Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Mangix
Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play Gee, you must think everyone has new, or relatively new routers, to be telling them to flash them to WRT or something. My router will be 10 years old in October. It is vulnerable. Linksy has stated that all their older routers have the vulnerability. I don't want a new router because Linksy has been sold to Belkin (ugh) and I don't like Netgear, DLink, etc. I'll have to get a new router eventually whenever TWC finally turns on IPv6 and I am not looking forward to that day.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 Mangix
join:2012-02-16
united state | dd-wrt has very wide hardware support. The original WRT54G is still supported by dd-wrt. Not sure what your router is though. |
|
|
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | Yes, it does have wide support but ONLY for newer routers. A lot of people have OLD routers. I got mine in 2003. The Oceanic TWC foreman has a Linksy router that is 12 years old...my friends have 7-10 year old routers. NONE of them are new enough to run third party software. Plus, you can't run it until your warranty (2-3 years) is over unless the word warranty is meaningless to you.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
1 edit | said by Mele20: A lot of people have OLD routers.
You could try a workaround. Someone in this thread said that the UPnP uses port 1900 UDP. So, one thing I would try is to port forward UDP 1900 in the router to a non-existent Lan IP, to some internal UPD port, say 65535 and run the test again to see if you're still vunerability.
Not saying it is going to work, but that would be the kind of thing I would try. If Linksys didn't intend the UPnP to work from the Lan Wan side, the port forward might be a way to bypass the vulnerability. Good luck.
edit: fix the side I was talking about |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | My problem is that I cannot access my router for years now. There is a bad bug that Linksy didn't bother telling about until us users stumbled on it and that was too late. I didn't insert the password TWICE on something...I have forgotten what exactly...that I was changing in the router interface and because I only inserted the password once (logical thing to do) and was not told to insert it again...that caused the router to create a RANDOM password and lock me out. I found lots of Linksy router users with the same problem...no password suggested in Linksy forums would unlock the random password.
So, I had beta firmware from Linksy Europe FTP server...never was offered in the USA because Linksy told me USA customers were too stupid to flash the beta firmware properly and too stupid to even understand they needed it. Linksy customer service was awful even when the router was new). Without the beta firmware, I can't use Ping Plotter Pro. I don't think I have a copy of the firmware on my old XP machine. So, I can't reset the router to factory default as then I can't use Ping Plotter Pro. I have to have this beta firmware. Plus, I don't want to mess with an old router resetting to factory default and then the various (this was the fifth beta firmware I installed) beta firmwares. It might kill the router or definitely mess up my network which has problems anyway and I don't need any more). Linksy was bad long before Cisco bought them. The Ping Plotter author and I both contacted them back then and they could care less...they didn't even suggest the beta firmware we found that allowed Ping Plotter to work with the router.
So, I can't turn off UPnP because I can't get into the router interface. I enabled it years ago for some Microsoft something that had to have it. Irony...huh?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 huh
@verizon.net | reply to Mele20
I have a ~10 year old linksys wrt54g v2 that is still supported by openwrt, ddwrt and tomato.
These days a router that supports ddwrt costs about $20. I would think in this case buying a new router would be better than keeping an old buggy one that's life has likely run its course. I mean $20 over 10-12 years? That's $2 a year and you get 802.11n support too. |
|
 Cartel
join:2006-09-13
Chilliwack, BC
kudos:2
 ·TekSavvy DSL
 ·Shaw
·TELUS
| reply to MrFixit1
said by MrFixit1:You can use »netalyzr.icsi.berkeley.edu/ to at least test for UPNP access from the wan side .
Will be near the top of the results listing ,may have to hit + to get full details .
You won't need to worry about upnp if you install JAVA!!
Berkeley have their head up their ass? |
|
| reply to Cabal
Quick test confirmed UPNP not open on my end... thanks be for that.
said by MrFixit1:You can use »netalyzr.icsi.berkeley.edu/ to at least test for UPNP access from the wan side .
Will be near the top of the results listing ,may have to hit + to get full details .
netalyzer, while the output was interesting on a technical level, didn't see an option about UPNP... or am I missing something?
Someone able to screenshot their results for reference?
Going to be interesting to watch this one... bets on this being the biggest 2013 security brouhaha?
Regards |
|
| reply to Cartel
Do not disagree with you Sindows ,the nice thing about Firefox is how easy it is to turn Java on and off . Since I normally run the test with only one instance of FF running , and then turn Java back off , not too worried about it. |
|
| reply to HELLFIRE
Didn't want to take the time to clean up a screen image ,this is where to look.
