Can an intruder remotely reset a Linksys WRT54G v5 router to default?
Can an intruder remotely reset a Linksys WRT54G v5 router to default?. Discuss Can an intruder remotely reset a Linksys WRT54G v5 router to default?, on Wireless Forums.
Can an intruder remotely reset a Linksys WRT54G v5 router to default?
What just happened is clear ... but HOW it happened ... is not clear to me.
Here's what happened:
1. I was home with my PC connected wirelessly to my Linksys WRT54G router
2. The connection was WPA2/PSK with wireless administrator access 'enabled'
3. The connection went down; the router disappeared from view
4. Shortly thereafter, the strongest signal was SSID=linksys
5. My teen-age kid experienced the same thing - at the same time
6. Only the kid & I were home so NOBODY physically touched the router!
7. Yet, the Linksys WRT54Gv5 router was clearly reset back to defaults.
How can that happen without anyone pressing the reset button?
Can a Linksys home broadband router be reset by an intruder on the net?
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
In <joorbo$ulg$1@speranza.aioe.org> William Bonner <wboniam@gma.com> writes:
>What just happened is clear ... but HOW it happened ... is not clear to me.
>Here's what happened:
>1. I was home with my PC connected wirelessly to my Linksys WRT54G router
>2. The connection was WPA2/PSK with wireless administrator access 'enabled'
>3. The connection went down; the router disappeared from view
>4. Shortly thereafter, the strongest signal was SSID=linksys
>5. My teen-age kid experienced the same thing - at the same time
>6. Only the kid & I were home so NOBODY physically touched the router!
>7. Yet, the Linksys WRT54Gv5 router was clearly reset back to defaults.
>How can that happen without anyone pressing the reset button?
>Can a Linksys home broadband router be reset by an intruder on the net?
First step: make sure you're still hooking up to your own router.
It's possible the Linksys died and you're hitting a neighbors...
--
__________________________________________________ ___
Knowledge may be power, but communications is the key dannyb@panix.com
[to foil spammers, my address has been double rot-13 encoded]
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
William Bonner wrote:
> What just happened is clear ... but HOW it happened ... is not clear to me.
>
> Here's what happened:
> 1. I was home with my PC connected wirelessly to my Linksys WRT54G router
> 2. The connection was WPA2/PSK with wireless administrator access 'enabled'
> 3. The connection went down; the router disappeared from view
> 4. Shortly thereafter, the strongest signal was SSID=linksys
> 5. My teen-age kid experienced the same thing - at the same time
> 6. Only the kid & I were home so NOBODY physically touched the router!
> 7. Yet, the Linksys WRT54Gv5 router was clearly reset back to defaults.
>
> How can that happen without anyone pressing the reset button?
> Can a Linksys home broadband router be reset by an intruder on the net?
http://homedownloads.cisco.com/downl...B_20070529.pdf
Page 1
"*Reset* There are two ways to reset the Router¢s factory defaults.
Either press and hold the Reset Button for approximately five seconds,
or restore the defaults from Administration > Factory Defaults in the
Router¢s web-based utility.
Page 2
"The Linksys default password is admin."
So how secure was yours after changing it? How strong was the password?
How long is the WPA[2] shared key or WEP passphrase? Are they *strong*
keys and not some easily guessed (easily dictionary attacked)?
Did you enable MAC filtering and add the MAC addresses for just your
intranet hosts so only they can connect to the router?
Settings in the router are retained by using NVRAM (non-volatile random
accessed memory) when power is off. Could be the flash memory is going
bad and isn't retaining the settings. However, since the flash memory
is inside the microprocessor (e.g., Atmega88), it means the unit is
kaput. Cooling is by convection only (no fans inside, just holes in the
case). If the ventilation holes get blocked then the parts inside
overheat. Once the unit goes flaky, dusting out the holes and inside
won't help. Could be someone (kid?) installed DD-WRT and then
reinstalled the factory or update firmware without first clearing the
NVRAM. Reinstalling the latest firmware might fix it (but then if the
reset was caused by flashin in new firmware then you already have it).
After entering strong keys/passwords for all the settings (to avoid
hacking), you'll have to watch the unit to see it if screws up again.
Could be it's getting flaky in its old age. So far with the routers
that have died for me, they always exhibit some flakiness in operation
before a catastrophic failure.
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 10:34:10 -0700, William Bonner <wboniam@gma.com>
wrote:
>How can that happen without anyone pressing the reset button?
If they can get to the admin web pages, they can reset it to defaults.
>Can a Linksys home broadband router be reset by an intruder on the net?
Yes.
However, that's probably not what happened. Some (not all) WRT54G v5
and v6 routers are junk.
<http://www.smallnetbuilder.com/wireless/wireless-reviews/26843-linksyswrt54gv5reallyisalousyrouter>
They will hang, reboot spontaneously, reset themselves, or do other
disgusting things. Installing DD-WRT sometimes cures the problems,
but not always. Oddly, only some WRT54G v5 and v6 routers are like
this. Some actually work quite well.
I'm constantly seeing various routers reset to defaults for no obvious
reason. It's not hackers. It's usually AC power glitches. Give the
power plug the right waveform, and the router thinks the reset button
has been depressed. I had this problem on a different product that I
worked on. The original design had the reset pin on the CPU set to
normally high and using level triggering. If the DC power went down
slowly or erratically, it will look like the reset pin was grounded,
thus causing a reset. It was solved by setting the line to normally
low, using the reset button to pull up the line. The firmware guys
also added additional debouncing to the reset pin. We were tempted to
try edge triggering, but ran out of time.
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 17:48:17 +0000 (UTC), danny burstein wrote:
> First step: make sure you're still hooking up to your own router.
> It's possible the Linksys died and you're hitting a neighbors...
Thanks for the advice. I'm absolutely positive it's my router.
Now I'm in worse shape than I was before.
Worried that the intruder put software on the router, I tried to upgrade
the firmware. After about 2 hours of watching the little bars go over nd
over across the screen, I unplugged it all.
Now the power light is flashing about twice a second, and I can no longer
log into the router, despite a bazillion reboots and resets.
Two questions:
a) How long should it take for a firmware upgrade?
b) Should the power light be steady or flashing on the WRT54G v5?
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 12:54:22 -0700, Jeff Liebermann wrote:
> It's usually AC power glitches. Give the
> power plug the right waveform, and the router thinks the reset button
> has been depressed.
Hi Jeff,
I know you're one of (if not the) most respected guy on this forum so I do
appreciate your advice. I'm in the Santa Cruz mountains (like you) and we
do get glitches in the power a lot. Seems to go down once a month
sometimes, and other times it lasts for six months before the generator
kicks in.
So, maybe that's what happened.
But, now it's even worse. With the router reset to defaults, I had no
problem logging in. I decided to update the firmware, just in case, using
the file FW_WRT54Gv5v6_1.02.8.001_US_20091005.bin downloaded from the
Linksys site for the v5 that I have.
This process went on for hours ... from about 11:00 to about 1:30 when I
finally gave up and pulled the plug. (BTW, how long 'should' a firmware
upgrade take anyway?).
Now I can't get anything to work on the Linksys router. No connection.
Two questions:
Q1: How long should it take for firmware to install itself?
(I gave up after almost 3 hours)
Q2: Should the power light be constantly blinking or should it be steady?
(Mine is blinking)
Re: Can an intruder remotely reset a Linksys WRT54G v5 router todefault?
On 5/13/2012 1:49 PM PT, William Bonner typed:
> Now I'm in worse shape than I was before.
>
> Worried that the intruder put software on the router, I tried to upgrade
> the firmware. After about 2 hours of watching the little bars go over nd
> over across the screen, I unplugged it all.
>
> Now the power light is flashing about twice a second, and I can no longer
> log into the router, despite a bazillion reboots and resets.
