New linksys router/gateway exploit
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: New linksys router/gateway exploit

  1. #1
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628

    New linksys router/gateway exploit

    Can anyone verify that the Linksys befvp41 and wrt54g have a new issue with their firmware, I can't seem to find any info on them.

    It creates a DoS, the router starts sending out buttloads of packets.

    Upgrading to the most recent firmware is advised.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Which firmware issue? I know that my Linksys WRT54G Ver 1.1, which has the 3.01.3, doesn't have too many issues (occassional IGMP request). Looking at the version info for firmware I don't see anything that might cause this.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Anyone running 2.7 or below. 3.01.3 is the most current, so obviously you are okay. Sorry I should have stipulated the older version number.

    The reason I'm bringing this up is an ISP out here has quite a few users running the older firmware and they are pounding their network.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Banned
    Join Date
    Sep 2004
    Posts
    305
    Firmware Version: v1.42.2
    Linksys WRT54G

    Sitting right next to me... hmm, wonder if there's something I should do?

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    It's also affecting the WRK54G. Just found one spitting a bunch of garbage. And there is no firmware update for it, march of last year is the most current. I've notified Linksys but I'm not holding my breath since they are owned by Cisco.

    And ;TT I'd definitely do something. Upgrade the firmware to the most current or use a cutsom built firmware by sveasoft www.sveasoft.com or wifi-box.net. And I'd advise against using the web update function, it can be flaky.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    Banned
    Join Date
    Sep 2004
    Posts
    305
    Hmmm, can you post a PoC of your theory? None of the usual exploit sites have anything regarding these Linksys routers.. and you explain more clearly what it's spewing out and what ports and what exactly is happening?

  7. #7
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    I'm not personally experiencing it, so, no, I can't. I'm just relaying what another ISP is stating and I'm not going to ask him to stop going from customer to customer and do a sniff to see exactly what is going on because someone on a BB asked to see proof. I also trust the fact that he isn't making it up. And if you took the time to read my posts I'm also asking for some corroboration about this because I haven't seen any posts on any of the "usual exploit sites" either. Has anyone else seen it???????

    Besides that you should always have the latest stable rev of firmware running on any of your devices for obvious reasons. But I guess that's just my opinion.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  8. #8
    Banned
    Join Date
    Sep 2004
    Posts
    305
    Hmm, seems you've taken this the wrong way. I was interested in knowing exactly what was happening, not doubting you.. I'll upgrade the router tonight or tomorrow but I'm pretty interested in what kind of packets are being sent and what causes it so once you make something up, err, I mean find something, please do post. ;-)

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Kind of off-topic but relevant...

    Has anyone tried the sveasoft firmware. My impression is that it's a lot like the hacks on the other linksys boxes that allow you to put a linux/snort install directly on the router. This thing had a big fat warning on it though that basically stated that the "upgrade" could be unstable at install and may leave the router irretrievable.... IOW, a very expensive door stop...

    I have a WRT54G which it claims to enhance at work and the thought of some of the enhancements is tempting... I'm just wondering if anyone can justify the $20 for me....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    I haven't tried it yet but I'm going to. I also heard that just the performance increase is worth the money.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •