Router's feature using a PIN instead a long pass-phrase can be cracked 2 Hours. All routers build in last 5-10 years has the feature and most are On by Default.
Disable the PIN feature ASAP. In Future, check after doing a Factory Reset and Disable it...
Using the PIN feature? Sorry... Get a long and strong pass-phrase.
The fix, if/when there is a fix, need a firmware update for the router and getting a new firmware could take weeks, months, or never. Some Third Party firmware may need to be updated too.
------------------ Dr. Ian Malcolm: Yeah, but your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should. (Jurassic Park)
WiFi off. Hardlined. Biatch azzed neighbor cannot hack. Me safe.
Tony
I don't know about that... Well, okay you won't be hacked like that but... LOL, my freinds Mom kept having problems with her DSL. For some reason her modem would disconnect and when she'd try to reconnect it she'd have to call the phone company to get it to work again. Ends up when she was away during the day, her neighbor would hop the fence. He'd go to her phone box on the side of the house and connect a phone line to it, link his modem up and use the internet. Then he'd go out and unhook it before she got home. They only figured out what was happening because my freind was home one day when he hopped the fence to do it.
IP: Logged
12:29 AM
Shill Member
Posts: 2166 From: Spokane, WA Registered: Apr 2009
I don't know about that... Well, okay you won't be hacked like that but... LOL, my freinds Mom kept having problems with her DSL. For some reason her modem would disconnect and when she'd try to reconnect it she'd have to call the phone company to get it to work again. Ends up when she was away during the day, her neighbor would hop the fence. He'd go to her phone box on the side of the house and connect a phone line to it, link his modem up and use the internet. Then he'd go out and unhook it before she got home. They only figured out what was happening because my freind was home one day when he hopped the fence to do it.
I remember when I was young back in the 56k days, instead of being grounded, my father had a quick disconnect in the line leading to the phone jack in my room. Little did he know, I went out to the store and bought 100ft of phone line and had it sneakily hidden under the trim pieces along the walls. He would disconnect me, I would raise hell and complain, then just plug in the 100ft cable I had hidden. I'm surprised he never caught on. and luckily he knew nothing about internet, occasionally he would pick up the phone and hear the modem buzzing, I told him it must not have disconnected on their end, just like how you could pick stay on the line for a long time and sometimes catch the other person picking the phone back up and dialing a different number. I taught him to cycle the phone on and off once or twice to get it to disconnect, which gave me time to run back into my room and disconnect the modem.
I must have four routers sitting around, and not a one of them is supported. I guess I'm eventually going to have to go out and actually get one that's specifically on their list of supported devices.
[This message has been edited by Taijiguy (edited 12-29-2011).]
IP: Logged
05:57 AM
phonedawgz Member
Posts: 17106 From: Green Bay, WI USA Registered: Dec 2009
Pen Test? IE the Crack. DD-WRT and other Third Party firmware? Maybe not. For both... Read article and link in it. The crack will likely be a script kiddy tool soon.
The WPS feature problem is on by default in many models. Even you don't use WPS, default=on means problems and Every time you do a Factory Reset you need to turn off that feature.
DD-WRT etc likely has same problem w/ WPS if it can use the feature. DD-WRT has somethings on and off by default. I'm not using any Third Party Firmware w/ my current router and WPS was turn off because Any feature I don't use is turn off...
Although the following will not mitigate this specific vulnerability, best practices also recommend only using WPA2 encryption with a strong password, disabling UPnP, and enabling MAC address filtering so only trusted computers and devices can connect to the wireless network.
Some say Access list is worthless because list only stops basic Script Kiddies and War Driving quick scan. I think stopping anyone is one less to worry about.
Disable UPnP should not be a issue... (UPnP has it own history of problems.) Windows, all versions, UPnP is on but not a problem to Disable at router or Computer and most Firewall software blocks connecting to anything w/ UPnP anyway. Free tool at www.grc.com/unpnp/unpnp.htm
[This message has been edited by theogre (edited 12-29-2011).]
IP: Logged
10:56 AM
Shill Member
Posts: 2166 From: Spokane, WA Registered: Apr 2009
I think i have gone a bit overkill with my security.
Ssid broadcast - off Wpa 2 personal Mac filter, allow only listed devices to connect. Dhcp is in a very odd range and only enough slots for the amount of devices i own. And all ports are blocked to other ranges. Router access is blocked to all wireless clients.
Its a PITA do get a new device connected, as no PCs are wired, only have 1 wire and it goes to the xbox.
[This message has been edited by Shill (edited 12-29-2011).]
Ssid broadcast - off Mac filter, allow only listed devices to connect. Dhcp is in a very odd range...
WPA2 w/ strong pass-phrase is good. Weak password then well...