>
> Two questions:
> a) How long should it take for a firmware upgrade?
> b) Should the power light be steady or flashing on the WRT54G v5?
Not very long. I think your router had problems and is now dead/bricked.
Can you reset it with its hole? :( Maybe the router had problems earlier
too.
--
* <-- Tribble ... *********************** <-- Tribbles imitating ants
(unknown author)
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 14:16:14 -0700, Ant wrote:
> Not very long. I think your router had problems and is now dead/bricked.
> Can you reset it with its hole? :( Maybe the router had problems earlier
> too.
I held the reset button in for tweny seconds while booting and while
running - and it still doesn't respond.
The only indication I have is the power light is blinking two to four times
a second which I don't remember seeing (but I'm not sure if it's supposed
to blink).
I'm hooked directly to the rooftop antenna/radio right now so at least one
computer will be OK.
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 13:54:07 -0500, VanguardLH <V@nguard.LH> wrote:
>Did you enable MAC filtering and add the MAC addresses for just your
>intranet hosts so only they can connect to the router?
When I was a wireless hacker, I would spoof the MAC address
without even thinking about it.
Not really worth the trouble setting up MAC filtering.
The hard bit is the password cracking.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 18:36:08 -0300, Shadow wrote:
> Not really worth the trouble setting up MAC filtering.
> The hard bit is the password cracking
I've read much of what Jeff L. has said time and time again, so ...
a) I don't bother hiding the SSID
b) I don't bother with MAC address filtering
c) I use a non-dictionary SSID & passphrase
Of course, if I have a keylogger trojan on the network, that will negate
everything ... or it may have been a glitch in the power that reset the
router to defaults. I'm surprised - because it never happened before and
I've had the router for years ... but ... either way ...
My problem now is that the router is (apparently) bricked.
Q: Does anyone know if the router power light should be flashing or solid?
Q: How long 'does' it take to do a firmware upgrade?
Re: Can an intruder remotely reset a Linksys WRT54G v5 router todefault?
On 5/13/2012 2:20 PM PT, William Bonner typed:
>> Not very long. I think your router had problems and is now dead/bricked.
>> Can you reset it with its hole? :( Maybe the router had problems earlier
>> too.
>
> I held the reset button in for tweny seconds while booting and while
> running - and it still doesn't respond.
>
> The only indication I have is the power light is blinking two to four times
> a second which I don't remember seeing (but I'm not sure if it's supposed
> to blink).
>
> I'm hooked directly to the rooftop antenna/radio right now so at least one
> computer will be OK.
>
> If it's bricked, I might try the WRT54G revival guide:
> http://www.linksysinfo.org/index.php...al-guide.15815
>
> Or maybe even Tomato or DD-WRT (although I'm merely a basic home user).
Yeah. Also, try posting on Linksys forum. Good luck. Aren't computer
problems fun? I hate doing firmware problems and upgrades! :(
--
"I've been on some fairways that are as good as the greens we putted on
back then. We had crab grass. I remember one green where I putted
through ants." --Sam Snead
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
A song is/was playing on this computer: 505 - Blue Period
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 16:22:41 -0700, William Bonner <wboniam@gma.com>
wrote:
>I've read much of what Jeff L. has said time and time again, so ...
>a) I don't bother hiding the SSID
>b) I don't bother with MAC address filtering
>c) I use a non-dictionary SSID & passphrase
V. Good
>
>Of course, if I have a keylogger trojan on the network, that will negate
>everything ... or it may have been a glitch in the power that reset the
>router to defaults. I'm surprised - because it never happened before and
>I've had the router for years ... but ... either way ...
Never allow wireless access to your admin account on the
router. Always use a temporary cable for that.
>
>My problem now is that the router is (apparently) bricked.
Probably
>
>Q: Does anyone know if the router power light should be flashing or solid?
>Q: How long 'does' it take to do a firmware upgrade?
