dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6767
share rss forum feed

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:4

1 recommendation

reply to Frodo

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Yep. I would have to get a new router whenever my ISP implements IPv6 as my router has no idea what that is...it is that old. I would rather wait awhile (since my ISP has said nothing about when IPv6 will be implemented and also because I wanted to finish paying for my new computer first). Plus, I was always going to buy another Linksy (even though support on this one was not good ....but the router was good) but now Cisco has sold Linksy to Belkin I don't think I want a Linksy, but other brands don't interest me much either.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



bluepoint

join:2001-03-24
reply to TamaraB

NVM



TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless
reply to Bill_MI

Re: The GRC Public Test is up

said by Bill_MI:

I
Anyone see a positive scan? It should reveal the uPnP details of the device that responds.

Thanks for the link, looks like Apple Time Capsules are safe.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:4
reply to Frodo

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

said by Frodo:

Then I guess your router is broke. Not old, but broke. If you're concerned about this UPnP thing, then you'll have to get a new one.

Maybe not. I just read the Defense Code paper. My router does not have a Broadcom chip. The chip is a Kendin Ks8695. I doubt it is vulnerable. Linksy should list which ones of theirs are vulnerable. I doubt that any Linksy routers so old that DD-WRT firmware cannot be made to work on them are vulnerable.

On an ironic note, I now remember that it was my activating UPnP in the router that caused the nasty bug to trigger that set a random password. I stumbled on the threads at Linksy just now and decided to again try the passwords users say are what the router sets when it sets a "random" one (and that worked for some users but not others). They didn't work on Fx but I thought, what the heck, I'll try on IE as one has a character that evidently the browser adds...so I did that and IE popped a Security Warning that the Linksy User Name and Password would be transmitted as plain text
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Mele20

said by Mele20:

I don't know how to put it more clearly. I cannot access the router's interface due to a nasty bug that reset my password long ago to an arbitrary one. Yes, I could reset the router to factory default and then I could get in its interface. BUT I can't use the router AT ALL unless it has beta firmware from Europe flashed and I can't currently access my old XP machine to try and find it ...it has an odd name for searching for it in a huge downloaded programs folder. Plus, even if I found it, I have a bad feeling about flashing a router this old with beta firmware. I don't even know if I would need to first flash 4 OLDER beta firmware versions before I would flash this one I need. (Do the beta firmware versions build upon the one before it or not? What about the actual released firmware versions since I got the router? Would I have to flash each of them and then the beta firmware versions)?

Of course not.. hard reset it to factory setting and then put on what you like. each beta is not stacked.

»www.dd-wrt.com/wiki/index.php/Re···ad_Flash

»www.idealinternet.co.uk/restore-···ware.tpl
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

Mele20 See Profile, Linksys routers themselves are great routers. Yeah, their customer support as you put it, sucks. But who cares, as long as the router works it's fine.

I have the Linksys E3200 router. It's running TomatoUSB ToastMan's Edition. It has more features that you can shake a stick at! WAN and LAN side bandwidth monitoring is one such feature. The firmware's always up to date since the guy is releasing firmware on a weekly basis (that's good!) and a very lively community behind it on LinksysInfo.org.

I doubt that Belkin will change the Linksys products at the moment. Remember... they just signed the deal. Integration of the company is barely done, product lines have yet to be merged. There's still a lot of Linksys E-Series routers out there. Grab one while you still can.
--
Tom
Boycott AT&T uVerse! | Tom's Android Blog | AOKP (The Android Open Kang Project)



planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI

List of effected Linksys routers:

Linksys Products Impacted
The following devices have been confirmed as impacted by this vulnerability:

1. E900
2. E1200 v2
3. E1000 v2.1
4. E1500
5. M10 v2
6. WRT610N v1
7. WRT610N v2

The following devices have been confirmed as NOT IMPACTED by this vulnerability:

1. E2500
2. RE1000
3. E1000 v2
4. E1000 v1
5. E1200 v1
6. E1550
7. E3200
8. E4200
9. M10 v1
10. M20
11. WRT160N v3
12. WRT310N v2
13. All EA series

Found here:
»homekb.cisco.com/Cisco2/ukp.aspx···id=28341

Figures my E1500 is effected. I've always disabled UPnP on my router anyway but if I ever want to play games online with my xbox, I may need to.



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

»www.4shared.com/file/7shFFAB3/to···012.html
That should get you secured. That's a third-party firmware file for the E1500.



