Page 2 of 2

PostPosted: Mon Feb 03, 2003 9:49 am
by Thorn
Originally posted by MRK
...
1) I downloaded this program and ran it from my laptop (connected to my wap11). I just went to the command line and typed pong.exe and it displayed several fields, but no info. Does this mean i'm ok? Or that my firmware isnt affected?
...


Mr. K,
Based on my testing, it would appear that if you get a response other than "no answer" then you are vunerable. See my prior post. Try running pong v1.1 in the raw mode (pong -r) to see the full output.

PostPosted: Sun Feb 09, 2003 8:33 pm
by CatSailor
This was a problem with The linksys WAP11 v2.2 in all the 1.01 firmwares but has been fixed with the 1.1 firmware. Same with the Dlink DWL-900AP+. They had the same problem as the linksys until it was fixed the the v 2.3 firmware.

PostPosted: Sun Feb 16, 2003 5:21 pm
by renderman
WAP11-CA (Canadian model) ver 2.2 w/ firmware 1.01f

Vulnerable, but only if using the -r raw output mode. WEP keys, admin pass's all viewable.

This is gonna knock some socks off at my upcoming talks

PostPosted: Sun Feb 16, 2003 8:57 pm
by TheSovereign
do u have to be assocsiated to use it?

PostPosted: Mon Feb 17, 2003 6:22 am
by Thorn
Yes. Look at what the conditions I tested. (Posted toward the bottom of the first page.)

PostPosted: Mon Feb 17, 2003 8:00 am
by TheSovereign
so what good is it as a back door if they have wep you wouldnt be able to associate

PostPosted: Mon Feb 17, 2003 8:32 am
by Thorn
As I said "Those persons running a WAP11 v2.2 without implementing WEP are the most vunerable to this exploit."

If someone is running a WAP11 as a "public" AP, and has secured the admin functions via the password, then an attacker could use this method. A hard reset back to factory specs using the power/reset button means that the owner could regain control easily, but it would still be an annoyance.

It is one more reason to run WEP if you want to make it private. If you're leaving it open to the public, then you ought to be aware of the problem.

PostPosted: Wed Feb 19, 2003 11:04 pm
by agentgrn
Looks like firmware revision 1.1 has been out since the end of December. Has anyone tried the exploit on this?

I'm considering opening up my AP as a public access point once I reconfigure my network in the coming month and would rather not drag my old WAP11 v1.x out from my parents' garage. (Yes, it's in use)