I use a Netgear. 1 to 2 minutes. I've used D-link. Just over a
minute. That includes the re-boot.
Your upgrade took way too long.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 14:07:15 -0700, William Bonner <wboniam@gma.com>
wrote:
>I know you're one of (if not the) most respected guy on this forum so I do
>appreciate your advice.
Hang on while I polish my ego.
>I'm in the Santa Cruz mountains (like you) and we
>do get glitches in the power a lot. Seems to go down once a month
>sometimes, and other times it lasts for six months before the generator
>kicks in.
That's fairly typical for a low end consumer router. I have a home
made power line logger running at my palatical office looking for
power line glitches. It's fairly crude and only catches the big
glitches. We've had major two power glitches in the area during the
last week. I've been getting calls for dealing with hung routers,
modems, and computahs all week. It sometimes takes several days for
the effects of the glitch to show up. All that needs to happen is for
the glitch to trip one bit in RAM. No problem until the device needs
to use that bit. Then, it goes nuts. ECC RAM is not used on
commodity routers.
>So, maybe that's what happened.
Highly likely. I can see a wireless attack in a crowded metro area,
but not in the sparcely populated hills. Attacks from the internet
are possible, but unless the router has some built in vulnerabilities,
is grossly misconfigured, or is sensitive to malformed packets, it's
not going to happen. Just in case, try:
<http://www.pcflank.com/exploits.htm>
It's old and incomplete, but I'm still finding modern routers that
fail some of the exploit tests.
>But, now it's even worse. With the router reset to defaults, I had no
>problem logging in. I decided to update the firmware, just in case, using
>the file FW_WRT54Gv5v6_1.02.8.001_US_20091005.bin downloaded from the
>Linksys site for the v5 that I have.
>
>This process went on for hours ... from about 11:00 to about 1:30 when I
>finally gave up and pulled the plug. (BTW, how long 'should' a firmware
>upgrade take anyway?).
The update should take about 60 seconds plus reboot time. Something
went wrong. Hopefully, you didn't try to do the upgrade via a
wireless connection. That's usually a guaranteed disaster.
Checking the web site, you have the correct version:
<http://homesupport.cisco.com/en-us/support/routers/WRT54G>
No checksum, so I have no way to verify if it was correctly
downloaded. You might want to try another download just to be sure.
>Now I can't get anything to work on the Linksys router. No connection.
It's bricked, but probably not fatal.
>Two questions:
>Q1: How long should it take for firmware to install itself?
>(I gave up after almost 3 hours)
About 60 seconds plus a reboot.
>Q2: Should the power light be constantly blinking or should it be steady?
>(Mine is blinking)
Nope. That means there's a checksum error in the firmware.
I would normally consider this a great opportunity to purchase a new
router and get rid of the v5 abomination. However, if you want to
raise the dead, try this simple test:
1. Power OFF the router.
2. Temporarily set your computah to a static IP address of
192.168.1.99.
3. Start a continuous ping to 192.168.1.1 For Windoze, that's
ping -t 192.168.1.1
Don't worry if you see errors at this point. If you don't have TFTP:
<http://www.dd-wrt.com/dd-wrtv2/downloads/others/tornado/Windows-TFTP/tftp2.exe>
IP=192.168.1.1
no password - leave blank
select the firmware
set retries to 99
4. Apply power to the router. You should see proper returns from the
pings after about 8 seconds. The returns will revert to errors after
about 5 more seconds. Try to record the times. You'll need them.
5. If you get proper returns in the previous step, there is hope.
6. Rename the firmware to "code.bin". This might also be a good time
to try loading the mini version of DD-WRT.
7. Under Windoze, type the following onto the command line (in a cmd
window):
tftp -i 192.168.1.1 PUT code.bin code.bin
Do not hit enter quite yet. Do not hit enter quite yet. Do not hit
enter quite yet. Do not hit enter quite yet. Got that? If you're
using tftp book, get ready to hit the start button.
8. Apply power to router and start counting seconds. The idea is to
start the TFTP program in the middle of when the pings were correctly
returned. You may have to do this several times to get it right.
9. When you hit enter, nothing should happen until code.bin is
properly uploaded. You'll get a message about ok to reboot (it varies
with the firmware). Ignore it and do nothing for at least 5 minutes.
Go get some coffee and keep your fingers off the keyboard. After 5
mins, pull the power to the router, wait for it to boot, and see if
you can get to the management page at 192.168.1.1.
10. If that works, don't foget to change the static IP address of the
computah back to DHCP. If it doesn't work, try again, or just get a
better router.
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 18:36:08 -0300, Shadow <Sh@dow.br> wrote:
>When I was a wireless hacker, I would spoof the MAC address
>without even thinking about it.
Once a wireless hacker, always a wireless hacker.
> Not really worth the trouble setting up MAC filtering.
I found one situation where MAC filtering was needed. A customer was
using about 10 assorted IBM Thinkpads of varying vintage. Some were
sufficiently old that they only supported WEP. There was also a wi-fi
range extender (repeater) that would only pass WEP. However, the
customer was not comfortable with using easily crackable WEP. So, I
added MAC address filtering to the security obstacle course. It
really wasn't necessary because they live in the deep dark forest and
know all the neighbors. Still, it made him feel better.
> The hard bit is the password cracking.
Sorta. Give me a few minutes with one of the client computers and
I'll extract a usable portable hash key. Much easier than over the
air pass phrase cracking.
<http://www.nirsoft.net/utils/wireless_key.html>
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 19:20:37 -0700, Jeff Liebermann wrote:
> The update should take about 60 seconds plus reboot time.
Hmm... that's what I needed to know. Bummer.
Something definitely went wrong.
>>Q2: Should the power light be constantly blinking or should it be steady?
>>(Mine is blinking)
> Nope. That means there's a checksum error in the firmware.
Hmm... OK. Well at least that matches what I'm seeing as the power light is
blinking three or four times a second (or so).
As for the recovery procedure ... I'll get ready for that and respond
when/if it works!
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 20:16:41 -0700, William Bonner wrote:
> As for the recovery procedure ... I'll get ready for that and respond
> when/if it works!
Whew! The version 5 Linksys WRT54G is back in business!
After unplugging everything but power, I did the 30/30/30 procedure which
was to hold the button for the entire 90 seconds - the first 30 while the
unit is powered - the second 30 while the power cord is removed - and the
third 30 seconds while the power is back on. Then I let go of the reset
button.
I then pinged 192.168.1.1 and this worked (much to my surprise) even though
the power light was still blinking and no other light was on (not even the
"CiscoSystems" orange light).
I opened up Firefox and went to 192.168.1.1 and was surprised to see:
Management Mode Firmware Upgrade
So, I hit the "Browse" button and then the "Apply" button and ... lo and
behold, after about 2 minutes and much flashing of the LAN light on the
router, the web page changed to "Upgrade Success".
I was worried because the power light still blinked for about two minutes
or so, but then it settled down, and now is a solid green!
I was able to log into the router at 192.168.1.1 and immediately noticed I
was at version 1.02.8 (plus the blue color changed in tone).
Thanks for all your help! I've disabled wireless access to the router just
in case it 'was' an intruder. Also I noticed this setting by default:
Wireless->Advanced Wireless Settings->Secure Easy Setup->Enable
It's also described by Cert: http://www.kb.cert.org/vuls/id/723755
Vulnerability Note VU#723755
WiFi Protected Setup (WPS) PIN brute force vulnerability
So, I disabled the "Secure Easy Setup" and the orange Cisco light went out!
I wasn't sure if this flaw was related to WPA2/PSK but apparently it is.
According to Wikipedia http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
"The flaw allows a remote attacker to recover the WPS PIN and, with it, the
network's WPA/WPA2 pre-shared key in a few hours".
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 10:34:10 -0700, William Bonner wrote:
> Can a Linksys home broadband router be reset by an intruder on the net?
UPDATE:
Apparently my Linksys WRT54G v5 router 'can' be reset by an intruder and/or
by a glitch in the power line. Drat!
To make it harder for the 'next' intruder, I realized belatedly we should
all turn OFF the Linksys/Cisco/ "Secure Easy Setup" feature!
Beware, it's not only Linksys that is affected by the SES vulnerability.
According to CERT, these companies are affected by the vulnerability:
1. Belkin, Inc. Affected - 10 May 2012
2. Buffalo Inc Affected - 10 May 2012
3. Cisco Systems, Inc. Affected - 10 May 2012
4. D-Link Systems, Inc. Affected 05 Dec 2011 10 May 2012
5. Linksys/Cisco Affected 05 Dec 2011 10 May 2012
6. Netgear, Inc. Affected 05 Dec 2011 10 May 2012
7. Technicolor Affected - 10 May 2012
8. TP-Link Affected - 10 May 2012
9. ZyXEL
1. In a browser, I went to 192.168.1.1 and was happy to see the Management
Mode Firmware Upgrade page. I downloaded a 'new' Firmware upgrade and
browsed to it and hit the "apply" button. http://www1.picturepush.com/photo/a/...40/8252514.gif
Hopefully, with a new non-dictionary SSID, non-dictionary password, a
rather long WPA2-PSK/AES key, & with remote management and wireless web
access disabled, I'm a bit more secure from outside hacking (if that's what
had happened).
I didn't bother hiding the SSID or filtering the MAC address based on
advice previously provided in this forum.
Minor question:
Q: Does setting the administrator access to https buy me any security over
http?
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Sun, 13 May 2012 21:57:52 -0700, William Bonner <wboniam@gma.com>
wrote:
>Q: Does setting the administrator access to https buy me any security over
>http?
No. All that does is prevent anyone from sniffing the wireless
traffic and extracting your admin password and WPA2 key if they were
able to capture a WPA2 setup session.
Congrats. What the 30/30/30 did was wipe the firmware completely
leaving only the TFTP loader and in your case, the initial firmware
loader. I forgot about that. It doesn't appear in all models.
>Maybe that's what happened to me?
Maybe, but I don't think so. I've always assumed that using WPS
requires that the button on the router be pressed in order to start
the WPS session. I can't currently determine if it's really required,
or if WPS is running all the time. I'll check later (time
permitting).
<http://www.pcworld.com/businesscenter/article/247118/two_new_tools_exploit_router_security_setup_proble m.html>
"Further, some access points don't provide an option
to disable WPS or don't actually disable WPS when the
owner tells it to."
Groan...
Linksys has only fixed the WPS vulnerability problem on newer models.
I don't expect a fix for the WRT54G.
<http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154>
That's from Jan 27, 2012. Since then there have been fixes for E1200
v2, E1500, E3200, and E4200 v1. Note that the WRT54G is not listed,
probably because it's not a currently selling product. If you must
use WPS/SES/AOSS/EZ-SETUP, I suggest you get an alternative firmware,
such as DD-WRT.
11,000 attempts works out to 9 hrs maximum. When I tried Reaver, I
was able to recover the PIN in about 6 hrs at about 1.5 seconds per
attempt. I only tried it once:
<http://code.google.com/p/reaver-wps/wiki/README>
It generated considerable wireless traffic, which was easily detected.
More:
<http://www.datacenterjournal.com/it/protect-your-network-from-the-wi-fi-wps-vulnerability/>
Re: Can an intruder remotely reset a Linksys WRT54G v5 router todefault?
On Sun, 13 May 2012 23:45:17 -0700, Jeff Liebermann wrote:
> "Further, some access points don't provide an option to disable WPS
> or don't actually disable WPS when the owner tells it to."
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Mon, 14 May 2012 17:31:35 +0000 (UTC), "Arklin K."
