Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[RogerSC]

Now that WPS has been cracked (you can get "reaver" on the internet to run on your Linux laptop or VM), it has been found that several routers that have WPS disable/enable controls in their web GUI's are still vulnerable to attack.

Has anyone verified whether or not that's the case with the DIR-655?  I was feeling pretty good about my router until I read that some routers are still vulnerable to this attack even with WPS disabled in their web controls.

It would be nice to get confirmation for this router on whether I need to stop using it (no open source firmware available that I know of).

Thanks.

[FurryNutz]

WPS? What are you referring too?
Where did you read about this vulnerable attack?

[RogerSC]

Here's a couple of links about this vulnerability:

http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

http://www.kb.cert.org/vuls/id/723755

The thing that stands out to me is that for some routers, even if WPS is not enabled, they are still vulnerable to this.

[FurryNutz]

Have you contacted D-Link and ask them if they are aware of this? I presume they are.

[RogerSC]

According to the CERT notice, yes, they were notified 12/5/2011, and updated on 12/27/2011.

So yes, D-Link knows about this.

[FurryNutz]

So you haven't asked D-Link directly? Will be up to them to fix it if they verify and deem it necessary, if it effects ALL routers or not, test and release it. I would presume it would be a while before we see anything about his regarding FW updates.

In most cases turning off WPS in the router stops this if there is someone attempting this. I recommend doing this anyways as most users of the router don't use this feature unless they have supported devices like a wireless printer that has WPS. In most cases, anything wireless in mainly handled via SSID and the PW people can set up. Turn of  features that your not using on the router. 

[RogerSC]

I haven't found dealing with D-Link support to be very illuminating or useful.  The one time that I did try to talk to them, they wasted a lot of my time, which I'm not eager to repeat.  However, a certain number of people test their router to see if it is vulnerable using the reaver program.  That's what I was trying to find out, if anyone who reads this forum has done this, and what the results were.

My Linksys E4200 was tested by several people and failed.  As a result, I switched it to tomato open source firmware, and it's doing fine.  As there is no open source firmware for this router, which I use as an AP, I thought I'd ask.  Yes, D-Link will have to fix this if the router turns out to be vulnerable.

[RogerSC]

By the way, I share your "turn off what you're not using" philosophy for any hardware including routers.  Very little was turned on by me in when I upgraded to the tomato firmware, just basic routing and wireless.  For one thing, that way you don't run into bug in parts of the firmware that you don't care about.  And also the router processor(s) and memory can be used for routing, rather than bandwidth monitoring, etc.

[FurryNutz]

I saw that mentioned in a article about this issue. WPS is on be default. Which it ok for the most part and it's marketing. There just trying people to use the feature. Most people I talk to or help out, I've asked they they don't know about, or don't use it at all. I think it's a nice feature however I don't think it should be ON by default, I'm sure they could find other ways to easily have users enable it with out hassle. But that's me. 

[RogerSC]

It's not just you, any security-related feature like WPS should be able to be fully disabled, and in fact should be delivered disabled by default, and have to be enabled to use it.  That would have taken care of this problem for all the people that don't use WPS.  Very little excuse for not being able to fully disable this feature, or having it enabled by default.

[FurryNutz]

Ya I agree, just seems like there are extra features that should be disabled out of the box however were dealing with marking here. 

Well I D-Link knows about it. I might start having people turn it off if there really worried about it.

[RogerSC]

If this really works according to:

http://www.smallnetbuilder.com/wireless/wireless-features/31664-waiting-for-the-wps-fix

then with WPS disabled, WPS PIN is not available.  So this should answer my question.

[FurryNutz]

Also Select Link:WPS Security Vulnerability Information

[nicknml]

I tried reaver against a spare router (installed in on Backtrack on a virtual machine) that I have lying around and it really does work (it does take a while, but it does eventually get the PIN)

[FurryNutz]

Was WPS ON or OFF for this test?