06-02-2004, 10:10 PM
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Linksys Routers Open To Vulnerability
http://theinquirer.net/?article=16298
Many of us in here have a Linksys router providing NAT, wireless access, a firewall, DHCP and other things for our personal LANs and WLANs connected to cable or DSL providers. It seems there is an exploit that can erase your router configurations and monitor information in packets you transmit back and forth.
Unfortunately, Linksys, now a part of Cisco, doesn't have a fix or even an acknowledgment of the two week old exploit. :evil: I am totally stumped. What do I do? Unplug it from the internet and dig out my modem?
|
|
|
|
|
06-02-2004, 10:19 PM
|
Oracle
Join Date: Dec 2003
Posts: 830
|
|
good thing mine's a dlink
|
|
|
|
|
06-02-2004, 10:21 PM
|
Mystic
Join Date: Aug 2006
Posts: 1,725
|
|
Any more details on this exploit? (not asking to post it, but how about a more in-depth explaination of how it works) Do you have to have anything special enabled to be at risk?
edit: nevermind...guess I should click the link before I comment ops:
|
|
|
|
|
06-02-2004, 11:09 PM
|
Pupil
Join Date: Jun 2002
Posts: 14
|
|
I thought linksys frequently put out firmware updates to counter this type and other types of bugs and problem.
|
|
|
|
|
06-02-2004, 11:10 PM
|
Pupil
Join Date: Jun 2002
Posts: 14
|
|
My linksys router became very high maintenance after 1 year of use, requiring constant resets. But my linksys experience doesn't stop there. Of all the boxing day deals I bought, every single rebate (more than a dozen of them in tall) has come back except one linksys rebate.
Now this?
Now that Microsoft has exited the market, where should I turn to when I need more broadband networking gears? Anyone care to make a suggestion?
|
|
|
|
|
06-02-2004, 11:22 PM
|
Swami
Join Date: Feb 2004
Posts: 4,303
|
|
Blast. I have a BEFSR-41 and have been very happy with it up to now. I had wondered why there were so few updates for it, and now the Inq says this:
Quote:
At the time of writing this, the last firmware on the Linksys web page for the very popular BEFSR41 routers is 1.45.7, dated June 2003. I remember that Linksys used to update its firmware on a monthly basis, sometimes faster, back in the days it was a small company trying to beat the big guys.
Sadly, after being engulfed by Cisco, the corporate bureaucracy seems to have slowed down its firmware fixing and killed its reaction time. Time for me to look at router alternatives, it seems. Personally, I think a company that doesn't even issue a comment or post a notice on its firmware web page confirming or denying such vulnerability, two weeks after a supposed exploit is in the wild, is a company too busy with itself to care about its customers. �
|
Hmmmm my last Linksys perhaps. :?
|
|
|
|
|
06-02-2004, 11:32 PM
|
Ponderer
Join Date: Dec 2003
Posts: 95
|
|
I contacted Linksys support, they didnt know what I was talking about... exploits etc. I gave them the links... SIGH.
|
|
|
|
|
06-02-2004, 11:44 PM
|
Philosopher
Join Date: Jul 2003
Posts: 541
|
|
Glad I've got a WRT54g, with custom firmware, and don't use BOOTP to boot (no pun intended)
|
|
|
|
|
06-02-2004, 11:53 PM
|
Intellectual
Join Date: Apr 2004
Posts: 134
|
|
Quote:
Originally Posted by ARNAGE2
good thing mine's a dlink
|
I just ordered a new router friday, glad I went with the dlink instead of linksys...
|
|
|
|
|
06-02-2004, 11:54 PM
|
Philosopher
Join Date: Apr 2004
Posts: 545
|
|
Um Upgrade?
I would use this as a good opportunity to upgrade to a WRT54G. I also have noticed that Linksys has not touched the code for this router in a long time. That was also a reason (besides having faster local connections) that I decided now was the time. The WRT54G is a very good router (and also doesn't run the same code that this exploit uses according to this article.). In any case, you should always be encrypting thr traffic that needs encrypted like credit card transactions(likely alreayd done for you thanks to SSL) and remote admin sessions thru ssh(your needs may vary). Thats the beauty of Linux on the WRT54G...Linksys may not bring out a patch for a vulnerability, but someone will!
|
|
|
|
|
|
|
|