Comcast
·WOW Internet and..
1 edit | Yep, also the E3200 update I've been waiting for:
»homesupport.cisco.com/en-us/supp···rs/E3200
And the link keeping track is worth repeating (first posted here by planet  ):
»www6.nohold.net/Cisco2/ukp.aspx?···id=25154 |
|
 caffeinatorComing soon to a cup near you..Premium
join:2005-01-16
WA, USA
kudos:3
 ·CenturyLink
| reply to Reno
I wish they would patch this for the millions of older routers like mine.
It doesn't seem my (reset to stock, then customized) wrt54gs v.7.50 even exists, much less has anything other than "TBD" for a patch date. 
no v7.5 ??
Or, is v7.50 the latest firmware and thus no further update is possible?
Oh well, I have the radio disabled anyway and plan to upgrade it to DD-WRT and/or Tomato. Hell, I bought it used in perfect condition for $15 at a thrift shop so it's not like I can bitch toooo much. 
Just crappy that a company as big as Linksys leaves it's consumers vulnerable. Of course, most of the types who'd have an old router and be vulnerable would never know about it or visit a forum like this.
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·Comcast
·WOW Internet and..
1 edit | said by caffeinator:I wish they would patch this for the millions of older routers like mine. No need! Wi-Fi Protected Setup (WPS), the vulnerable feature, isn't on older routers. Nor is it on DD-WRT or Tomato. Newer routers only. The details: »en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
Do you see a WPS screen somewhere in your setup pages? |
|
|
|
caffeinatorComing soon to a cup near you..Premium
join:2005-01-16
WA, USA
kudos:3 Reviews:
·CenturyLink
3 edits | said by Bill_MI:No need! Wi-Fi Protected Setup (WPS), the vulnerable feature, isn't on older routers. Nor is it on DD-WRT or Tomato. Newer routers only. The details: »en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
Do you see a WPS screen somewhere in your setup pages?
I do. They just renamed it.
It's not in DD-WRT or Tomato, but it most certainly is a default for this model. Look at the "power" button.
And this from the product guide.
From the FAQ: »www6.nohold.net/Cisco2/ukp.aspx?···5057.xml
quote:
5. What is Secure Easy Setup™ (SES)?
It's an easy way to setup wireless settings on both the router and wireless adapter.
6. How does Secure Easy Setup™ (SES) work?
There is a button on the router (Cisco Systems emblem) that the user may push that will automatically generate a Wireless Network Name or SSID (For example: Linksys_SES_4723) and WPA PSK. Then, in the WLAN software and/or setup CD, the customer will click the Secure Easy Setup™ button. Once both buttons are pushed, a profile will automatically be created in the WLAN containing the unique SSID and WPA PSK. At that point, a secure wireless connection is established.
7. Will I be able to setup more than one wireless computer using Secure Easy Setup™ SES?
Yes, as long as the wireless adapter supports Secure Easy Setup™ (SES). The SSID and WPA key won’t change each time you press it as long as the router’s Reset button doesn't get pushed.
It's enabled by default BTW.
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages |
|
Reviews:
·Comcast
| reply to Reno
Hmm, Not sure what you mean by disable WPS when I simply go into the web interface and choose "manual" instead of leaving it on Wi-Fi Protected Setup. That in itself disables the WPS.
This was added in the latest firmware update back in February. »homedownloads.cisco.com/download···2012.txt |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·Comcast
·WOW Internet and..
| said by Mike Wolf:Hmm, Not sure what you mean by disable WPS when I simply go into the web interface and choose "manual" instead of leaving it on Wi-Fi Protected Setup. That in itself disables the WPS. It would seem so doesn't it? Except all recent Linksys routers stay vulnerable even when you do that. Until their new firmware really does turn it off. Fun, huh? |
|
| Dunno. I personally haven't had any problems. I know that Windows 7 has the WPS ability built in, and I notice two routers under Network Infrastructure when the WPS is enabled, and disappears into only one when WPS is disabled. |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·Comcast
·WOW Internet and..
1 edit | reply to caffeinator
Apples and oranges. SES is from Broadcom, WPS is from Wifi Aliiance.
Did you find any flaw reported for SES? Not that there couldn't be. The WPS flaw is an unintended feedback about the PIN number***. I didn't think SES uses PINs?
*** Linksys added their own flaw... NOT being able to really disable it. |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·Comcast
·WOW Internet and..
| reply to Mike Wolf
said by Mike Wolf:Dunno. I personally haven't had any problems. I know that Windows 7 has the WPS ability built in, and I notice two routers under Network Infrastructure when the WPS is enabled, and disappears into only one when WPS is disabled. The data comes from the attack tool (named "Reaver") still cracking the PIN and getting access, regardless the setting.
