Full Disclosure mailing list archives
Re: Linksys Routers still Vulnerable to Wps vulnerability.
From: Derek <derek () madrock net>
Date: Mon, 13 Feb 2012 22:42:25 +1030
secure_CC_POS Thanks Derek On 13/02/2012, at 22:17, Alex Buie <abuie () kwdservices com> wrote:
Just morbidly curious, what did you use for the SSID? On Feb 12, 2012 5:31 PM, "Derek" <derek () madrock net> wrote: They should at least consider providing an option to disable the static pin only or disable it after an hour if the future is activated by the user. Seems to be something that could be included in a future firmware update. For a vendor to provide another mechanism for a user to get remotely hacked (within wireless TX/RX range) and not address it in a reasonable amount of time, exposes the less technical user, who is was intended to help in the first place. It would be interesting to see if this feature went through a technical security risk assessment and if so, how the static pin was rationalised for public release. I setup an isolated vulnerable device and had attack traffic within 2 days of it being activated. I did make the SSID very attractive, but the war drivers are certainly getting out of the house again. Thanks Derek On 13/02/2012, at 1:47, Rob Fuller <jd.mubix () gmail com> wrote:I've tested a 6 models of Linksys, all of them appear to disable WPS completely as soon as a single wireless setting is set. I assume this would be the reason Cisco/Linksys aren't putting much stock in 'fixing' it further. If anyone has any experience to contradict this or have a modification to current tools to circumvent what I've perceived as disabled, I, as I'm sure Craig, would be very interested. -- Rob Fuller | Mubix Certified Checkbox Unchecker Room362.com | Hak5.org On Sat, Feb 11, 2012 at 4:23 PM, <farthvader () hush ai> wrote:_________________________________________________________________________ "Use Tomato-USB OS on them." _________________________________________________________________________ Besides you void warranty... list of DD-WRT Supported routers: E1000 supported E1000 v2 supported E1000 v2.1 supported E1200 v1 ??? E1200 v2 ??? E1500 ??? E1550 ??? E2000 supported E2100L supported E2500 not supported E3000 supported E3200 supported E4200 v1 not supported yet E4200 v2 not supported M10 ???? M20 ???? M20 v2 ???? RE1000 ???? WAG120N not supported WAG160N not supported WAG160N v2 not supported WAG310G not supported WAG320N not supported WAG54G2 not supported WAP610N not supported WRT110 not supported WRT120N not supported WRT160N v1 supported WRT160N v2 not supported WRT160N v3 supported WRT160NL supported WRT310N v1 supported WRT310N v2 not supported yet WRT320N supported WRT400N supported WRT54G2 v1 supported WRT54G2 v1.3 supported WRT54G2 v1.5 not supported WRT54GS2 v1 supported WRT610N v1 supported WRT610N v2 supported X2000 not supported X2000 v2 not supported X3000 not supported. _________________________________________________________________________ "Fixing? Heh. Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it off either." _________________________________________________________________________ What about removing WuPS entirely? WuPS is a total failure because: 1. Even if everything is fine 8 digits long is very weak because once you got the pin after 7 month - 2 years for example, you are completely pwned. 2. Pin number is fixed you can't change it to a longer number or maybe a string like "omgponnies" 3. Setting up a WPA2 password manually it's a piece of cake (even with keypad only cell phones), if some people are lazy, you don't have to weakening the security of a strong protocol. Farth Vader _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps vulnerability. farthvader (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Rob Fuller (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Dan Kaminsky (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Derek (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Alex Buie (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Derek (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Rob Fuller (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Sanguinarious Rose (Feb 12)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. William Warren (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Dan Kaminsky (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. chris nelson (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Dan Kaminsky (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. chris nelson (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. chris nelson (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Derek Grocke (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. chris nelson (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. William Warren (Feb 13)
- Re: Linksys Routers still Vulnerable to Wps vulnerability. Ian Hayes (Feb 13)