Vulnerability In Linksys Cable/DSL Router

ispcay writes "Yahoo has published an article on a Linksys vulnerability. An easily exploitable software vulnerability in a common home networking router by Linksys Group could expose thousands of home users to denial of service attacks, according to a security advisory issued by iDefense, a software security company." The article's kinda sparse on details, but does mention that the vulnerability is fixed in the latest firmware release. Upgrade 'em if ya got 'em!

Simple fix, not hard

[tulare]

From the e-week article, all you have to do is disable remote admin, which is the default setting, which you should have confirmed anyhow. Duh.
No firmware flashing needed.

Actually, this little thing is kinda powerful

[The+Breeze]

The default Linksys in the article has 4 ports, true, but they can actually support 254 clients if you connect them to a switch. Furthermore, the BEFSR11 is a one-port, designed to be connected to a switch or hub, and has proven very popular in labs of anywhere from 10-30 workstations, although it can actually support up to 254 clients. Consequently, there are those out there who may get a sick kick out of kicking schools, non-profit organizations and other institutions offline.

The BEFSR11 is truly cool. $50 gets you a box that barely draws any power and routes requests quite nicely for 254 machines and functions as a DHCP server to boot. Practically maintenance free. Most of mine already have upgraded firmware, but you can bet that I - and several other admins who oversee non-profit and educational sites - will be busy checking firmware versions for a while.