<arklin@notmyemail.com> wrote:
>On Sun, 13 May 2012 23:45:17 -0700, Jeff Liebermann wrote:
>> "Further, some access points don't provide an option to disable WPS
>> or don't actually disable WPS when the owner tells it to."
>
>My Linksys WRT54G version 5.0 has the option to disable secure easy setup
>but I can't find out from Linksys if that option actually works.
> http://www6.nohold.net/Cisco2/ukp.as...rticleid=25154
>
>They say nothing about the WRT54G here either:
>http://tools.cisco.com/security/cent...urityResponse/
>cisco-sr-20120111-wps
>
>I called Cisco technical support three times:
> 1-877-770-4113
>
>They didn't know what I was talking about.
>
>They gave me two more numbers to call:
> 1-800-326-7114 Cisco Consumer Support for Linksys
> 1-800-546-7597
>
>They answer pretty quickly but none have a clue.
Sigh. Support only seems to get worse. I'll see what I can discover.
However, I won't have much time to do anything until later in the
week.
Meanwhile, if you have a Linux box, try running Reaver:
<http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154>
and see how it responds to WPS traffic with it enabled and then
disabled in the router. Also try it before and after punching the SES
button on the front. I would do this for you except that I just
upgraded my Ubuntu box to 12.04 which broke most of my highly modified
wireless drivers and programs. Maybe I'll try to build it on my Mac
instead.
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Mon, 14 May 2012 12:17:07 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:
>On Mon, 14 May 2012 17:31:35 +0000 (UTC), "Arklin K."
><arklin@notmyemail.com> wrote:
>
>>On Sun, 13 May 2012 23:45:17 -0700, Jeff Liebermann wrote:
>>> "Further, some access points don't provide an option to disable WPS
>>> or don't actually disable WPS when the owner tells it to."
>>
>>My Linksys WRT54G version 5.0 has the option to disable secure easy setup
>>but I can't find out from Linksys if that option actually works.
>> http://www6.nohold.net/Cisco2/ukp.as...rticleid=25154
>>
>>They say nothing about the WRT54G here either:
>>http://tools.cisco.com/security/cent...urityResponse/
>>cisco-sr-20120111-wps
>>
>>I called Cisco technical support three times:
>> 1-877-770-4113
>>
>>They didn't know what I was talking about.
>>
>>They gave me two more numbers to call:
>> 1-800-326-7114 Cisco Consumer Support for Linksys
>> 1-800-546-7597
>>
>>They answer pretty quickly but none have a clue.
>
>Sigh. Support only seems to get worse. I'll see what I can discover.
>However, I won't have much time to do anything until later in the
>week.
>
>Meanwhile, if you have a Linux box, try running Reaver:
><http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154>
>and see how it responds to WPS traffic with it enabled and then
>disabled in the router. Also try it before and after punching the SES
>button on the front. I would do this for you except that I just
>upgraded my Ubuntu box to 12.04 which broke most of my highly modified
>wireless drivers and programs. Maybe I'll try to build it on my Mac
>instead.
The bundled Reaver solution, Reaver Pro, could be an option for folks
who don't have the time, the knowledge, or a compatible radio. The
cost, $99.99, is a bitter pill, however.
<http://hakshop.myshopify.com/products/reaver-pro>
Any comments?
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Mon, 14 May 2012 17:35:13 -0500, Char Jackson <none@none.invalid>
wrote:
>The bundled Reaver solution, Reaver Pro, could be an option for folks
>who don't have the time, the knowledge, or a compatible radio. The
>cost, $99.99, is a bitter pill, however.
><http://hakshop.myshopify.com/products/reaver-pro>
>Any comments?
Yeah... I don't like commercialized attacker tools. It's one thing to
disclose vulnerabilities to improve security and generally do the
everyone a favor. It's another to provide a tool kit designed solely
for breaking and entry.
