esjones Premium Member join:2010-09-10 Springboro, OH |
esjones
Premium Member
2015-Feb-21 3:55 pm
Linksys Router Vulnerability - Port 80 OpenI have discovered that, following Belkin acquiring Linksys and updating the firmware on my EA3500 Router without my permission, Port 80 is open on the public (internet) side of the router. I have just gotten off a chat with Belkin support, and they claim there is no way to close the port.
This is a huge vulnerability, in my opinion, as it makes my router subject to a brute-force password hacking attempt. An HTTP request to my public IP address, port 80, goes straight to the router administrator log-in screen.
If Belkin cannot or will not fix this, I guess I need to go get another Tomato or dd-wrt router.
Earl |
|
sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX |
sivran
Premium Member
2015-Feb-21 4:08 pm
said by esjones: following Belkin acquiring Linksys and updating the firmware on my EA3500 Router without my permission I'd junk a router for that reason alone. |
|
CartelIntel inside Your sensitive data outside Premium Member join:2006-09-13 Chilliwack, BC |
to esjones
Belkin acquiring Linksys? Belkin sucks though...
Can you run Tomato or DDWRT? |
|
|
|
to esjones
no big deal |
|
TheMG Premium Member join:2007-09-04 Canada
1 recommendation |
to esjones
Crap like this is part of the reason I no longer use consumer grade routers. |
|
|
to esjones
No idea if this will work try setting up a port forward within router for port 80 to some null address within your network. That might kill it for external requests from outside.
Home router vendors are living in another world when it comes to passible security. The only way to win is not to play. |
|
ZZZZZZZ Premium Member join:2001-05-27 PARADISE |
to esjones
Use a software firewall to create rules to block it. |
|
TheWiseGuyDog And Butterfly MVM join:2002-07-04 East Stroudsburg, PA
1 recommendation |
to esjones
You can try the steps outlined in the link below and roll back to the classic router firmware. » kb.linksys.com/Linksys/G ··· verted=0 |
|
85160670 (banned)"If U know neither the enemy nor yoursel join:2013-09-17 Edmonton, AB 1 edit |
to esjones
Go to; "[ » www.grc.com/x/ne.dll?bh0bkyd2 ] to test all your open port & depend on your router setting to your Internet world ¿ ¿ Mine is non detected = STEALTH result from GRC. |
|
esjones Premium Member join:2010-09-10 Springboro, OH |
esjones
Premium Member
2015-Feb-21 5:44 pm
Thanks. "Shields Up!" from GRC is how I found the open port vulnerability in the first place. |
|
85160670 (banned)"If U know neither the enemy nor yoursel join:2013-09-17 Edmonton, AB |
85160670 (banned)
Member
2015-Feb-21 5:50 pm
Click - proceed - next click silver tab - common ports - voila, you see wich open port is ¿ ¿ |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN |
to 85160670
No ports open on my Cisco firewall. |
|
85160670 (banned)"If U know neither the enemy nor yoursel join:2013-09-17 Edmonton, AB 1 edit |
85160670 (banned)
Member
2015-Feb-21 5:58 pm
Good Dustyn ...... mine get SPI-NAT firewall with anti DoS, till now leaktest show solid FW {{{ SMILE }}} |
|
ZZZZZZZ Premium Member join:2001-05-27 PARADISE |
to esjones
A firewall is still the best option to block certain ports. |
|
TheWiseGuyDog And Butterfly MVM join:2002-07-04 East Stroudsburg, PA
1 recommendation |
Unfortunately if the port is open on the router because the router has an external web interface enabled, a software firewall on your computer will never receive the packets. The port will still be open on the router no matter what you run on the computer. IIRC most routers will not even forward packets destined to the port on which the routers web interface is listening. |
|
Bill_MIBill In Michigan MVM join:2001-01-03 Royal Oak, MI TP-Link Archer C7 Linksys WRT54GS Linksys WRT54G v4
1 recommendation |
to esjones
No chance it's the ISP? It used to be more common but I haven't heard of it lately. Some ISP's used to intercept port 80 so it never reached the customer and some did this poorly. I'd try dslcreature 's idea. EDIT: That router is getting your real public IP, right? No chance it's the modem acting as NAT router? |
|
85160670 (banned)"If U know neither the enemy nor yoursel join:2013-09-17 Edmonton, AB |
