Greg_Z
Premium
join:2001-08-08
Springfield, IL
 ·Comcast
| reply to Bill
Re: Ouch! Security problem in linksys routers
If you are just changing the Wifi A/P MAC, are you changing the MAC on the NIC at the time of reboot. MAC address scheming can work both ways, and if the A/P is still associating the MAC of the NIC at the time of reboot, then you may still have problems.
The problem lies that the A/P still remembers the MAC of the NIC at the time of the reboot along with the Key that it has to send to confirm the key on the A/P and the MAC of the A/P. Unless the IPTables is being flushed at the time of reboot, everything stays in the memory of the A/P.
There is going to defiantly be a good White paper out of this.
--
One man's customer loyalty is another man's misguided arrogance. |
|
Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ
clubs:
| reply to Bill
said by Bill  :•Flash from Linksys 4.50.6 to DD-WRT. •I looked in the web GUI after the flash and the WPA settings from my previous Linksys firmware were still in there. •I set my wireless card to "Disabled" for security settings I was able to connect right up (see attached image). I'm guessing that even though the WRT54GS web config is reporting WPA is enabled, it's not really enabled. Wow, interesting vulnerability.
Are 3rd party firmware distros built on the 4.50.6 linux-GPL code also affected?
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn
I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 8800+ messages currently using 268 MB (11%) of my 2442 MB |
|
Bill
Light Up The Halo
Premium,VIP
join:2001-12-09
clubs: | I was able to produce this problem on both Linksys 4.50.6 and DD-WRT v22.
I'm not sure which Linksys version DD-WRT v22 is based on. |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC | Isn't Bill the best for putting in the time on this one?
Great job!! |
|
jebz
join:2002-05-19
 ·OptusNet
| reply to nwrickert
said by nwrickert :With WPA Personal/TKIP authentication enabled, the unit allows both clients using encryption with the correct settings and key, and clients not using any encryption. This happened to me on my WRT54G v2.2 when upgrading from 4.00.7 to 4.20.6 .
I checked all my security settings and they were in place after the upgrade and the wireless network was operating well. I tried to connect a second laptop but it developed a wireless hardware fault. I substituted another card and it reported the wireless network was insecure. This was quite a surprise. This was confirmed by Netstumbler.
I looked at the security settings again and found the latest version of the firmware has a button icon with a lock in it in the Wireless/Basic Wireless Settings. The button showed an open lock. I clicked on the lock and all hell broke loose. It changed all my security settings. I then re-entered my security settings to restore operation. The network then indicated secure on the clients and all operations continued as per the old firmware version. |
|
Greg_Z
Premium
join:2001-08-08
Springfield, IL | reply to funchords
Definitely he is doing something that is going to help everyone out in the long run. I am wondering how far into the WRT line this problem goes..
--
One man's customer loyalty is another man's misguided arrogance. |
|
Bill
Light Up The Halo
Premium,VIP
join:2001-12-09
clubs:
| reply to funchords
It gives me something to do until school starts again 
Greg_Z , I'm also interested in seeing which other WRT's this applies to. If I had another WRT54G, or WRT54GS, I'd test it out  .
--
Folding Monitor
Network Status
Weather Stats |
|
Glen T
join:2003-11-03
BC
| said by Bill :It gives me something to do until school starts again Greg_Z , I'm also interested in seeing which other WRT's this applies to. If I had another WRT54G, or WRT54GS, I'd test it out . I'm still waiting for he definitive response from Linksys support regarding the feasibility of using the save/restore settings after a a firmware upgrade/reset.
If I get the green light from Linksys, I'd like to try the whole process along with restoring from a saved conf file on my WRT54G v1.1. I'll be upgrading the firmware from v3.03.6 to v4.20.6. I don't have a 'virgin' client, though, so I'd have to wipe one to give this a try. I may also be able to grab my nextdoor neighbour's laptop. |
|
Glen T
join:2003-11-03
BC
| Here is the question that I asked Linksys support:
Thanks for your reply. I just want to confirm your answer:
I can use the Config Managment tool to restore a previously saved config file, saved before I did a firmware upgrade. In other words, the following:
1. My router is using firmware version X. I create a back up config file from version X.
2. I upgrade my router to firmware Y.
3. I do a factory reset following the firmware upgrade.
4. I do a restore of my config file to restore my settings.
This will work? Here is the response:
Yes. It is the configuration or the settings that you need to save and not the firmware. Create a back up first then restore it after. I have not had time to try this yet, but I plan to do the entire procedure on my WRT54G -- hopefully today. After all, who wouldn't want to miss the opportunity of turning their router into a doorstop?
I'll post my findings when I'm done. Please allow time for me to run to the store and by a new WRX router!
My objective is to establish whether or not I can reproduce the reported conditions, and whether or not you can restore a saved config file after an upgrade of firmware. This would at least provide a decent workaround.
Note that I am using an access restriction table on router which limits access to the Internet for several computers based on their MAC numbers and time of day. Should be interesting to see if that survives the restore, along with other settings. |
|
Glen T
join:2003-11-03
BC
1 edit | Well here are the results of my test:
1. I saved a config file from firmware v3.03.6 on my WRT54G v1.1 router.
2. I used the HTML interface to apply the firmware update to v4.20.6.
3. Tried logging on from my laptop using a Linksys WUSB11 v2.6 adapter on my neighbour's laptop (which has seen my secure connection in the past). I could not log on. However, he is running WinXP without SP2, so it saw my connection as WEP (not WPA).
4. I brought his WUSB11 v2.6 connector to my laptop, installed it, and set it up. It identified my connection as secure, but I could not log on.
5. My other wireless PC which was on and connected throughout the upgrade, remained connected.
6. I did a factory reset on the WRT54G. All settings including password for log on were purged.
7. I successfully logged onto the newly unsecured connection from my laptop.
8. I then applied the saved config file made from firmware v3.03.6. My settings appear to be completely restored with no problems. The router never complained or warned in any way about the different version of the config file.
Conclusions:
1. This was not a clean test for reproducing the problems with unsecured logon following the firmware upgrade. I didn't have access to a clean client that had not previously seen my router. However, the router did end up in a state where I could not log on from my laptop prior to do a factory reset.
2. My test showed that it is at least feasible to save your config to file prior to upgrading the firmware, and then restoring your settings after a factory reset. On the WRT54G, this could be a recommended work around. Linksys support confirmed this (for what that's worth). |
|
Yoofer
Play It Loud
join:1999-11-20
Beulah Land
| Okay, I'm not new to networking, but extremely new to wireless (under 1 week with the Linky WRT54G, firmware 3.03.6). So am I correct that the consensus is this is an issue related to old settings not being purged after a firmware update? Has anyone been able to confirm this behavior in the G? Or only the GS? Am I okay with my currently installed firmware? How does MAC filtering figure in? Mine is currently set to permit only, with just the MAC of my notebook's built-in wireless adapter entered. Sorry for all the questions, still learning...
Some (relevant?) settings:
SSID broadcast disabled
Firewall enabled
WPA-TKIP enabled
MAC filtering (permit only) enabled
I have a friend coming over to the house in a couple of days - I'll have him bring his wireless notebook (it's never seen my router) and see if he can connect. I'll post back with the results...
--
Ken S. |
|
Yoofer
Play It Loud
join:1999-11-20
Beulah Land | Quick update to my settings: just switched to WPA-AES.
--
Ken S. |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
 ·Skype
| reply to Yoofer
said by Yoofer :So am I correct that the consensus is this is an issue related to old settings not being purged after a firmware update? Yes, you are correct. |
|