Address-based Tests + –
NAT detection (?): NAT Detected +
Local Network Interfaces (?): OK +
DNS-based host information (?): OK +
NAT support for Universal Plug and Play (UPnP) (?): Not found +
Should add that since GRC has it running , use that one . |
|
Mangix
join:2012-02-16
united state | reply to Cartel
Try doing the types of test that Netalyzr does without Java. I dare you. I double dare you.
At the end of the day, Java requires less investment of resources to get one thing to run in multiple places(browsers, OSes, etc...).
Plus, Java will only mess you up if you allow it to run on other sites. The choice is yours. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to huh
said by huh :I have a ~10 year old linksys wrt54g v2 that is still supported by openwrt, ddwrt and tomato.
These days a router that supports ddwrt costs about $20. I would think in this case buying a new router would be better than keeping an old buggy one that's life has likely run its course. I mean $20 over 10-12 years? That's $2 a year and you get 802.11n support too.
Yeah...$20 and the shipping to Hawaii is $50.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 DrDrewSo that others may surf.
join:2009-01-28
SoCal
kudos:10 | Just take that Netgear WNR3500L you got from the SamKnows project, which they replaced with something else, and load Tomato, DD-WRT, or something else onto it: »www.myopenrouter.com/download/list
You've already got that router, it's just collecting dust unused right? SamKnows doesn't want it back and you don't like the Netgear firmware on it.
--
Two is one, one is none. If it's important, back it up... Somethimes 99.999% availability isn't even good enough. |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to Mele20
Never found a linksys router yet you could not reset it back to the factory setting with a toothpick in the hole in the bottom when it is on or a combination of special buttons..that will then let you back in again with the default password..or none at all. so what is your model number that is it so special ?
»pcsupport.about.com/od/linksys-d···word.htm |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to DrDrew
said by DrDrew:Just take that Netgear WNR3500L you got from the SamKnows project, which they replaced with something else, and load Tomato, DD-WRT, or something else onto it: »www.myopenrouter.com/download/list
You've already got that router, it's just collecting dust unused right? SamKnows doesn't want it back and you don't like the Netgear firmware on it.
I guess it would be ok to do that. The original agreement with SK was that we would not be able to change the firmware on the Netgear until 3 years into the project which it has not been. (But they never asked for it back...still, I would need to get permission from them as they still could ask for both back when the testing ends. Plus, I don't have a converter plug for it because the TP-Link didn't come with one for USA electrical power (Neil sent me one that was lying around his office for him to test with as I was the first tester in the USA to get one of them) and he told me to just use the one for the Netgear as it would fit the TP-Link. So, I'd have to buy a converter plug that would fit it before I could try that and in Hilo...
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Name Game
You read too fast. 
The problem is not resetting it. It is then flashing the beta firmware version I need to get Ping Plotter Pro to work with it.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
 JuggernautIrreverent or irrelevant?Premium
join:2006-09-05
Kelowna, BC
kudos:2 | A router reset does not alter FW at all. |
|
| reply to Mele20
said by Mele20:You read too fast. ...
I must have read too fast too. Because, earlier, I thought I read, "My problem is that I cannot access my router for years now. ... So, I can't turn off UPnP because I can't get into the router interface."
And what I thought I just read was how to reset the password to a default, so that you could presumably log into the router and turn off the UPnP.
Them reading comprehension problems. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | I don't know how to put it more clearly. I cannot access the router's interface due to a nasty bug that reset my password long ago to an arbitrary one. Yes, I could reset the router to factory default and then I could get in its interface. BUT I can't use the router AT ALL unless it has beta firmware from Europe flashed and I can't currently access my old XP machine to try and find it ...it has an odd name for searching for it in a huge downloaded programs folder. Plus, even if I found it, I have a bad feeling about flashing a router this old with beta firmware. I don't even know if I would need to first flash 4 OLDER beta firmware versions before I would flash this one I need. (Do the beta firmware versions build upon the one before it or not? What about the actual released firmware versions since I got the router? Would I have to flash each of them and then the beta firmware versions)?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
| Then I guess your router is broke. Not old, but broke. If you're concerned about this UPnP thing, then you'll have to get a new one.
When I looked in my router's firewall log, other than the GRC scans, I didn't see any UPnP probing. |
|
