Page 1 of 1

Disable WPS setup if you got it enabled.

PostPosted: Mon Jan 02, 2012 1:07 pm
by Dutch

Re: Disable WPS setup if you got it enabled.

PostPosted: Mon Jan 02, 2012 4:57 pm
by Barry
It's better to flash dd-wrt or open-wrt, because just disabling it, might not actually disable it.

Image

Re: Disable WPS setup if you got it enabled.

PostPosted: Mon Jan 02, 2012 7:42 pm
by streaker69
I guess it's a good thing I'm still using older AP's that don't have those new fangled vuln's.

Re: Disable WPS setup if you got it enabled.

PostPosted: Tue Jan 03, 2012 4:36 pm
by Barry
streaker69 wrote:I guess it's a good thing I'm still using older AP's that don't have those new fangled vuln's.

You still rocking 802.11b?? :p

Re: Disable WPS setup if you got it enabled.

PostPosted: Tue Jan 03, 2012 6:52 pm
by streaker69
Nope, just don't have anything with WPS on it. A couple of WAP54G's and a couple of WRT54G's because I needed extra ethernet ports in a room to handle my WDTVLive boxen.

Re: Disable WPS setup if you got it enabled.

PostPosted: Thu Jan 05, 2012 11:14 am
by Guest
Barry wrote:It's better to flash dd-wrt or open-wrt, because just disabling it, might not actually disable it.

Actually, so far it seems that its mainly Linksys/Cisco gear that doesn't disable WPS even if you select to disable it in the router's GUI.

I've tested so far on a Trendnet TEW-673-GRU (equal to a D-link DIR 825, with an added LCD display and 2 USB ports), a TP-Link TL-WR1043ND, a Netgear and a couple of Linksys/Cisco routers.

The Trendnet and TP-Link models were cracked within 3-5 hours with the Reaver tool. The Netgear employed security delay measures, upon multiple attempts for PIN registration, but still was cracked after 11 hours, with appropriate timeout settings tweaking in the Reaver commandline (Reaver 1.3 from their SVN employs an algorithm to finetune the delays automatically, either from a community updated DB, or via heuristics during its run).

The Linksys E-series routers I tested against were cracked after 4 and 6 hours. They were then reconfigured with WPS off in their settings, and coldbooted, yet were again cracked. This wasn't possible with the Trendnet, TP-link or Netgear models. On these, the WPS capability was not available when disabled in their GUI, and Reaver just sits waiting, untill its ctrl-C'ed.

Image

Dragorn has implemented detection of WPS capability for detected AP''s in Kismet, which will show in the server console log. If the encryption capabilities listed show WPS, it is vulnerable. Its not visible in the Kismet GUI listing of networkdetails yet. I've asked him if he can include an alert for reaver type attacks in kismet for those who use it as a WIDS.

So yes, if you have a Linksys/Cisco device, with WPS functionality, reflashing to DD-WRT or Open-WRT is a good idea, if they support your device. Not really needed on the other 3 manufacturers devices I've tested (Trendnet + Dlink, TP-Link, Netgear).

Dutch

Re: Disable WPS setup if you got it enabled.

PostPosted: Fri Jan 06, 2012 6:39 pm
by little dave
Guest wrote:
Barry wrote:It's better to flash dd-wrt or open-wrt, because just disabling it, might not actually disable it.

Actually, so far it seems that its mainly Linksys/Cisco gear that doesn't disable WPS even if you select to disable it in the router's GUI.

I've tested so far on a Trendnet TEW-673-GRU (equal to a D-link DIR 825, with an added LCD display and 2 USB ports), a TP-Link TL-WR1043ND, a Netgear and a couple of Linksys/Cisco routers.

The Trendnet and TP-Link models were cracked within 3-5 hours with the Reaver tool. The Netgear employed security delay measures, upon multiple attempts for PIN registration, but still was cracked after 11 hours, with appropriate timeout settings tweaking in the Reaver commandline (Reaver 1.3 from their SVN employs an algorithm to finetune the delays automatically, either from a community updated DB, or via heuristics during its run).

The Linksys E-series routers I tested against were cracked after 4 and 6 hours. They were then reconfigured with WPS off in their settings, and coldbooted, yet were again cracked. This wasn't possible with the Trendnet, TP-link or Netgear models. On these, the WPS capability was not available when disabled in their GUI, and Reaver just sits waiting, untill its ctrl-C'ed.

Image

Dragorn has implemented detection of WPS capability for detected AP''s in Kismet, which will show in the server console log. If the encryption capabilities listed show WPS, it is vulnerable. Its not visible in the Kismet GUI listing of networkdetails yet. I've asked him if he can include an alert for reaver type attacks in kismet for those who use it as a WIDS.

So yes, if you have a Linksys/Cisco device, with WPS functionality, reflashing to DD-WRT or Open-WRT is a good idea, if they support your device. Not really needed on the other 3 manufacturers devices I've tested (Trendnet + Dlink, TP-Link, Netgear).

Dutch



Ok hang on a minute is Dutch "guest" is "guest" Dutch ?

And I thought he dropped off the face of the earth :confused:

Re: Disable WPS setup if you got it enabled.

PostPosted: Fri Jan 06, 2012 6:49 pm
by little dave
Test

Re: Disable WPS setup if you got it enabled.

PostPosted: Tue Jan 10, 2012 12:54 am
by Dutch
Dragorn has included an alert for reaver type WPS bruteforce attacks, in the latest SVN of kismet.
Announcement here : http://blog.kismetwireless.net/2012/01/ ... e-ids.html

Screendump of alert : http://peecee.dk/uploads/012012/WPSBRUTE.png

@little dave : Just forgot to login, before posting the previous message.

Dutch