Vulnerability In Linksys Cable/DSL Router

ispcay writes "Yahoo has published an article on a Linksys vulnerability. An easily exploitable software vulnerability in a common home networking router by Linksys Group could expose thousands of home users to denial of service attacks, according to a security advisory issued by iDefense, a software security company." The article's kinda sparse on details, but does mention that the vulnerability is fixed in the latest firmware release. Upgrade 'em if ya got 'em!

DOS attack easily resolved by resetting device

It's a 4 port home router - who's going to wage a DOS attack on a piddly $50 home router? And even if they did - just reset the darn thing. No big deal. I would only get the patch if this problem happened repeatedly.

Re:DOS attack easily resolved by resetting device

[ralphus]

I had someone launch a small one on me believe it or not. 50$ linksys router, cable modem, I notice a nmap scan happening, so i send him back some ICMP echo requests with LEAVE ME ALONE in the payload, and then about 25 zombies shut down my connection for about 20 mintues.

someone will attack anything for the same reason people climb mt Everest.

i thought this was already known...

[Essron]

I heard the 'remote management' option was a huge vunerability over a year ago. I'm no expert, but I doubt any security consious folks would have remote management enabled, and it is not clear if the boxes are vulerable with this feature turned off.

Or am I missing something?

Re:Upgrade Firmware

[eean]

Not really, considering that the .01% who know what they are doing don't have remote management turned on. Then there are the large majority of home users who went through the quick step guide and never accessed their router again, so have the default setting (remote management off). Those at risk are those who know enough to be dangerous.

I suppose there are a few people who have an actual reason to use remote management. These people need to update.

I'm not going to update my router - its functional, and secure. Since all your settings are erased on update, it would take more work then is worth it.

Router is not the only problem

[rworne]

A security exploit has also been found in their (and other vendor's) Wireless Access Points.

Sending a certain string over a certain UDP port will cause the AP to return the WEP key, mac filter settings, and admin password over the WLAN and LAN side.

Exploit can be found here

Makes me glad to have bought an Apple Airport for a change.

Never trusted them...

[sasquatchoflove]

If I can't see under the hood (who says I'll understand everything I'll see though), I tend not to trust things like this, esp. when it comes to security. My good ol' linux router on a P90 suits me just fine and I can do so much more with it. I don't see me owning one of these ever, so I don't have to worry. :)

Nothing new here

[v1]

While these "DSL routers" and other various "consumer grade" networking products have popped up like dandelions in spring, so have the problems.

My first venture into the fray was with an XSense (formerly MacSense) Xrouter. It was their variation on the "cable router" scene, for what is really more properly named a NAT box. It seemed to handle the fileserver well and port mapping was working fine. For their credit I'd also like to say they have some of the most impressive event logging I have ever seen, even recognizing attacks and identifying them by name. Then I tried to run a traceroute to an outside point to see how hop times were looking. Nothing.

"Maybe it's filtering my packets?" I think, and try to connec to its web administration page, but no response. Oops, my clients just lost connection to the servers they were attached to. And look, all the users are dropping off my server. What the...? It turns out that any attempt to traceroute out causes the router to reboot. It continues to reboot until you stop the traceroute, and then takes several seconds to unscramble its eggs before you get connectivity back.

I called up XSense and asked them what was going on, and if they had a firmware flash for me to fix it. Surprise, he reminds me that they did indeed ship their own traceroute program with the router, and I should use that. I run it, and surely enough, no crash. Tried every other traceroute app I could find, and every single one crashed the router except theirs.

The words known issue float through my head. I bickered a bit with the rep about how NO app I (or any of my users!!!) runs should be able to crash my NAT. End result, they don't care. Got off the phone with them and called up the vendor, they're like "here, let me get you the manufacturer's support number". "Nope, they told me tough luck they know about it and they don't care." "Oh... let me get you an RMA."

I actually ended up exchanging it for an Asante FR4003, which has worked flawlessly ever since. It gets a bit warm, so I keep it elevated so the metal bottom plate gets some convection. (it really should have some ventillation slots) And they've updated their firmware twice now, once both times including suggestions for improvements that I sent them. Very solid product. Interesting people answering their tech support though, I got a bit agitated one time when I was doing something stupid and got a big argumentative with them... that's the only time I've ever had a customer support rep tell me to "shut the hell up and listen for a minute!" but maybe that's what I needed to hear at the time... ;-)

Re:Upgrade Firmware

[tchapin]

If you run windows, (I don't know who'd do THAT, but....), Linksys now packages their firmware updates in an easy-to-use auto-flashing package. It's so easy, a monkey could probably do it.

Todd