Linksys Router Owners - HEADS UP! - Page 2
Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 32

Thread: Linksys Router Owners - HEADS UP!

  1. #11
    yes negative, i did spell defaults incorrectly in my "exploit" (if that's what you want to call it).
    So that might be the problem... but i'm still just a newbie... i need to go download the source code from linksys again.

    one more little thing negative, you might have overlooked this in your link... but there should be a ? between cgi and sysPasswd, like this: cgi?sysPasswd

    and trying it with defaults spelled correctly has the same effect. So it's just some buffer overrun, right?
    You are so bored that you are reading my signature?

  2. #12
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    port forwarding
    *Raises hand* I feel your pain. I have that added on as well and it becomes irritable all around like you said.
    Space For Rent.. =]

  3. #13
    Well, i just got a reply from a support guy at linksys.

    are you certain that you didn't have any web browser
    windows open? If one web browser window was still open (not necessarily
    one that you were using to access the router), the browser session would
    still be authenticated. Can you please confirm this, and possibly
    retry your test?
    What happened is that i had logged in before running the link, and never closed every browser window. Upon reading this, i did close all of my browser windows and was prompted for the password before i could get in.
    You are so bored that you are reading my signature?

  4. #14
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hmmmmmmm,

    I have seen a number of threads on this forum that suggest that a router/firewall is all that you need and that software firewalls are irrelevant crap.

    Has anyone had a slight change of heart?

    Please remember that the ancient members of my family do not even know what that "grey box" does..........although perhaps I should say "should do".............

    Quotation:

    "My name is Ozymandias, King of Kings,
    Look upon my works ye mighty, and despair"

    just a thought?

    Whatever happened to intellectual honesty and ubris?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #15
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    I have seen a number of threads on this forum that suggest that a router/firewall is all that you need and that software firewalls are irrelevant crap.
    Depend's how you look at it, really. It also depend's on the purpose and use of the machine, how much/often it's used, etc etc. That's a two-sided argument that we don't wanna get into right now
    Space For Rent.. =]

  6. #16
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Originally posted here by nihil
    Hmmmmmmm,

    I have seen a number of threads on this forum that suggest that a router/firewall is all that you need and that software firewalls are irrelevant crap.

    Has anyone had a slight change of heart?
    You should never rely on just one layer of security. This is exactly the reason I use multiple layers. Fortunately... I don't use linksys... but I use a Cisco router as my boarder router/firewall. (yes... I realize that cisco now owns linksys) Should anything "slip" past it... I've got more layers.

    Maybe this will just be another "lesson learned"?

    If one wanted... they could easily have two devices at the boarder. The linksys and then an old cheap box (you know you all have them stuffed in your basement/closets) as the second method of protection. IPCop or Smoothwall woud be perfect for a job like this. Easy to configure and a hell of a lot more options than the linksys should anything slip past it.

    In this case... it won't matter too much...because its a DoS and the router will still have to be reset, but it *could* have been much worse?

    Just curious... as I haven't used one of these Linksys routers in a long time.. but the newer firmware does give you an option to backup your configurations... right? Maybe that was D-Link?

    Anyway... what are you doing here? You should be patching your "router"!
    (If your model has a patch...)
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #17
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    I believe the pertinent phrase was if they can get admin access.
    silly me, I thought the pertinent phrase was
    "is the perfect option to connect multiple PCs to a high-speed Broadband Internet connection or to an Ethernet back-bone.
    I thought there were only three perfect things in this world, and two of them are Senior members of AO.

    Thanks for the info thehorse13, I would have missed it. I'm sure I'll be getting alot of questions because of this, like "... my router crapped out, what do you recomend I replace it with?"

    phishphreek80 hit the nail on the head here. Layered security. How many times does this have to be mentioned? Everytime I think the message is moot and EVERYONE has resolved it as second nature, I read another article on how someone has come up with the ultimate security solution which purportedly solves all.

    Security is a team effort: from the chip manufactures to the programs of the bios, OS, drivers, and runtime programs, to the CIOs, network anmins, techs, and finally users. The same is as true for the hardware as software.

    "The chain is only as strong as the weakest link" ( have no idea who said that, but damn if it ain't true!)
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  8. #18
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    Okay I just tested the exploit against the previous BEFSR41 (not the ver 3) and I suffered nothing but a pop up asking for my username and password. Victory tastes so sweet. Anyways, I guess if you change your username and password you are safe. Either that or the old one is just better. Either way I am going to sleep a happy man!
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  9. #19
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883

    Exclamation

    Tested on BEFSR41 v1, Firmware 1.45.7. The exploit works as described.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #20
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Linksys BEFSR41
    Firmware: 1.43, Sep 04 2002

    Clicked the link in annihilator's post: Password required.

    Fixed the link, ("Defaults"): Password required.

    Noticed all the <br> tags.... removed them: Password required.

    I can't seem to make it do anything but bring up the password box..... Maybe I'm dumb or something....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides