WAP Backdoor

Configuration and operational information about stumbled AP's

Postby Thorn » Mon Feb 03, 2003 9:49 am

Originally posted by MRK
...
1) I downloaded this program and ran it from my laptop (connected to my wap11). I just went to the command line and typed pong.exe and it displayed several fields, but no info. Does this mean i'm ok? Or that my firmware isnt affected?
...


Mr. K,
Based on my testing, it would appear that if you get a response other than "no answer" then you are vunerable. See my prior post. Try running pong v1.1 in the raw mode (pong -r) to see the full output.
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby CatSailor » Sun Feb 09, 2003 8:33 pm

This was a problem with The linksys WAP11 v2.2 in all the 1.01 firmwares but has been fixed with the 1.1 firmware. Same with the Dlink DWL-900AP+. They had the same problem as the linksys until it was fixed the the v 2.3 firmware.
CatSailor
Mini Stumbler
 
Posts: 1
Joined: Fri Nov 22, 2002 12:53 pm

Postby renderman » Sun Feb 16, 2003 5:21 pm

WAP11-CA (Canadian model) ver 2.2 w/ firmware 1.01f

Vulnerable, but only if using the -r raw output mode. WEP keys, admin pass's all viewable.

This is gonna knock some socks off at my upcoming talks
User avatar
renderman
 
Posts: 1867
Joined: Thu Jun 06, 2002 5:29 pm
Location: Anywhere but Utah

Postby TheSovereign » Sun Feb 16, 2003 8:57 pm

do u have to be assocsiated to use it?
SO SAYS TheSovereign
User avatar
TheSovereign
 
Posts: 658
Joined: Sun Jun 30, 2002 2:35 am
Location: chicago

Postby Thorn » Mon Feb 17, 2003 6:22 am

Yes. Look at what the conditions I tested. (Posted toward the bottom of the first page.)
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby TheSovereign » Mon Feb 17, 2003 8:00 am

so what good is it as a back door if they have wep you wouldnt be able to associate
SO SAYS TheSovereign
User avatar
TheSovereign
 
Posts: 658
Joined: Sun Jun 30, 2002 2:35 am
Location: chicago

Postby Thorn » Mon Feb 17, 2003 8:32 am

As I said "Those persons running a WAP11 v2.2 without implementing WEP are the most vunerable to this exploit."

If someone is running a WAP11 as a "public" AP, and has secured the admin functions via the password, then an attacker could use this method. A hard reset back to factory specs using the power/reset button means that the owner could regain control easily, but it would still be an annoyance.

It is one more reason to run WEP if you want to make it private. If you're leaving it open to the public, then you ought to be aware of the problem.
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby agentgrn » Wed Feb 19, 2003 11:04 pm

Looks like firmware revision 1.1 has been out since the end of December. Has anyone tried the exploit on this?

I'm considering opening up my AP as a public access point once I reconfigure my network in the coming month and would rather not drag my old WAP11 v1.x out from my parents' garage. (Yes, it's in use)
-A.G.-
agentgrn
 
Posts: 517
Joined: Sun May 26, 2002 6:44 am
Location: Worcester, MA

Previous

Return to AP Information

Who is online

Users browsing this forum: No registered users and 4 guests

cron