dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
11566
share rss forum feed


Bluefish
Premium
join:2010-02-23

WPS Vulnerability on ASUS RT-N66U Router, is it fixed?

Does anyone know if ASUS has posted a firmware update that fixes the WPS issue for the RT-N66U Dark Knight router and if so, how they fixed it? I'm wondering if they just made the exploit take longer to run or if WPS is truly disabled and immune to the reaver exploit when we choose disabled in the router's web set up interface. (I have downloaded the latest firmware and disabled WPS under 2.4 and 5.0 ghz.)

I've spent a lot of my free time the last couple of days searching the net to see if ASUS has put anything out there that says the WPS issue has definitely been fixed but have only found this, »www.asus.com/News/9j7zPFIDUWT5Oqm4, can't find anything else addressing this issue saying that they fixed it.

And as I was searching I found this, »seclists.org/fulldisclosure/2013/Mar/126, which caused me a bit of concern. I don't completely understand what it's saying but I don't think I want a share facing the WAN. Do I need to be concerned about the "Hidden root$ Samba share" and the "MiniUPnP confirmed listening on "WAN" interface?" (I have UPnP disabled in my router). The article says that these vulnerabilities are in the latest firmware, 3.0.0.4.270.

I have considered flashing DD-WRT on my Dark Knight but it looks a little complicated with the CFE thing, I don't completely understand all this stuff. Also considered Tomato but am concerned I will brick my $$$ router.

Please help, right now I am wired to my internet connection.

Moderator, please move if this should be in the Security forum.

TIA,
Veronica


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
If WPS has a vulnerability just dont use it.
Is this fixed on any routers?


some_stuff

@comcast.net
reply to Bluefish
Hi Bluefish. I'm not familiar with that router but had similar questions with my own, wrt WPS.

I disabled WPS in the web interface but was not going to leave it to chance, as to whether it really was disabled or not! AFAIK the only way to check and be certain is to run a scan with wash and/or reaver. reaver itself can be quirky and tricky to get working depending on AP model, settings, and firmware, but it doesn't really have to be run to know. The package includes the "wash" tool which will list all local WPS enabled access points. If your router does not show up then WPS is disabled and there's no need to run reaver or fool with it.

I used an Ubuntu live cd to compile and run it. It only has a few dependencies. Not sure about other platforms, tools, or methods to test WPS functionality sorry.

As far as the other two things - you have the most recent firmware and if there's an unresolved problem with the firmware itself then there's not much that can be done. Only thing I can think of is to run more tools/scans to test out UPnP and Samba.

Try this for UPnP:

»www.grc.com/x/ne.dll?bh0bkyd2

Click Proceed and then "GRC's Intstant UPnP Exposure Test". That will do a WAN scan and that's the most important thing to check. It should respond with "THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!"

As for the Samba share I'm not sure. Maybe a Samba client or scanner? Hopefully others can give some further info because I've never done anything with Samba.

Hope this helps some!


Bluefish
Premium
join:2010-02-23
Thanks for the pointers some_stuff, I already checked the grc.com tool and it came up, Target did not respond, so should be good there. I don't have the technical know how to run Reaver but will check out the additional tool you list. I live in a high density area and can see ~30 wireless networks on any given day, so need to be diligent with security. It's crazy how the router manufacturers can leave us high and dry with this. When this vulnerability first came out I made sure to disable WPS and then just recently I read that disabling doesn't necessarily stop the attack, crazy. Anyway, thanks for your help, much appreciated.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
reply to Bluefish
If you use a prog like inSSIDer, the scan will show whether or not WPS is available on the router.

That said, to test it, hit the button and try to pair it with a device. Your answer will be there and is the true test.
--
"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." ~ Albert Einstein


Bluefish
Premium
join:2010-02-23

2 edits
Thanks much Juggernaut. Will check inSSIDer too. I might just pay someone to help me install Tomato on this thing. Tomato's not supposed to have WPS!

Is the metageek site the official download site ... Edit: never mind, looks like that is the official site


Bluefish
Premium
join:2010-02-23
reply to Juggernaut
I have installed inSSIDer 3 for Home and cannot find anywhere that shows WPS. Under Security it shows WPA2-Personal, WPA, WEP etc but no WPS info on any of the 27 networks I can see, even when I click on the network. I've read the user guide that comes with it but can't figure it out. I don't see any other options. Am I missing something.

Appreciate any help. Thanks!


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
My apologies. I've inadvertently lead you astray. It was the Android app I was thinking of.




Bluefish
Premium
join:2010-02-23
Ohhhh, that explains it. I'm a little afraid to mess with Reaver and Wash to check out WPS. Not sure where to get clean copies of it.

Do you know of an iPhone app that displays this info? I haven't been able to find anything so far. Wifi Finder seems to only find wifi hotspots.

I really appreciate your help!


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
I did look for the iPhone app as well, but it seems there isn't one yet.


Bluefish
Premium
join:2010-02-23
In case anyone is interested, I have an update on the RT-N66U as it relates to the WPS vulnerability. I charged up my old Blackberry which has the ability to use WPS to connect to a router that has WPS enabled. I had WPS disabled on my router and the Blackberry did not give me the option to connect with it using WPS. My Blackberry did detect several routers in my area with WPS enabled. Also, I downloaded inSSIDer onto my nephew's Galaxy S3 which also shows if WPS is enabled and with WPS turned off on my router, inSSIDer did not show WPS as being enabled (it did show it when I turned WPS on in the router webui, of course). I assume this means that my router has now been patched and is not vulnerable as long as WPS is disabled. I found a step by step on how to run Reaver on another site using Backtrack CD, so I might try that to see what happens... Just thought other users of this router might be interested.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
Good news. Thanks for the update.