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Mon, 14 May 2012 20:52:16 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:
>On Mon, 14 May 2012 17:35:13 -0500, Char Jackson <none@none.invalid>
>wrote:
>
>>Any comments?
>
>Yeah... I don't like commercialized attacker tools. It's one thing to
>disclose vulnerabilities to improve security and generally do the
>everyone a favor. It's another to provide a tool kit designed solely
>for breaking and entry.
Thanks, hard to argue with that. I was thinking that someone,
somewhere, would use it to check for the vulnerability or to prove to
themselves that turning it off in firmware actually disables it, but I
suppose you're right.
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
On Tue, 15 May 2012 10:08:41 +0000 (UTC), "Arklin K."
<arklin@notmyemail.com> wrote:
>I'm confused about the terms.
>Is this a correct attempt at simplifying the terms?
>
>SES = Secure Easy Setup = an "easy setup feature" (such as the push
>button on the WRT54Gv5 router)
>
>WPA = Wi-Fi Protected Access = a "security protocol" designed in 1999 to
>supercede WEP (see also WPA2 & WPA2/PSK)
>
>WPS = Wi-Fi Protected Setup = a "certification standard" that allows 4
>methods of easy setup (PIN, button, near-field, usb)
>
>
>Regarding the router vulnerability flaw, is this the correct summary?
>
>
>SES ==> This is not what's vulnerable with respect to that CERT advisory
>(http://www.kb.cert.org/vuls/id/723755)
>
>WPA ==> This is not what's vulnerable with respect to that CERT advisory
>(neither is WPA2, nor WPA2/PSK)
>
>WPS ==> This is what's vulnerable!
WPS is the Wi-Fi Alliance name of the technology used to deliver the
WPA/WPA2 encryption pass phrase from the router to a new wireless
client securely. The idea is to make it easy to setup a new computer
on a wireless network without having to type in a long and ugly
WPA/WPA2 pass phrase.
SES (Linksys - Secure Easy Setup),
AOSS (Buffalo - AirStation One-Touch Secure System),
EZ-SETUP (Asus)
Jumpstart (Atheros, Broadcom),
are implimentations and individual trademarks for WPS (Wi-Fi Protected
Setup). If WPS is vulnerable, they all are vulnerable (unless they
fixed the problem).
Re: Can an intruder remotely reset a Linksys WRT54G v5 router todefault?
On Tue, 15 May 2012 07:31:28 -0700, Jeff Liebermann wrote:
> SES (Linksys - Secure Easy Setup),
> If WPS is vulnerable, they all are vulnerable (unless they
> fixed the problem).
The question, I guess, is whether the WRT54Gv5 implements the PIN feature
of WPS, along with the button feature of SES.
I don't that answer - but it's the critical question.
Re: Can an intruder remotely reset a Linksys WRT54G v5 router to default?
"William Bonner" <wboniam@gma.com> wrote in message
news:joorbo$ulg$1@speranza.aioe.org...
> What just happened is clear ... but HOW it happened ... is not clear to
> me.
>
> Here's what happened:
> 1. I was home with my PC connected wirelessly to my Linksys WRT54G router
> 2. The connection was WPA2/PSK with wireless administrator access
> 'enabled'
> 3. The connection went down; the router disappeared from view
> 4. Shortly thereafter, the strongest signal was SSID=linksys
> 5. My teen-age kid experienced the same thing - at the same time
> 6. Only the kid & I were home so NOBODY physically touched the router!
> 7. Yet, the Linksys WRT54Gv5 router was clearly reset back to defaults.
>
> How can that happen without anyone pressing the reset button?
> Can a Linksys home broadband router be reset by an intruder on the net?
I can't answer how this happened, sorry.
But I can confirm that it does happen and not only with Linksys. I've seen
it with EnGenius routers as well as Linksys.
Those who would give up essential security to purchase a little
temporary convenience, deserve neither security nor convenience.
(Appologies to Ben Franklin).
Can an intruder remotely reset a Linksys WRT54G v5 router to default? 
Linear Mode