Disable SSID and using MAC/access list will only stopping basic Script Kiddies and War Driving w/ quick scan. Someone w/ time to kill will know both, like a neighbor, to monitor your network. It's easy to find networks w/o broadcast SSID, To start see this at TechRepublic. Kismet is just a download and is on NST
DCHP means if anything does connect they just get addy in range.... So why bother? Plus if they got that far... DCHP doesn't matter because hacker see the range that other units uses then just uses a static IP. Router will see any data from any device w/ valid IP and Mask, assign by DCHP or not.
[This message has been edited by theogre (edited 12-29-2011).]
IP: Logged
11:46 PM
Dec 30th, 2011
Shill Member
Posts: 2166 From: Spokane, WA Registered: Apr 2009
WPA2 w/ strong pass-phrase is good. Weak password then well...
Disable SSID and using MAC/access list will only stopping basic Script Kiddies and War Driving w/ quick scan. Someone w/ time to kill will know both, like a neighbor, to monitor your network. It's easy to find networks w/o broadcast SSID, To start see this at TechRepublic. Kismet is just a download and is on NST
DCHP means if anything does connect they just get addy in range.... So why bother? Plus if they got that far... DCHP doesn't matter because hacker see the range that other units uses then just uses a static IP. Router will see any data from any device w/ valid IP and Mask, assign by DCHP or not.
I don't claim to know everything, but i have a general understanding of how it works. And i set it up based on that small knowledge. So if i have 5 devices and my dhcp range is from xxx.xxx.xxx.183-188 and lease time is set to an obsurd amount of time such as 3 years, no other devices can use those ip's correct? And all other ips are blocked, if a hacker were to set a static ip of say xxx.xxx.xxx.50 it would disallow it, and he would not be able to connect via xxx.xxx.xxx.185 because it is already in use. And this is after he got past the hidden ssid and wpa2 and assigned a mac that was already connected. I personally wouldnt be able to do it, doesnt mean it cant be done.
Stefan Viehbock discovered the vulnerability and reported it to the DHS. He claims that none of the major manufacturers stepped up to the plate with a patch. He is going to release a C-coded exploitation tool shortly -- perhaps that will help prompt the business into action.
Originally posted by Shill: no other devices can use those ip's correct?
Sadly no... DCHP is not design for security. if he wait for a device to shut off or in sleep mode then a spoof MAC can uses that units IP. All your router see is X MAC on list needs IP assigns to it. Router Doesn't know if MAC is real or spoof. Spoofing is easy... All NIC driver have Network Address setting.
Leases just mean router will try to assign same IP to a MAC.
IP: Logged
09:33 PM
Dec 31st, 2011
Shill Member
Posts: 2166 From: Spokane, WA Registered: Apr 2009
Sadly no... DCHP is not design for security. if he wait for a device to shut off or in sleep mode then a spoof MAC can uses that units IP. All your router see is X MAC on list needs IP assigns to it. Router Doesn't know if MAC is real or spoof. Spoofing is easy... All NIC driver have Network Address setting.
Leases just mean router will try to assign same IP to a MAC.
Still a lot of work to try and get in. what would he find? a few dirty pictures and some music?
Still a lot of work to try and get in. what would he find? a few dirty pictures and some music?
Your PC might not matter to a hacker but... The above anything help him w/ ID thief general grieffer a neighbor w/ axe to grind
he might be after your Internet connection to spam, illegal prn, hack another system.... so Cops come to you....
If you have WPA2 and strong and long pass-phrase then Experts says you be fine. Turning off unused services will help too. I never use WPS and many others so I shut them off when I setup the router.
Use strong password for Router Admin too... Even more important because some Routers can't block WiFi from router's Admin Tools. Example Some models of Netgear is all or nothing blocking. Block Admin Tool then can't use local printers, NAS, windows shares, etc...
In the year since Viehböck published his paper, white-hat security hackers (especially the folks at Tactical Network Solutions; site: http://www.tacnetsol.com/ ) have adapted and expanded his proof-of-concept program, creating the free, open-source Reaver WPS hacking application (site: http://code.google.com/p/reaver-wps/ ). Reaver is a completely legitimate security-testing tool anyone can use to see whether a router is vulnerable to WPS cracking. (It can, of course, also be used for malicious system cracking.) And that's where the trouble lies; Reaver requires almost no networking knowledge, special skills, or unusual tools. Any digital delinquent with a Wi-Fi–enabled laptop, a copy of Reaver, and a couple of idle hours, can successfully crack your WPS-enabled network.
Means You should disable WPS and use strong pass-phrases for admin and WiFi ASAP.