to esjones
Just for your INFO :' [ » www.grc.com/port_80.htm ] more inside the LINK |
|
esjones Premium Member join:2010-09-10 Springboro, OH |
to Bill_MI
I used my cell phone (on the cellular network, NOT my local WiFi) and used the browser to browse to my home public IP. Voila! There was the login screen to my router. |
|
sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX
1 recommendation |
sivran
Premium Member
2015-Feb-21 9:39 pm
This won't end well. |
|
Bill_MIBill In Michigan MVM join:2001-01-03 Royal Oak, MI TP-Link Archer C7 Linksys WRT54GS Linksys WRT54G v4
2 edits
1 recommendation |
to esjones
said by esjones:I used my cell phone (on the cellular network, NOT my local WiFi) and used the browser to browse to my home public IP. Voila! There was the login screen to my router. Yep, that nailed it. I admit what's happening with me is pure disbelief. I'm looking at » ui.linksys.com/files/EA3 ··· ent.html and assuming this is NOT what you have? I remember this story a while back and thought Cisco (at the time) completely back-pedaled. What's the story about Belkin? This firmware-hijack thing was before their time. Something's fishy. EDIT: If anyone's interested in the firmware-hijack Cisco tried to pull I found the big thread: » Cisco Connect CloudAnd this link about the back-pedal: » www.neowin.net/news/cisc ··· settings |
|
1 edit
1 recommendation |
to esjones
Don't most stock firmwares have an option to enable/disable router management from WAN side? Surely they should have a way to disable that and they should never enable that by default. Silly Linksys/Belkin.
EDIT: I also agree with TheWiseGuy's suggestion as well to go back to the previous classic firmware. And disable any automatic upgrading of firmware if possible. |
|
norwegian Premium Member join:2005-02-15 Outback 1 edit |
to esjones
It looks like you have good assistance already. For yourself you can also look at sites like this to see what is revealed. » ipleak.net/Of course if you want to post the info, remove all IP references for now until someone can help resolve what you are seeing at the router. For instance my test [Edit: Referenced to my own router] with my phone gave "server stopped responding". |
|
·Carolina Mountai.. Synology RT2600ac Linksys E2000
|
to esjones
Old-as-the-hills RVS4000's & E2000 OK Here...
My most recent rants on the above models is that new firmware was released after the device had been designated as obsolete.... so there was no indication that the firmware had been released, until I stumbled onto it purely by accident...... |
|
sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX |
sivran
Premium Member
2015-Feb-22 9:14 am
I have a BEFSR41 in the closet. |
|
doppler join:2003-03-31 Blue Point, NY |
said by sivran:I have a BEFSR41 in the closet. So "You are coming out of the closet?" |
|
|
StuartMW
Premium Member
2015-Feb-22 9:50 am
said by doppler:So "You are coming out of the closet?" No, the router is And BTW the WAN and LAN ports aren't used for the same thing Just sayin' |
|
Bill_MIBill In Michigan MVM join:2001-01-03 Royal Oak, MI |
pssst... your port's open... (geeze... what I gotta do to stay on topic ) |
|
Bill_MI |
to esjones
I got curious about this. The direction Cisco went makes my BS alarms go off and Belkin seems to want little to do with that which they bought into. Too bad... automatic updates could make for more secure routers but the cost these scumbags put on it is way too high (your data are belong to us). said by esjones:If Belkin cannot or will not fix this, I guess I need to go get another Tomato or dd-wrt router. I wouldn't hesitate a second. Just got a TP-LINK Archer C7 and it's running OpenWrt Barrier Breaker 14.07. A good fit for me. |
|
esjones Premium Member join:2010-09-10 Springboro, OH |
to WildByDesign
said by WildByDesign:Don't most stock firmwares have an option to enable/disable router management from WAN side? Yes, the pre-hijack Linksys firmware did include that option. It has been removed from the Belkin firmware. |
|
esjones |
esjones
Premium Member
2015-Feb-22 11:59 am
Linksys/Belkin has tried to assure me (via Twitter, no less!) that there is nothing to worry about, that the SPI feature of the router will protect me. Sounds hollow, and I remain unconvinced. |
|