Bill
Light Up The Halo
Premium,VIP
join:2001-12-09
clubs:
| reply to nwrickert
Re: Ouch! Security problem in linksys routers
It's definitely a problem, but I'm not sure if it can be addressed and fixed by Linksys or the third-party providers.
Obviously, people don't want to "Restore to Factory Defaults" because they'll loose their settings and have to re-enter them, but it may have to be done to prevent this security problem.
--
Folding Monitor
Network Status
Weather Stats |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
 ·Verizon Online DSL
 ·Skype
| said by Bill  :It's definitely a problem, but I'm not sure if it can be addressed and fixed by Linksys or the third-party providers. Obviously, people don't want to "Restore to Factory Defaults" because they'll loose their settings and have to re-enter them, but it may have to be done to prevent this security problem. Yes, but OTOH, there's no guarantee that one firmware version is going to use the same keywords or values as the other.
Something like that is probably what's happening here. Between version x and y, something got flipped or skipped.
This is a good bug. Although it is security related, it's not likely going to be exploited.
--
Robb Topolski  http://www.funchords.com/  Hillsboro, Oregon USA
Dear Anonymous, Thank you!!! Thank you!!! |
|
kpr92400
join:2002-06-28
Brookfield, IL
| This is a good bug. Although it is security related, it's not likely going to be exploited. Not likely that it's going to be exploited?!? Unless this particular firmware upgrade scenario is unlikely, it's going to happen, and it's going to get wardriven and exploited someday.
n.b. I just bought a WRT54G from newegg, and while it was hardware v4, it had some pretty ancient firmware on it... |
|
avantare
Go Tribe
join:2000-02-16
Farmington, MI | I just purchased a WRT54G from CompUSA hw is v4 and the first thing I did was check the firmware. It's the latest.
Chuck
--
A computer is not a tool. When was the last time you had to do maintenance on your screwdriver? |
|
WALL_E
Premium
join:2003-05-28
USA
| reply to nwrickert
When you say that it is necessary to restore factory defaults after upgrading the firmware, does that mean restoring defaults by pressing and holding the recessed button on the back of the router, or by restoring defaults through the router's web interface, or does that not make a difference? I have always restored the router by pressing and holding the button until the power light began to flash.
Thanks in advance.
I also believe that this is a pretty good bug, but as Linksys does highly recommend resetting after a firmware upgrade, it is not as big of an issue as I had originally thought. Perhaps in the future, Linksys can have their upgrade utility display a warning box after the firmware upgrade completes, which urges the user to reset the router, with several scolding warning messages if the user decides not to. Or they could even make the upgrade utility reset the router without asking after a firmware upgrade. |
|
Bill
Light Up The Halo
Premium,VIP
join:2001-12-09
clubs:
| I used the "Factory Defaults" option in the firmware upgrade menu (see attached image).
I prefer not to do a hard-reset. The only time I'll do a hard-reset (use the reset button) is if I can't get into the web config.
There's also a stand-alone "Factory Defaults" option inside most of the Linksys firmwares, which will allow you to restore all settings to "Factory Defaults", without upgrading your firmware.
--
Folding Monitor
Network Status
Weather Stats |
|
Glen T
join:2003-11-03
BC
| 
WRT54G config save/restore |
|
|
Bill
Light Up The Halo
Premium,VIP
join:2001-12-09
clubs:
| Mine does have a "Backup" option, but I do not know if the settings can be transferred between different firmware versions.
It warns me about using it on different firmwares/models.
I'm not willing to test out "Restore" from a different firmware version because there is a possibility it could turn my router into a paperweight.
Also, I do not know if the "backup" from a previous firmware would do any good. If you upgrade the firmware, without a reset, wouldn't that essentially be doing the same thing as flashing, resetting, then using the backup file? We've already found out settings aren't successfully transferred from one to the other, so it seems like it would be the same.
--
Folding Monitor
Network Status
Weather Stats |
|
Glen T
join:2003-11-03
BC
| I'm going to look into this a bit more -- will check with Linksys support. You would think that Save/Restore would be meant for exactly this kind of scenario. Also, it does not necessarily follow that restoring a saved firmware set is the same as flashing over top of an existing set without resetting.
I'll see what I can find out. |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| reply to Bill
With the D-Link DI-5xx/6xx/7xx routers, and the Netgear WGT/WGU-624, you generally cannot apply settings saved from a previous version to an upgraded version.
We have found a few exceptions to this rule, but we've also found that a higher rate of success is obtained my hand-entering these settings over restoring them from a file -- even under the same firmware version!
--
Robb Topolski http://www.funchords.com/ Hillsboro, Oregon USA
Dear Anonymous, Thank you!!! Thank you!!! |
|
Glen T
join:2003-11-03
BC
| I just had a 'live' chat with Linksys support, which wasn't very helpful. He sort-of confirmed that you might want to do a factory reset after flashing a new firmware version. He had no knowledge of what the configuation management tools were used for.
I've e-mailed my question to Linksys support, including a link to this topic. We'll see what they come back with. I've asked for a definitive statement on when you would use the Configuration Managment save/restore. |
|
Bill
Light Up The Halo
Premium,VIP
join:2001-12-09
clubs:
| Thanks Glen T 
Hopefully we'll get an answer in this thread, or via your email. At the least, Linksys has been notified of this problem and hopefully will fix it |
|
Greg_Z
Premium
join:2001-08-08
Springfield, IL
 ·Comcast
| reply to Bill
What gets me is that you are reproducing the error on a machine that has already been connected to the router that is supposedly connected prior to the upgrade.
In order to do a real world test, you have to use a machine that has never been connected via wifi to the router in order to see if there is a true claim in this possible security hole.
--
One man's customer loyalty is another man's misguided arrogance. |
|
Bill
Light Up The Halo
Premium,VIP
join:2001-12-09
clubs:
| I only have one machine with wireless.
I changed the SSID and wireless MAC address on the router prior to connect to it with my laptop, so that should make it like the computer has never seen it before, hopefully.
If anyone else has a WRT54GSv1, or even a regular WRT54G, I'd be interested in seeing what results you get.
--
Folding Monitor
Network Status
Weather Stats |
|
Greg_Z
Premium
join:2001-08-08
Springfield, IL
·Comcast
| reply to nwrickert
Just changing the SSID and Wireless NIC MAC address will not do it. The machine that is being used still remembers the MAC address of the device that you are connecting to. You really have to use something like Knoppix or another machine in order to see if there is a vulnerbility out there.
--
One man's customer loyalty is another man's misguided arrogance. |
|
justageek
join:2002-03-07
Marietta, GA
| reply to Bill
Ask SW Bill and you shall receive
I can't recreate the issue on the G...
using 4.00.7 = No issue
using 4.20.6 = No issue
Dare I speculate that this bug is confined to the GS routers or am I just not testing things right??
Equipment Tested
1 Dell C600
1 Linksys WPC54G version 2 with no firmware updates and standard Linksys drivers
1 Linksys WRT54G version 3
1.) Flashy Flashy to 4.20.6
2.) Run Netstumbler
3.) Found other networks, mine was "missing".
4.) Flashy Flashy to 4.00.7
5>) See step 2
6.) See step 3
7.) Flashy Flashy to 4.20.6
8.) Router cranky at first, but works fine now.
Laptop is a unit that I took out of work and has never been wireless.
XP installed on it from ground zero (No slipstreamed SP2)
After I got all the fun fun stuff on it (at the office), I popped in the NIC and gave it the drivers.
Maybe I have a sooper router??? |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
1 edit |  reply to Bill
said by Bill :•I set my wireless card to "Disabled" for security settings "Greg Z" mentioned this above -- Just changing the SSID and Wireless NIC MAC address will not do it. The machine that is being used still remembers the MAC address of the device that you are connecting to. ...and I just want to back him up on this fact...
If you started with an EAP protocol, then switched the card to disabled, the EAPOL authenitcation service continues to run -- perhaps stupidly, but it does.
And as long as that MAC address is out there, it will enforce its last instructions.
I agree -- we need to test this with a reboot after the above step mentioned in »Re: Ouch! Security problem in linksys routers
--
Robb Topolski http://www.funchords.com/ Hillsboro, Oregon USA
Dear Anonymous, Thank you!!! Thank you!!! |
|
Bill
Light Up The Halo
Premium,VIP
join:2001-12-09
clubs:
| reply to Greg_Z
I should have been more specific; I cloned the wireless APs MAC address, not the wireless card. That should make a difference, right?
I can try it with my Linux laptop and see what happens.
--
Folding Monitor
Network Status
Weather Stats |
|
funchords
Hello
Premium,MVM
join:2001-03-11
Washington, DC
·Verizon Online DSL
·Skype
| said by Bill :I should have been more specific; I cloned the wireless APs MAC address, not the wireless card. That should make a difference, right? It will only make a difference one way.
WPA authenticates both sides: STA auth's the AP, AP auth's the STA
If I were you, I'd repeat your previous steps, but power-cycle the router and reboot the laptop after that point I mentioned above. That way any prior auths or lockouts are forgotten.
--
Robb Topolski http://www.funchords.com/ Hillsboro, Oregon USA
Dear Anonymous, Thank you!!! Thank you!!! |
|
Bill
Light Up The Halo
Premium,VIP
join:2001-12-09
clubs:
1 edit | Still letting me on after a reboot, SSID change, wireless MAC change.
See picture. |
|