The best data I know of is: »docs.google.com/spreadsheet/lv?k···SSHZEN3c |
|
| thats interesting, but another option would be to use WPA2 Enterprise and attach a RADIUS server. |
|
caffeinatorComing soon to a cup near you..Premium
join:2005-01-16
WA, USA
kudos:3 Reviews:
·CenturyLink
1 edit | reply to Bill_MI
said by Bill_MI:Apples and oranges. SES is from Broadcom, WPS is from Wifi Aliiance.
Did you find any flaw reported for SES? Not that there couldn't be. The WPS flaw is an unintended feedback about the PIN number***. I didn't think SES uses PINs?
*** Linksys added their own flaw... NOT being able to really disable it.
Hmmm, my bad...ack!
Not sure what to think about this since I'm not actually using the router at the moment, but it seems you are right about them being different. So, no idea if SES is also vulnerable or not without more research but it seems it isn't. Weird. 
From: Linksys WRT54G Ultimate Hacking
By Paul Asadoorian, Larry Pesce
click to read better
I know mine does have a "pin" mentioned in the wireless setup, but I don't use wi-fi, so I tend to ignore that stuff. I've always just disabled wi-fi on everything and used good 'ol cables.
I think I'll leave the radio off until I can get DD-WRT on there, just in case.
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages |
|
| Well don't get any ideas with the v2 because Linksys is specifically designing the new routers to NOT be third party firmware supported, even taking it as far as writing the firmware in house instead of by an outside company. |
|
caffeinatorComing soon to a cup near you..Premium
join:2005-01-16
WA, USA
kudos:3 Reviews:
·CenturyLink
| No worries, I have checked and it's supported:
»www.dd-wrt.com/wiki/index.php/Li···_%26_7.2
Mine is a WRT54GS v7.50, but I saw on DD-WRT forums where it has been used. 
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages |
|
| oh ok yeah the WRT54G is supported yes, I was afraid you were going to try to do this on one of the new E4200v2 routers which don't use ODM'd code lol. |
|
| reply to Bill_MI
said by Bill_MI:It would seem so doesn't it? Except all recent Linksys routers stay vulnerable even when you do that. Until their new firmware really does turn it off. Fun, huh?
Actually, this isn't exactly the same. With older versions of the firmware you didn't really have an option to "turn off" WPS. You could either pick "Manual" or "WPS" but selecting Manual did not turn off WPS (this was the issue). Cisco is releasing updated firmware that does allow WPS to explicitly be turned off, and the Feb release for the V1 routers is the first of these updates.
I have not seen any screenshots of the new firmware or any further discussion on this update so I wouldn't know if this setting now disables WPS, or if a new option was added to disable it. The google docs spreadsheet page doesn't appear to have been updated or make any notes about being able to disable WPS with the latest firmware (IE: that page is out of date)
The Cisco page listing the routers that have this update is at »www6.nohold.net/Cisco2/ukp.aspx?···id=25154
There had been a posting in Cisco's forums that enabling MAC address filtering on the AP disabled WPS, but it isn't clear to me that this truly disables it rather than providing an extra control (IE: only authorized hardware addresses may use WPS). It is well known that hardware addresses are easily spoofed, so if the latter this is not much protection but if the former (IE: even authorized MAC addresses can not use WPS) it may be a potential workaround. |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·Comcast
·WOW Internet and..
1 edit | 
E3200 f/w ver 1.0.03 Mar 2012 |
said by Shady Bimmer:I have not seen any screenshots of the new firmware or any further discussion on this update so I wouldn't know if this setting now disables WPS, or if a new option was added to disable it. The google docs spreadsheet page doesn't appear to have been updated or make any notes about being able to disable WPS with the latest firmware (IE: that page is out of date) Here's a screen shot and a revelation...
In that spreadsheet (»docs.google.com/spreadsheet/lv?k···SSHZEN3c) the E3200 occurs twice, including the latest 1.0.03. Looks like Reaver is STILL cracking it if I read that right - Item 44. Not good. |
|
Laramar
join:2002-08-23
Minneapolis, MN | E3200 1.0.03 firmware adds two things:
1. Disable/Enable WPS
2. WPS lockdown (when WPS is enabled)
Disabling WPS will stop the Reaver crack.
With WPS lockdown, the router is suppose to lockdown WPS after a certain number of unsuccessful attempts. One person at the Cisco forum claims the lockdown is not working: »homecommunity.cisco.com/t5/Wirel···p/497518 |
|
Laramar
join:2002-08-23
Minneapolis, MN | |
|