Remember Many G, all N and up, WPS is on by default even if you have strong pass-phrases. If you ever use factory reset then need to check the feature is turn off.
IP: Logged
12:45 PM
Raydar Member
Posts: 41432 From: Carrollton GA. Out in the... country. Registered: Oct 1999
Originally posted by Raydar: Didn't realize that WPS and WPA/WPA2 could both be active at the same time.
Yes, WPS is default active even when WPA2 etc is used.
Worse, By default WPS can/will reset WPA pass-phrase and SSID.
quote
Keep Existing Wireless Settings This shows whether the router is in the WPS configured state. If this option is not selected, {default setting in many units} adding a new wireless client will change the router's wireless settings to an automatically generated random SSID and security key.
Soucre: Netgear WNR3500L help on advance wireless settings
[This message has been edited by theogre (edited 12-27-2012).]
Funny this got updated today. I just setup a new Belkin wireless router today. When I started the setup I saw that the WPA default setting was enabled. Made sure to disable it first thing.
[This message has been edited by Dodgerunner (edited 12-27-2012).]
IP: Logged
10:49 PM
Dec 28th, 2012
spark1 Member
Posts: 11159 From: Benton County, OR Registered: Dec 2002
The DSL modem/router that I started using recently had WPS enabled also. No mention of the feature in the quick start guide and it was a couple of menus deep in the wireless security settings. The modem is an Actiontec GT784WN.
Here's what Actiontec mentions in their FAQ's:
quote
What is Actiontec doing about the industry wide issue of the (WPS) Wi-Fi Protected Setup PIN brute force vulnerability?
As of 1/31/2012 all future Actiontec products that have the (WPS) Wi-Fi Protected Setup feature in the firmware will also contain a WPS "lock-out" feature and/or any other Wi-Fi Alliance recommended improvements to the (WPS) Wi-Fi Protected Setup.
It was just a enable/disable selection on my modem, not sure of actual manufacture date, purchased in May, 2012.
[This message has been edited by spark1 (edited 12-28-2012).]
Originally posted by spark1: The DSL modem/router that I started using recently had WPS enabled also. No mention of the feature in the quick start guide and it was a couple of menus deep in the wireless security settings. The modem is an Actiontec GT784WN.
Buried this feature is a surprise... Is one that most makers will highlight for easy setup.
Yes, "purchased in May, 2012" but made when? You can try checking/updating firmware... if site or zip file doesn't list the fixes, Ask support to see what new firmware fixes. My guess is no help there... current is GT784WN NCS01-1.0.8 dated 2011-09-30
Example I have 2 Belkin N models... 1 update is too old, 3/2011, and no notes other is 11/2012 but only note is "Fixed issue where client MAC addresses could be visible over ICMP through the WAN connection." If I use either... I would turn off WPS
My "current" Netgear WNR3500L firmware is too old to for fixing WPS problem. dated 12/11
Many makers just don't care on "old" products. Getting a firmware fix on many units won't happen.
Most consumer and SOHO WiFi build in last 8-10 years runs the feature. Even old units w/ update firmware often uses it. Example my old Linksys WRT54GS V1 got the feature when I update firmware.
New firmware may help stopping the hack (read article link above) but turning off is better. Turning off may not work either because bug(s) in some firmware. (also in article) Turning off SSID broadcast to be sure but killing SSID stops some devices getting a connection... like Wii and "smart" phones that won't connect w/o SSID enable on router.
Sadly the Reaver tool only is linux based and like many I have little Linux skills so hacking my own unit to test like not going to happen. (Reaver? I guess fans of Firefly...)
IP: Logged
04:26 AM
James Bond 007 Member
Posts: 8872 From: California.U.S.A. Registered: Dec 2002
Originally posted by James Bond 007: Crack this password. 汉语/漢語 华语/華語
Funny? not really. 1. Most routers and network devices won't accept Unicode fonts. Many Chinese etc fonts are UTF-16. Only basic ASCII... UC LC letters, numbers, and some symbols. 2. Admin or WiFi Password/pass-phrase is not an issue here. WPS uses 8 number pin to use the feature and often set at factory.
If/when WPS hack is run on you router... when hack is successful, it will return your WiFi password in plain text w/o need to crack. Worse, many use Admin PW = WiFi PW.
Does WiFi access list matters? maybe. If router runs list before WPS service respond maybe can stop Reaver tool. If someone has time to kill... spoofing mac is easy. Just wait for devices WiFi scanning to find the router. Scanning can happen every time device goes to sleep then wake up, etc. After that just wait for device goes to sleep again.
Remember... target likely not your network. Target is using you network to do most things illegal, Break/hack a business/bank, illegal images, etc. Always think low hanging fruit principle... You want to make other people to be lower than you.