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1
Reviews:
·WOW Internet and..

2 edits
reply to planet

said by planet:

Figures my E1500 is effected. I've always disabled UPnP on my router anyway but if I ever want to play games online with my xbox, I may need to.

Hi planet. I'm really curious and Linksys is no help.

The problem is 2-fold. 1) UPnP code is exploitable. 2) UPnP services are exposed to the net (WAN) interface. This is specifically what the GRC scan looks for.

1) isn't good but it's DOUBLE HORRIBLE if you also have 2).

Anyone daring, enable UPnP and see if the »grc.com ShieldsUp! scan detects it. I'm thinking no. This means it's just bad but not horrible.

EDIT: There's a giant leap of vulnerability between 1) and 2). Reports are in that there's active scanning from many sources, for item 2) at this time so don't be feeding the bad guys unnecessarily if you don't have good recovery techniques.


norwegian
Premium
join:2005-02-15
Outback


I'm starting to wonder what exactly needs to be in place to stop this, I'm thinking the GRC site is not a valued test for this.



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
reply to Doctor Olds

said by Doctor Olds:

Of course not as you are confusing Hardware PnP (Plug aNd Play) with UPnP (Universal Plug aNd Play) and they are two completely different services.

Missed your reply, Doc. Sorry.

Have a look: About »Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Silijaline also posted the same image. It is UPnP in services.msc.
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein


norwegian
Premium
join:2005-02-15
Outback
reply to Cabal

broadcom upnp remote preauth root code

Thought this needs to be posted here as well.
First noted by Smokey Bear See Profile here. I'm not sure if this is all the same issue or a new topic.

»blog.defensecode.com/2013/01/bro···ode.html

All routers with a Broadcom chipset are affected?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

It's not the chipset that makes a particular router vulnerable or not. It's the software/firmware that drives it.



norwegian
Premium
join:2005-02-15
Outback


I noted mine is not on the list, and I doubt that the list at defensecode covers every router manufacturer out there with the specific chipset either.
Understand what you are saying, however I have sent an email to support to ask the question.
They could say "no it has good firmware" but that could still only be them politely telling me to go away.
I wonder if there will be an Internet based tool for all this - and works. At present, Berkeley's needs java, rapid7's tool doesn't seem to function and I'm doubting GRC's test is specific to the UPNP issue discussed here.

Anyone else know of anything that can test?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



DrDrew
So that others may surf.
Premium
join:2009-01-28
SoCal
kudos:12

2 edits
reply to Mele20

Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

The WNR3500L takes a pretty standard 12vdc 1a power plug. Available for under $10 with free shipping even to Hawaii at a few sites I checked.

You could also reset your router, if you ever wanted to. You won't lose the version of firmware on it. Linksys doesn't do that, you'd have to open the router and jumper a couple of chip pins to wipe the firmware.

If you want the beta firmware for your old router, look here: »/r0/down···code.zip It's BEFSR41V3_v1.06.05_000_code.bin if anything that should give you a file name to search for on your XP machine.

It was posted on this thread, 7 years ago:
»Re: [ENG] TM402P reset
--
Two is one, one is none. If it's important, back it up... Somethimes 99.999% availability isn't even good enough.



Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18

1 edit
reply to Juggernaut

said by Juggernaut:

said by Doctor Olds:

Of course not as you are confusing Hardware PnP (Plug aNd Play) with UPnP (Universal Plug aNd Play) and they are two completely different services.

Missed your reply, Doc. Sorry.

Have a look: About »Re: Security Flaws in Universal Plug-n-Play: Unplug, Don't Play

Silijaline also posted the same image. It is UPnP in services.msc.

Of course it is, I was referring to your statement that no hardware stopped working or didn't function when you disabled UPnP, which isn't UPnP or SSDP (both are actually used in UPnP) functional purpose, but it is Hardware PnP that handles the hardware in your PC so that's why no devices stopped working in or connected to your PC after shutting off/stopping/disabling UPnP.

said by Juggernaut:

UPnP has been disabled for years in services.msc. I've never had a problem with a device failing to work.

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Libra
Premium
join:2003-08-06
USA
kudos:1
reply to Bill_MI

Re: The GRC Public Test is up

Thank you for posting the link to the Shields Up Upnp test. I just took the test and my IP did not respond to the UPnP probes.

Sincerely, Libra