|
There is no news...
Okay I'm really not impressed. After looking into this I do not see a point to their advisory.
First off their probe packet has an extra byte. That is why it didn't work for me. The only difference between their packet with the correct length and the standard packet sent out by the AP manager is the "07" byte which is "00" from the AP manager.
What they are "revealing" is the system name. Unfortunately for the RG the system name contains the "magic" string that was also used for the community name.
This flaw can eaisly be corrected by editing the system name with the AP manager to remove the info.
The funny thing is that you can get this same information from passive means and there is no need to query the AP. This community name is also the ssid and the last 6 digits of the MAC of the wireless interface on the AP.
Netstumbler grabs this same information from 3 places. First in the MAC, then in the SSID, and lastly in the name of the AP.
The trick here is not to take the stock configuration period. In the early days you had to could only use the RG config util and you were severly limited in what you could do. It wouldn't let you change the ssid or wep settings.
Some time ago they modified the AP manager to allow it to make changes to the RG series and now all this can be changed. Although the recent version of the RG config utility is much better I wouldn't use it and would stick to the AP Manager or Freebase.
If you have a RG and want to secure it do the following:
Change the ssid,
Change the read password,
Change the write password,
Change the System/AP Name,
Turn off beaconing
To sum it all up it doesn't expose the community string just the ap name. With the default config these are the same but they can be changed.
HcRUL
|