Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[DU7]

What is the status of the HNAP issue mentioned in:

http://forums.dlink.com/index.php?topic=10458.0

A search didn't turn up any updates other than locked threads. If there is a current thread that gives status updates, would appreciate a pointer.

At present, I don't see any new firmware listed on the support page for the 655.

Has new firmware been released to address the issue?

If not, what is the current ETA for a fix?

Would also appreciate a statement from Dlink about what router models are impacted, etc. (since the various postings on security sites have been updated to include additional models than what was originally posted at said sites).

Thank you.

[Cobra]

Firmware has been released...look in the beta section.

[thecreator]

What is the status of the HNAP issue mentioned in:

http://forums.dlink.com/index.php?topic=10458.0

A search didn't turn up any updates other than locked threads. If there is a current thread that gives status updates, would appreciate a pointer.

At present, I don't see any new firmware listed on the support page for the 655.

Has new firmware been released to address the issue?

If not, what is the current ETA for a fix?

Would also appreciate a statement from Dlink about what router models are impacted, etc. (since the various postings on security sites have been updated to include additional models than what was originally posted at said sites).

Thank you.

Hi DU7,

HNAP Firmware has no problems or security risks.

HNAP Protocol was written by Pure Networks. Whether or not D-Link employed the protocol was up to them.

HNAP Protocol was to allow Network Magic to work with the D-Link Routers.

I use Network Magic, so I don't see any Security Risks.

It is up to the individual user. Once you install the newer firmware, you can't go back to the original Firmware.

I think that maybe from Cisco / Linksys stated the problem with the HNAP, in order to get D-Link to stop using that HNAP Protocol. (Just my opinion.) Because Cisco acquired Pure Networks.

 

[EddieZ]

Also, HNAP isn't a full fledged exploit. It is only useable from inside the LAN.

[Lycan]

Either way we've closed it for good and we're doing so in good faith.

The internet has a way of blowing things out of proportion

[DU7]

Thanks for the responses.

As best I can tell the beta code is  'use at your own risk' and isn't an official release, at least at this point.

Is there an ETA when the official, supported version will be released?

[sideloaded2]

Right and your superiors would've made you fix the exploit right away even if the internet didn't blow it out of proportion. 

[lotacus]

Really. I mean, come on. how long has the router been in production? and it's just made public that there is a "small" exploit and everyone is all on their toes yelling and screaming like their entire lives are going to be swallowed up by some evil-doer.

What about this, did you know that your household dead bolts, your car locks, your bike locks and anything you "lock" up have exploits as well? Everything you lock up isn't safe!! security through obscurity thats all everything is.

I'm suprised that people are not yelling to remove WEP from routers because it's so easy to crack. Or that some other method should be integrated into the routers kernel to prevent rogue ap's. How does one know if they are REALLY connecting to their AP? Just because it has your SSID?

[Lycan]

More importantly, if someone already has access to your LAN your security is compromised.

[EddieZ]

How about using Windows (any version)? 

[sideloaded1]

Right so any security hole shouldn't be fixed because your LAN is already compromised. Also do you think exploits aren't parleyed on top of each other? What if a new exploit used this hole like a dns rebind attack?  

[lizzi555]

Right so any security hole shouldn't be fixed because your LAN is already compromised. Also do you think exploits aren't parleyed on top of each other? What if a new exploit used this hole like a dns rebind attack?  

More than 7 proxies and a new netgear router with DD-WRT and still full of fear ?
You should shut down your internet connection,  perhaps you feel more safe then.

[sideloaded1]

nah ill just use 14 proxies now.

[Cobra]

It is pretty easy anymore for network admins or websites to see the real IP of someone using a proxy. 

Do a search for proxy to real IP if you do not believe me.

[Lycan]

Ok. This thread is done.
It's gone way off course. I'm locking it. Sideloaded and any other alt, proxy or not will continue to be banned and have the posts deleted.